|
Quote:
The other post is an older exploit, which came through apache but did target nats clients (not just nats machines). It would skim international traffic, spam of course, and was the cause of unstoppable username / password leaks. I like several others had this exploit. It was way advanced, well past Mine and Konrads skills. If he created that and does php nats plugins for me I'm going to be rather pissed. |
If you ban a user, isn't their username and password still active? But instead of getting access to the affiliate program they instead just get a page that states they were banned.
That's probably why you guys are still able to track his IP address entering the system. I simply just deleted the account. |
Quote:
All I have to say on that topic is LOL. |
Quote:
|
Just in case anyone is wondering, the other exploit did come in via apache and it was some script, basically a php console for a server that would execute whatever commands you wanted using exec...
It was called something like ratpack or some shit |
shit reminds me of the idiots that blame windows because it is the most widely used OS so more people try to find exploits. I have only found more reliable data and better conversions with Nats than other companies that have shit made specifically for cheating their affiliates.
|
Quote:
|
Quote:
Yesterday, when I saw this thread and realized we have also been compromised.... I immediately opened a trouble ticket related to this issue. It has been over 20 hours with no response to my ticket. I would think this should be treated as the highest priority over at TMM. This is very serious and something that ONLY TMM can resolve. Please have one of your techs respond. |
Quote:
I know from the top of my head 30 programs in that time having their data leaked, none made any statements, nor do i expect them. |
Quote:
http://www.gfy.com/showthread.php?t=794159 |
Quote:
|
Quote:
|
Quote:
And you are wrong.. NATS DID INFORM clients. They have been telling clients about the IP ADMIN feature for a long time. And after every ticket they tell you to change FTP/SSH passwords and anything else they had access too. The program owner has total control over all admin accounts, who can and when they can access. This info is in the KB, it's talked about during the Setup, and is the first thing you see in the Config Admin. We know TMM had a security issue of some sort. However if the Program used the basic 101 security features that comes with all NATS installs then they wouldn't have had the problem to begin with. So yeah, I know TMM screwed up - but they aren't the only ones to blame. |
Quote:
|
Quote:
|
So, how many people's holiday weekend has been effected by this latest revelation?
|
Quote:
You ALWAYS have to assume someone could access your admin areas. If people can brute force a paysite what would make anyone think you can't brute force affiliate logins? I know it didn't happen through ssh/ftp, they tell you to change it and any other passwords they had access to. Of course NATS now is going to have to crack down and force all clients to lock down the systems, and prob enforce some other changes/rules too. But no matter what, if I give a program my details - it's the programs responsibility to make sure it's safe and secure. |
Quote:
|
Quote:
This vulnerability specificaly targetted the NATS staff admin account and no others as far as i can tell which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself. ... |
WOW am I ever glad I had the balls and got ride of nats long ago :) :) :)
CCBILL is the way to go :thumbsup :thumbsup :thumbsup |
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
I have no false impressions about software but I do expect that when I pay for a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for. This vulnerability specifically targetted the NATS staff admin account and no others, as far as i can tell, which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself. |
People, keep in mind that the only admin account that has been compromised is the TMM admin account. For god's sake, delete this account immediately.
This breach would also explain the multiple waves of compromised user passwords that we have seen. User passwords are easy to see in NATS, affiliate passwords are not. My members area security software has reported dozens of compromised passwords logging in within less than 5 minutes. This only happens when there is a compiled list of valid passwords, not from passwords obtained by brute force. After over 20 hours, I finally got a response to my trouble ticket: TMM (3:55 PM): I'm sorry and it look like I have to get you an full upgrade to have this new feature TMM (3:56 PM): and we are currently develope on better security system on NATS and there will be release on Monday hopfully TMM (3:58 PM): can we do the update on Monday instead? Dirty D (3:59 PM): Keep in mind we are one of the MANY programs that the TMM admin login was compromised. Before I get pissed off, let me get this straight and make sure I understand. #1. The IP Log feature won't work until the next release comes out... maybe monday #2. NATS will not log the admin login info to a log file and the ONLY way to get admin login information is for me to WRITE A SCRIPT to accept a POST with info from NATS using these undocumented variables xxxxxx , xxxxxxx, xxxxxxxx, xxxxxxxx, xxxxxxx #3. Nothing has been accomplished to resolve this Trouble Ticket TMM (4:05 PM): #1 yes, we are currently develope on the security script on will try to get relase as soon as possble. #2 Currently no, but I will add this to the feature request. #3 I'm sorry about this, we are wokring on the relase, and will let you know as soon as it is ready. TMM (4:11 PM): I'm sorry for any inconvenience that cause on this issue, please change the ssh password and disable the nats admin login, one of us will contact you as soon as the new release is ready. |
WTF? They outsourcing to Russian programmers or something?
Thats some serious broken english. And certainly not the brightest of decisions. |
Holy shit, this is huge
Imagine how much data was stolen through this NATS fuck up :eek2 |
Quote:
:Oh crap |
Quote:
|
Quote:
Real good choice you are taking there, ignoring not only the companies whom use your product, but also the affiliates whom promote those companies. So first we had pornograph fiasco and now this.. What was that old saying? Fool me once shame on me... Fool me twice??? |
Quote:
|
Quote:
|
this thread should be a sticky.:2 cents:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
heres a band aid solution for those who have dynamic ips and absolutely cant 'lock down' their admins to a specific ip... at least until the problem is resolved fully.
have your coder code up a small script: w w w . d o m a i n . c o m /somesecretfile.php?key=somesecretkey if the key is correct have it make the changes to allow the ip accessing the script to log into admin. should take him about 15 minutes to code. and security wise, even if someone found this file AND your key it wouldn't be a major compromise... all it would do is allow his ip to enter admin, nothing more... they would still need the password of course. ciao. |
Quote:
|
| All times are GMT -7. The time now is 01:27 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123