LOL wow
I cant believe you just said that....

ladida - I understand your points and as it stands with the NATS issue, my least concern is the emails right now. Don't bash me for it, but I think there's a SHITLOAD more to be worried about right now than emails.

As for the Topbucks issue - I have reasons for wanting him to contact them so they can log it even if we're a few months behind.

I guess we are all working through the holidays :Oh crap

Wasn't bashing you, wasn't my intention, just informing you, and other in the thread that are all so alerted and worried now.

And it gets even funnier with John's suicidal PR heh. :)

OK i forgot one thing. In my last thread on this from a few months ago (http://www.gfy.com/showthread.php?t=779742) I urged OC3 customers to call me directly, but If any of you running NATS are bamboozled on how to fix this please just email our support [email protected] and we'll be happy to help you. I am not here to say anything about the developer, I am just offering to help fix the issue. Same as I was before.

ladida - no I didn't take it as a bash just was saying that since mailing is the last thing that's concerning me right now ;)

:helpme burying their heads in the sand

wow this is one hell of a thread....all I can say is wow....

the whole industry is crooked....i better get a bigger piece of the pie quick before those sharks eat it all.

Just some friendly advice...

You might really think about this twice before you let your ego get into the way :2 cents: - as this REALLY is the LAST thread where this is to be used / needed in.

You do realize how many programs are affected and just about HOW many affiliates sensitive data, not even hinting at all the Members data.

So will you please reconsider and show some support here, oh and also, please FIX THIS MESS.

Considering that I, amongst others will have to deal with my stolen Identity and Data now, and change a lot of info because of it, you might probably imagine, that I will NOT enter any new data into ANY NATS install anymore before this is not 110% fixed and secured.

Maybe you can get a little sense of actually how "happy" I am about all this.
And I'm just an affiliate (of many).

I'm sure you'll do the right thing, John - this time.

Thanx,
Steve

OC3 goes above and beyond for their clients

:thumbsup

Two questions....

1. Was the same admin account metinioned in this thread valid for all/most NATS installs?

2. Was there a way for a NATS program owner (or employee) to get the password of this admin account?

If the answer to both questions is yes, there was no need for any exploit or hacking.

---

BTW you probably wouldn't believe how many affiliate programs have serious security holes. It has happened so many times in the last years that we got access to admin data while analyzing the affiliate stats of an affiliate program in order to add it to StatsRemote.

Just a few weeks ago we had a case with a big program (non adult). While querying the referral stats we made a mistake and sent the wrong parameters. The result was a page with a list of more than 1000 affiliates including all their info and total earnings of the last years.

Most of the times companies fix it right away after we let them know but we also had cases when they just didn't seem to care :error

I don't really know what to believe here...

http://www.gfy.com/showthread.php?t=671565 looks very much like a hack to me, which is especially targeting NATS installs / DB's

And from the feedback that RazorSharpe wrote, that banning the account in question did not help also suggests a backdoor, or some kind of undetermined access to add / restore logins.

The worst that can be done here is to cover this up, or try to shut helpful people up with threatening with lawyers etc.

Yes, it doesn't look good on NATS, but I'd rather see this fixed with support of ALL sides, as GFY does have some pretty bright / talented people on board and in the End to have the TRUST in NATS be restored / re-established than all of this being covered up / taken lightly.

Been reading this on and off during the day and what comes through is the fact that NATS were alerted by threads on the boards. They did not take the necessary action then and it seems a drama thread got the right response. So John consider that before you flame people.

Also GFY is not the centre of the Adult Internet, there are many big programs and sites with NATS who do not post or follow the boards, especially GFY.

So has this been spread around other boards? You ask why, well the answer is simple. Has anyone told NATS about the problem earlier by submitting a ticket to them and what was the response?

If the answer is YES, then NATS should consider getting their lawyers working on this.

These ips keep getting posted that are from The Planet, so does this mean the person doing it is using a proxy that's hosted @ The Planet, or has their program on a server there?

Probably already being done, but perhaps The Planet would assist in tracking down whoever/whatever is doing it. Seeing the amount of logins, etc, then makes sense that a bot/program of some sort is doing it, so that program/bot needs to be found.

probably just one comprimised server of many, if the guy is any smart the trail won't end just there...

But yeah, it would be a step into the right direction to actually find the guy.

I think the issue is that this was brought up many months ago on different boards, and not actually dealt with, nor were customers told to check as a precaution. That's bad.

wow this is still going. hope some issues got resolved for those affected.

You people are blaming the wrong Company... NATS has a protection system built in, straight in the admin - config section.

This isn't a NATS exploit - it's an exploit on programs that didn't use the NATS features to protect itself properly.

Every program, db, software, script.. all of it is hackable and with 100's of people using NATS it's going to be VERY targeted. Don't blame NATS, blame the damn programs - it's their fault for not using the protection and got exploited.

I banned the user yesterday
still logging in today


67.19.188.250 - 2007-12-22 10:26:30
67.19.188.250 - 2007-12-22 04:26:27
67.19.188.250 - 2007-12-21 22:26:38
67.19.188.250 - 2007-12-21 18:56:46
67.84.12.95 - 2007-12-21 18:32:27
67.84.12.95 - 2007-12-21 18:32:06
67.19.188.250 - 2007-12-21 16:26:34
67.19.188.250 - 2007-12-21 10:26:44
67.19.188.250 - 2007-12-21 04:26:28
67.19.188.250 - 2007-12-20 22:26:39
67.19.188.250 - 2007-12-20 19:01:25
67.19.188.250 - 2007-12-20 16:26:36
67.84.12.95 - 2007-12-20 12:49:39
67.84.12.95 - 2007-12-20 11:45:32
67.19.188.250 - 2007-12-20 10:26:32
67.19.188.250 - 2007-12-20 04:26:29
67.19.188.250 - 2007-12-19 22:26:39
67.19.188.250 - 2007-12-19 19:02:09
67.19.188.250 - 2007-12-19 16:27:00
67.19.188.250 - 2007-12-19 10:26:57
67.19.188.250 - 2007-12-19 04:26:53
67.19.188.250 - 2007-12-18 22:27:03
67.19.188.250 - 2007-12-18 18:27:13
67.19.188.250 - 2007-12-18 16:27:05
67.19.188.250 - 2007-12-18 10:27:02
69.94.70.187 - 2007-12-18 04:26:58
65.110.53.100 - 2007-12-17 18:25:48
65.110.53.100 - 2007-12-17 16:27:06
65.110.53.100 - 2007-12-17 10:27:02
65.110.53.100 - 2007-12-17 04:26:59
65.110.53.100 - 2007-12-16 18:25:57
65.110.53.100 - 2007-12-16 16:27:04
65.110.53.100 - 2007-12-16 10:27:00
65.110.53.100 - 2007-12-16 04:27:13
65.110.53.100 - 2007-12-15 22:27:09
65.110.53.100 - 2007-12-15 18:26:00
65.110.53.100 - 2007-12-15 16:22:25
65.110.53.100 - 2007-12-15 10:22:21
65.110.53.100 - 2007-12-15 04:22:17
65.110.53.100 - 2007-12-15 02:19:28
67.84.12.95 - 2007-12-14 17:51:59
67.84.12.95 - 2007-12-14 17:47:03
0.0.0.0 - 2007-12-14 04:26:58
0.0.0.0 - 2007-12-13 22:27:09
0.0.0.0 - 2007-12-13 18:26:36
0.0.0.0 - 2007-12-13 16:27:05
0.0.0.0 - 2007-12-13 10:27:02
0.0.0.0 - 2007-12-13 04:26:58
0.0.0.0 - 2007-12-12 22:27:08
0.0.0.0 - 2007-12-12 18:27:06
0.0.0.0 - 2007-12-12 16:27:05
0.0.0.0 - 2007-12-12 10:27:02
0.0.0.0 - 2007-12-12 04:26:58
0.0.0.0 - 2007-12-11 22:27:08
0.0.0.0 - 2007-12-11 18:24:03
0.0.0.0 - 2007-12-11 16:27:05
0.0.0.0 - 2007-12-11 10:27:01
0.0.0.0 - 2007-12-11 04:27:01
0.0.0.0 - 2007-12-10 22:27:20
67.84.12.95 - 2007-12-10 18:33:54
0.0.0.0 - 2007-12-10 18:25:04
0.0.0.0 - 2007-12-10 16:27:01
67.84.12.95 - 2007-12-10 14:51:06
67.84.12.95 - 2007-12-10 14:45:45
67.84.12.95 - 2007-12-10 14:38:23
0.0.0.0 - 2007-12-10 10:27:00
0.0.0.0 - 2007-12-10 04:26:53
0.0.0.0 - 2007-12-09 22:27:01
0.0.0.0 - 2007-12-09 18:25:20
0.0.0.0 - 2007-12-09 16:27:12
67.84.12.95 - 2007-12-09 16:12:43
0.0.0.0 - 2007-12-09 10:26:58
0.0.0.0 - 2007-12-09 04:27:19
0.0.0.0 - 2007-12-08 22:27:27
0.0.0.0 - 2007-12-08 18:24:37
0.0.0.0 - 2007-12-08 16:27:37
0.0.0.0 - 2007-12-08 10:27:30
0.0.0.0 - 2007-12-08 04:27:32
0.0.0.0 - 2007-12-07 22:27:27
0.0.0.0 - 2007-12-07 18:23:38
0.0.0.0 - 2007-12-07 16:27:41
67.84.12.95 - 2007-12-07 14:07:32
67.84.12.95 - 2007-12-07 13:28:26
0.0.0.0 - 2007-12-07 10:27:28
67.84.12.95 - 2007-12-07 09:26:17
0.0.0.0 - 2007-12-07 04:27:27
0.0.0.0 - 2007-12-06 22:27:44
0.0.0.0 - 2007-12-06 18:21:23
0.0.0.0 - 2007-12-06 16:27:30
0.0.0.0 - 2007-12-06 10:27:34
0.0.0.0 - 2007-12-06 04:27:25
0.0.0.0 - 2007-12-05 22:27:45
0.0.0.0 - 2007-12-05 18:24:34
0.0.0.0 - 2007-12-05 16:27:46
0.0.0.0 - 2007-12-05 10:27:52
0.0.0.0 - 2007-12-05 04:27:36
0.0.0.0 - 2007-12-04 22:27:40
0.0.0.0 - 2007-12-04 18:26:32
0.0.0.0 - 2007-12-04 16:27:28
0.0.0.0 - 2007-12-04 10:27:25
0.0.0.0 - 2007-12-04 04:27:19
0.0.0.0 - 2007-12-03 22:27:22
0.0.0.0 - 2007-12-03 18:24:05
0.0.0.0 - 2007-12-03 16:27:27
0.0.0.0 - 2007-12-03 10:27:27
0.0.0.0 - 2007-12-03 04:27:19
0.0.0.0 - 2007-12-02 22:27:32
0.0.0.0 - 2007-12-02 18:29:20
0.0.0.0 - 2007-12-02 16:27:25
0.0.0.0 - 2007-12-02 10:27:25
0.0.0.0 - 2007-12-02 04:27:16
0.0.0.0 - 2007-12-01 22:27:29
0.0.0.0 - 2007-12-01 18:25:23
0.0.0.0 - 2007-12-01 16:27:34
0.0.0.0 - 2007-12-01 10:27:36
0.0.0.0 - 2007-12-01 04:27:27
0.0.0.0 - 2007-11-30 22:27:36
0.0.0.0 - 2007-11-30 18:22:11
0.0.0.0 - 2007-11-30 16:27:35
0.0.0.0 - 2007-11-30 10:27:31
0.0.0.0 - 2007-11-30 04:27:30
0.0.0.0 - 2007-11-29 22:27:33
0.0.0.0 - 2007-11-29 18:21:12
0.0.0.0 - 2007-11-29 16:46:29
0.0.0.0 - 2007-11-28 18:20:21
0.0.0.0 - 2007-11-27 18:19:36
0.0.0.0 - 2007-11-26 20:31:03
0.0.0.0 - 2007-11-26 18:19:43
0.0.0.0 - 2007-11-25 18:24:23
0.0.0.0 - 2007-11-25 16:27:32
0.0.0.0 - 2007-11-25 10:27:31
0.0.0.0 - 2007-11-25 04:27:29
0.0.0.0 - 2007-11-24 22:27:31
0.0.0.0 - 2007-11-24 18:23:20
0.0.0.0 - 2007-11-24 16:27:32
0.0.0.0 - 2007-11-24 10:27:48
0.0.0.0 - 2007-11-24 04:27:47
0.0.0.0 - 2007-11-23 22:27:40
0.0.0.0 - 2007-11-23 18:21:11
0.0.0.0 - 2007-11-23 16:27:38
0.0.0.0 - 2007-11-23 10:27:33
0.0.0.0 - 2007-11-22 18:21:38
0.0.0.0 - 2007-11-22 18:10:34
0.0.0.0 - 2007-11-22 05:12:32
0.0.0.0 - 2007-11-21 23:12:42
0.0.0.0 - 2007-11-21 18:59:17
0.0.0.0 - 2007-11-21 18:22:03
0.0.0.0 - 2007-11-20 18:21:07
0.0.0.0 - 2007-11-19 22:40:38
0.0.0.0 - 2007-11-19 18:21:15
0.0.0.0 - 2007-11-18 18:16:07
0.0.0.0 - 2007-11-17 18:14:50
0.0.0.0 - 2007-11-17 14:06:53
0.0.0.0 - 2007-11-17 09:56:00
0.0.0.0 - 2007-11-16 18:15:12
0.0.0.0 - 2007-11-15 18:16:50
0.0.0.0 - 2007-11-15 09:56:16
0.0.0.0 - 2007-11-15 08:15:08
0.0.0.0 - 2007-11-14 18:18:05
0.0.0.0 - 2007-11-13 18:17:59
0.0.0.0 - 2007-11-13 16:17:26
0.0.0.0 - 2007-11-12 18:20:17
0.0.0.0 - 2007-11-12 16:00:30
0.0.0.0 - 2007-11-12 09:21:28
0.0.0.0 - 2007-11-12 07:04:37
67.84.12.95 - 2007-10-30 11:38:41
67.84.12.95 - 2007-10-30 10:43:03
67.84.12.95 - 2007-10-29 19:43:57
67.84.12.95 - 2007-10-29 18:59:22
67.84.12.95 - 2007-10-26 19:45:01
66.118.176.86 - 2007-10-26 18:51:22
0.0.0.0 - 2007-10-26 16:28:16
66.118.176.86 - 2007-10-26 10:32:06
66.118.176.86 - 2007-10-26 04:28:06
66.118.176.86 - 2007-10-25 18:22:52
66.118.176.86 - 2007-10-25 16:28:37
66.118.176.86 - 2007-10-25 10:35:50
66.118.176.86 - 2007-10-25 04:28:31
66.118.176.86 - 2007-10-24 22:28:36
66.118.176.86 - 2007-10-24 18:21:52
66.118.176.86 - 2007-10-24 16:28:26
66.118.176.86 - 2007-10-24 10:28:25
66.118.176.86 - 2007-10-24 04:30:24
66.118.176.86 - 2007-10-23 22:28:27
66.118.176.86 - 2007-10-23 18:20:56
66.118.176.86 - 2007-10-23 16:28:02
66.118.176.86 - 2007-10-23 10:28:03
66.118.176.86 - 2007-10-23 04:29:26
66.118.176.86 - 2007-10-22 22:28:09
66.118.176.86 - 2007-10-22 18:33:29
66.118.176.86 - 2007-10-22 16:28:25
66.118.176.86 - 2007-10-22 10:28:20
66.118.176.86 - 2007-10-22 04:29:35
66.118.176.86 - 2007-10-21 22:28:21
66.118.176.86 - 2007-10-21 18:25:00
66.118.176.86 - 2007-10-21 16:28:36
66.118.176.86 - 2007-10-21 10:28:18
66.118.176.86 - 2007-10-21 04:30:06
66.118.176.86 - 2007-10-20 22:28:21
66.118.176.86 - 2007-10-20 18:21:06
66.118.176.86 - 2007-10-20 16:28:06
66.118.176.86 - 2007-10-20 10:28:03
66.118.176.86 - 2007-10-20 04:30:31
66.118.176.86 - 2007-10-19 22:28:11
66.118.176.86 - 2007-10-19 18:25:30
66.118.176.86 - 2007-10-19 16:28:27
66.118.176.86 - 2007-10-19 10:28:18
66.118.176.86 - 2007-10-19 04:30:02
66.118.176.86 - 2007-10-18 22:28:32
66.118.176.86 - 2007-10-18 18:22:41
66.118.176.86 - 2007-10-18 16:28:31
66.118.176.86 - 2007-10-18 10:28:27
66.118.176.86 - 2007-10-18 04:30:03
66.118.176.86 - 2007-10-17 22:28:33
66.118.176.86 - 2007-10-17 18:22:25
66.118.176.86 - 2007-10-17 16:28:33
66.118.176.86 - 2007-10-17 10:28:28
66.118.176.86 - 2007-10-17 04:29:45
66.118.176.86 - 2007-10-16 22:28:37
66.118.176.86 - 2007-10-16 18:22:26
66.118.176.86 - 2007-10-16 16:28:15
67.84.12.95 - 2007-10-16 10:39:01
66.118.176.86 - 2007-10-16 10:28:11
66.118.176.86 - 2007-10-16 04:29:42
66.118.176.86 - 2007-10-15 22:28:16
66.118.176.86 - 2007-10-15 18:23:09
67.84.12.95 - 2007-10-15 17:26:10
66.118.176.86 - 2007-10-15 16:28:31
66.118.176.86 - 2007-10-15 10:28:32
66.118.176.86 - 2007-10-14 22:28:38
66.118.176.86 - 2007-10-14 18:19:59
66.118.176.86 - 2007-10-14 16:28:35
66.118.176.86 - 2007-10-14 10:28:30
66.118.176.86 - 2007-10-14 04:30:03
66.118.176.86 - 2007-10-13 22:28:36
66.118.176.86 - 2007-10-13 19:26:43
66.118.176.86 - 2007-10-13 18:27:33
66.118.176.86 - 2007-10-13 16:28:23
66.118.176.86 - 2007-10-13 10:28:20
66.118.176.86 - 2007-10-13 04:29:49
66.118.176.86 - 2007-10-12 22:28:34
66.118.176.86 - 2007-10-12 18:27:16
66.118.176.86 - 2007-10-12 16:28:19
66.118.176.86 - 2007-10-12 10:28:13
66.118.176.86 - 2007-10-12 04:29:41
66.118.176.86 - 2007-10-11 22:28:25
66.118.176.86 - 2007-10-11 18:15:20
66.118.176.86 - 2007-10-11 16:28:17
66.118.176.86 - 2007-10-11 10:28:18
66.118.176.86 - 2007-10-11 04:28:55
66.118.176.86 - 2007-10-10 22:28:25
66.118.176.86 - 2007-10-10 18:15:06
66.118.176.86 - 2007-10-10 16:28:26
67.84.12.95 - 2007-10-10 16:09:28
82.199.118.23 - 2007-10-10 15:03:32

Wow what a complete asshole you are, i was considering using NATS for my new program, no way in hell i will be now with someone like you running th company.

GFY troll lynch mob strikes agan.

Guess what - no one cares.

Move on to your next target.

If you had this problem you need to... Change EVERY admin password, flip the TMM account to not have admin access, then IP lock your system down.

The guy had access to everything, changing the TMM password will not correct this.

Glad I don't use that shitty software.

Sucks for all of you program owners getting fucked by this asshole

I just posted by popular request what we know about this issue

http://www.gfy.com/showthread.php?t=794159

If a program get's hacked, it is the program owners responsibility to notify anybody that has had the slightest possibility that their data was stolen. Doesn't matter if it's because of NATS or not. There are laws in the US & from what this thread said the UK too, where you're suppose to contact anybody and everyone that had the possibility of their data being stolen.

Any data gets stolen, a company should make a statement. I know I would want to know, atleast then I could change my password to my affiliate account.

Fuckhead.:2 cents:

I sincerely wish to thank you guys
for this critical information...

Thanks
Tom

and here's my input, not accusing anyone, just something to look into for all NATS users:

splitfinity posted this in 2006:

http://www.gfy.com/showpost.php?p=11184768&postcount=26

on gfy theres user "k0nr4d" http://www.gfy.com/member.php?u=78744 with the signature

:upsidedow

I would not be too quick to accuse people of being a lynch mob. I have information from respected sources (that have not said jack in this thread) that this is just the tip of the iceberg.

You could still limit it by IP range. I'm sure your ISP has a limited range they assign to you when you log on, and it's doubtful that the hackers are using the same ISP as you.

I'm not saying that should relieve TMM of their responsibility to you, just saying that if you want your data secure in the meantime that's one way to do it.

Konrad, has worked for me for several years. He is a php coder / webmaster.

The other post is an older exploit, which came through apache but did target nats clients (not just nats machines). It would skim international traffic, spam of course, and was the cause of unstoppable username / password leaks.

I like several others had this exploit. It was way advanced, well past Mine and Konrads skills. If he created that and does php nats plugins for me I'm going to be rather pissed.

If you ban a user, isn't their username and password still active? But instead of getting access to the affiliate program they instead just get a page that states they were banned.

That's probably why you guys are still able to track his IP address entering the system.

I simply just deleted the account.

All I have to say on that topic is LOL.

get a grip .... not informing clients IS solely the fault of TMM no matter how you want to spin this coz John is your friend.

Just in case anyone is wondering, the other exploit did come in via apache and it was some script, basically a php console for a server that would execute whatever commands you wanted using exec...

It was called something like ratpack or some shit

shit reminds me of the idiots that blame windows because it is the most widely used OS so more people try to find exploits. I have only found more reliable data and better conversions with Nats than other companies that have shit made specifically for cheating their affiliates.

He's not flaming people, he's left the building once again... GFY could have been an userfull tool for him but he chooses to ignore it once again

How about this for a fact.
Yesterday, when I saw this thread and realized we have also been compromised.... I immediately opened a trouble ticket related to this issue.
It has been over 20 hours with no response to my ticket.

I would think this should be treated as the highest priority over at TMM.
This is very serious and something that ONLY TMM can resolve.
Please have one of your techs respond.

Hmm.. So how many of these have you seen in (let's be generous here), last 6 months?

I know from the top of my head 30 programs in that time having their data leaked, none made any statements, nor do i expect them.

read this, it should help you solve the problem...

http://www.gfy.com/showthread.php?t=794159

crikey! you're still floating about acting important?

I thought you went back to playing in your little sandbox? Unlike you, i'm giving facts. Anyway, just another troll to add to ignore.

John is a business client - I use NATS. I have never hung out with John, we haven't bought each other drinks, we don't know anything about each others family's, and we don't talk about anything other than Business.

And you are wrong.. NATS DID INFORM clients. They have been telling clients about the IP ADMIN feature for a long time. And after every ticket they tell you to change FTP/SSH passwords and anything else they had access too. The program owner has total control over all admin accounts, who can and when they can access. This info is in the KB, it's talked about during the Setup, and is the first thing you see in the Config Admin.

We know TMM had a security issue of some sort. However if the Program used the basic 101 security features that comes with all NATS installs then they wouldn't have had the problem to begin with.

So yeah, I know TMM screwed up - but they aren't the only ones to blame.

facts? troll? you're bloody delusional. you've given no facts what-so-fucking-ever and the only troll here is you. You're blaming nats users for an issue that nats developers knew about several months ago and never notified said users about. i think you need a little time in the "sandbox" ...

I NEVER got told to about the possibility of someone using the nats admin login to access my nats installation. I do change my ssh/ftp login. This was not a breach by ssh/ftp, this was a breach by someone using the nats login that I was told would be "appreciated to be left". So if you got different info from just about every NATS program then you're a lucky guy ....

So, how many people's holiday weekend has been effected by this latest revelation?

You ALWAYS have to assume someone could access your admin areas. If people can brute force a paysite what would make anyone think you can't brute force affiliate logins?

I know it didn't happen through ssh/ftp, they tell you to change it and any other passwords they had access to.

Of course NATS now is going to have to crack down and force all clients to lock down the systems, and prob enforce some other changes/rules too. But no matter what, if I give a program my details - it's the programs responsibility to make sure it's safe and secure.

Yea, then wait and see people coming here annoyed that this is like this or that, or they can't do this or that. People in this business lack the understanding of security soooo much, and value it even less.

I am no false impressions about software but I do expect that when I am pay to buy a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for.

This vulnerability specificaly targetted the NATS staff admin account and no others as far as i can tell which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself.

...

WOW am I ever glad I had the balls and got ride of nats long ago :) :) :)

CCBILL is the way to go :thumbsup :thumbsup :thumbsup