Quote:
Originally posted by Backov
Corvett,
I pointed out the hole in your scripts to your phone techs about a month ago. The most recent script I got from you incorporated my fix. (IP limiting)
What I REALLY want to know is how the hackers that are exploiting this hole got ahold of my private_key in the first place (and obviously lots of others) - since my box wasn't compromised, I have to assume it was compromised on your end.
Also, since this key is compromised, why is there NO WAY to change this key? I can't change it myself, and when asked your techs said they couldn't change it either.
Combine this with the fact that someone not me mailed our members list (some spamtrap adddresses, so WE got shit for it) - and I'd say you guys have got some serious employee related security holes.
Edit: I'd also like to point out that they didn't use my fix verbatim but modified it a bit, and displayed the skill level of retarded high school programmers. Stop hiring off the short bus - if that's the level of skill your programmers have, then no wonder you have security problems. Don't take this as a personal attack - this is my professional opinion, and I've been doing this almost 17 years now.
Cheers,
Backov
|
Well this is getting interesting , we also have had a problem with our members data being sold to spammers I thought that maybe it had come from IBILL but now I wonder, could CCBILL have a mole?
What's the deal over there?
I will say that within hours of posting here on GFY , CCBILL contacted me direct with a "beta" fix to the problem. We have installed it and waiting to see what happens next. IBILL would have never contacted me, I would still be on hold waiting to talk to the one guy they have in Password Managment.
I hate to go public with issues like this but maybe this will make CCBILL take a second look at whats going on around them.
I love CCBILL even with this problem, none of us is perfect, ok well maybe Boneprone is.