My agenda? :1orglaugh

Wow, took this guy a full seven pages to make an appearance...

Here's the important question. Literally hundreds of people have evidence that they have had data stolen electronically.

When are the authorities contacted? When does the cyber crime unit step into this? If this is as big as it seems, action needs to be taken. There's no shortage of cash or backing to get this solved.

Nothing will be done.
The Bro squad is on the way to spin it, and this chapter will be swept under the carpet just like all the other dirty secrets in online adult.

Merry Xmas Chumps you all got robbed.

This was definitely a breach on the NATS side as far as I can tell. All the programs I have talked to have had Fred's usernames be completely different from one another. This leads me to believe they kept a log/record of all user/passes on their side of things that got hacked/exploited/leaked/shared you take your pick of what happened.

If everyone getting exploited was being used by the same user/pass of an admin that would be one thing, but having them be so random and different from program to program shows quite clearly where the first issue started.

We are lucky we host at swiftwill and have ip protection in place. Though Fred was able to login, we show zero evidence he was able to log into the actual admin since he was not allowed via ip protection. The only parts he was able to access was like an affiliate could, the ad tools and link codes. So for hosts like Swiftwill and others like it that demand IP protection on Nats, that is a positive. For others that don't require it, this is a major issue of all the data that could have been collected over the min 6 months this has been an issue based on the various evidence in this thread.

The only similarity here is that they both use hacker speak...

Move along novice.

IP RESTRICTION...

But my IP address changes....

Bullshit. You make enough money to call your provider and request a PERMANENT one. But they don't provide one. What the fuck? Are you on Dialup because most Cable, DSL, Broadband providers WILL give you a permanent IP if you pay monthly for leasing. Usually $20. Consider it a cost of doing business and a tax write off.

OK... But I AM ON DIALUP! So pay an admin here to setup a proxy on a dedicated server with a NON-ADULT hosting company picked at random. Have that proxy password protected.

Case closed...

The fact that a village idiot can get into this industry if he has $100,000 in inheritance money frightens me. It frightens me because when it comes to security you are all village idiots! Every last one of you!

90% of you have hackers on your boxes because they hacked your forum, your support system, your webcam software or by some other means. You don't know because all the hacker wants is your password DB and not the Emails.

They trade those DB's like Pokemon cards. They give 1 account away to each person who asks for them on newsgroups and IRC channels. It NEVER trips your strongbox, pennywize, proxy pass, etc, because they give each requester a different account. So even if the real user and the fake one use it at the same time they fall with in the AOL threshold (5 IP's in 15 minutes).

You all think.. Impossible because those previously mentioned programs shut this kinda shit down! No... They don't... Because each request gets a different account. This isn't password boards where 15,000 people get the same account. This is the designer version where everyone gets their own unique, free account.

But bandwidth is so cheap I don't give a fuck!... I know.. But in one channel on the IRC alone you will have up to 1000 people receive a password in a day. You are pissing away $35,000 a day! Smaller programs a few thousand...

Industry wide? About $800,000,000 a year is just pissed away...

OK.. Back to your original programming where you just bury your heads in the sand.

No needs for all that crap... you can easily edit that IP (in case it changes every few days) via SSH/FTP. The problem is that NATS only notified the change via the admin area, which make things worse.

Oh, and yes... you are the king. Whatever. I clicked your sig.

The usual... meds (i.e. viagra)... and porn sites..

Excuse me for not understanding this, can you explain what it means. Please.

http://www.alexa.com/data/details/tr...3y&size=Medium

Saw it posted on another board.

This was sent to me last night and I was asked to post it without naming the source. I have no time to investigate it as I'm off out after checking the site.

Please draw your own conclusions from it.

Seems to me that changed a policy they never had.

The original post was in reference to SSH passwords. I should have been more clear and it may be more clear in context rather than quoted as you did.

You're on my do not argue list and I'm heading to sleep anyway. Think as you wish, you always do.

Prepare to be called an idiot by people living in bubbles in 3-2-1...


Guess some people do realise how it is, but those are the same people that have either worked in security, or have had their boxes used as toys by hackers and have been awaken by the sad truth that their box is banned by google, listed on every blacklist known to man for spamming, their members sending 100 complaints, their databases beeing erased and indexes overwritten by kids etc etc. Then they realise that if it's at the point that your database is erased, the person that erased is not the hacker, hacker got in a long time ago. It's now to the point that he sold the access to turkish or who knows wannabes.

Still long till time comes when people here take security seriously since so few understand it.

Just curious. Did you have the SAME user/pass for EVERY program?

I mean, that would be REALLY bad.....

Also, if the 'hacker' had/had full admin access. He might have created a 2nd user with access to the affiliate info...Better check out ALL users with more access than a normal affiliate

you know, reading what you typed above really struck a nerve w/ me... i don't even use NATS for my small sites, but i do use SegPay as a processor. a few months back i started seeing the exact same you describe above. waves of locked/banned user accounts one after another, like 50 in a row all caught by PWSentry due to multiple logins from too many geo locales... this would be all at once, and then stop once all the compromised accounts got caught. a week or two later, boom, same thing. lots of wasted time for me changing passwords for everyone and pissed off/canceling customers, and as you said, obviously not brute-force here...

i'm going to go dig back and see when this trend started, but i cant help but wonder if this is tied to when NATS and Segpay started their incestuous relationship, as i had never seen this kind if account compromising over the past 8 years, not so many simultaneously and then suddenly stoppping in a single wave.

sounds way too close to what you describe above, *way* too close to me..

it is not only nats there are public dumps of generated passwords from other programs and systems also, adult security experts are step behind hackers :upsidedow

WOW this post got BIG fast.. Left it on Saturday on the first page, just read the rest now..

popular topic, what you want.

we want to switch, so now we this twicely.:)