GoFuckYourself.com - Adult Webmaster Forum - View Single Post - ccBill-local.cgi compromised? Rogue users added..???

chupacabra · 01-28-2003, 11:15 AM

ok all... as much as i like ccBill, i am having an issue w/ their script that they do not seem able to help w/ so far. for the last two weeks, i am having to watch my .htpasswd like a hawk because someone is going through their script and adding password-pairs w/ impunity somehow... they are obviously calling to the script directly in some fashion and it is adding their password-pairs, bypassing any of my servers security in the process. when i check the ccbill.log file, i see that even ccBill's system *knows* that the password-pairs in question are invalid, as the log file will display lines such as:

Hacker registered to XXX.XXX.XXX.XXX <-- some ip address
ADD=hacker:9dS/4.gS6x

(note that there is no subscription ID number, and no start or end date associated w/ these entry's!)

now, this is what is pissing me off... their system/script obviously is aware that the call to add-user is coming from somewhere other than the approved subnet/ip-range of ccBill, hence the note that the user is being added by a "hacker"... so why does the bogus user get added at all? why not just *not* give them access??? i have to pay for this bandwidth, so i certainly don't want to let hackers in for free..!

i have spoken w/ install over at ccBill numerous times about this lately, and they could not explain to me why their system is allowing these users to be added... they did have me update my version of the ccbill-local.cgi file, and they checked my server to make sure that it was all setup properly, it is. again, this is not a security issue w/ our server (which is running current/patched freeBSD and apache), the ccBill script is being called to directly, resulting in the rogue users being granted access.

any other ccBill users experience this problem, and if so, do you know of any solution that will help in some way? i realize that i can rename the script to something unique, but that is not a real solution, as it will be easy for any would-be hacker to locate the new script name and continue to add their password-pairs. any advice or insight about this issue would be greatly appreciated, i am tired of watching all of our .htpasswd files night and day!

lastly, i must stress and make clear, we still feel ccBill is easily the best of the third-party processor options, and wouldn't even consider moving to another processor... ccBill has *never* been late w/ a payment to us, and as of last week, finished refunding the $750 VISA registration fee to us in total. they are tops in our book, this is our only gripe... and we're hoping that there is a fix or resolution to it. thx all..!

01-28-2003, 11:15 AM
chupacabra Confirmed User Join Date: Sep 2002 Posts: 3,626	ccBill-local.cgi compromised? Rogue users added..??? ok all... as much as i like ccBill, i am having an issue w/ their script that they do not seem able to help w/ so far. for the last two weeks, i am having to watch my .htpasswd like a hawk because someone is going through their script and adding password-pairs w/ impunity somehow... they are obviously calling to the script directly in some fashion and it is adding their password-pairs, bypassing any of my servers security in the process. when i check the ccbill.log file, i see that even ccBill's system knows that the password-pairs in question are invalid, as the log file will display lines such as: Hacker registered to XXX.XXX.XXX.XXX <-- some ip address ADD=hacker:9dS/4.gS6x (note that there is no subscription ID number, and no start or end date associated w/ these entry's!) now, this is what is pissing me off... their system/script obviously is aware that the call to add-user is coming from somewhere other than the approved subnet/ip-range of ccBill, hence the note that the user is being added by a "hacker"... so why does the bogus user get added at all? why not just not give them access??? i have to pay for this bandwidth, so i certainly don't want to let hackers in for free..! i have spoken w/ install over at ccBill numerous times about this lately, and they could not explain to me why their system is allowing these users to be added... they did have me update my version of the ccbill-local.cgi file, and they checked my server to make sure that it was all setup properly, it is. again, this is not a security issue w/ our server (which is running current/patched freeBSD and apache), the ccBill script is being called to directly, resulting in the rogue users being granted access. any other ccBill users experience this problem, and if so, do you know of any solution that will help in some way? i realize that i can rename the script to something unique, but that is not a real solution, as it will be easy for any would-be hacker to locate the new script name and continue to add their password-pairs. any advice or insight about this issue would be greatly appreciated, i am tired of watching all of our .htpasswd files night and day! lastly, i must stress and make clear, we still feel ccBill is easily the best of the third-party processor options, and wouldn't even consider moving to another processor... ccBill has never been late w/ a payment to us, and as of last week, finished refunding the $750 VISA registration fee to us in total. they are tops in our book, this is our only gripe... and we're hoping that there is a fix or resolution to it. thx all..!