NATS Security?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • ruff
    I have a plan B
    • Aug 2004
    • 5507

    #1

    NATS Security?

    I am an affiliate of a program using NATS. My account has been hacked now twice. Once in November by that asshole in Canada and yesterday. Probably the same shitheel. Apparently a brute force password hack, although my password is 9 digits. The IP the hacker used is 162.219.176.58.

    My question is, since I do not use NATS I don't know, does the NATS program have two factor login security? Does the NATS program allow the owner to limit login attempts? I should mention that I did not receive any notifications that there were account changes and I have them all set up.

    Can someone just run a brute force attack on a NATS site until he gets a password? Oh, and by the way, my personal computer has not been hacked and the information did not come from me.

    The real problem is all of my information is available now to the hacker including my social security number.

    I would like to hear from the NATS people about their security solutions so I can inform this program how to tighten up their webmaster section.
    CryptoFeeds
  • lucas131
    ¯\_(ツ)_/¯
    • Aug 2004
    • 11475

    #2
    maybe hacked email? if he reset pass, you dont need even know if he is fast. or bf is possible nats dont have ip blocking i think. stay safe

    Comment

    • ruff
      I have a plan B
      • Aug 2004
      • 5507

      #3
      Originally posted by lucas131
      maybe hacked email? if he reset pass, you dont need even know if he is fast. or bf is possible nats dont have ip blocking i think. stay safe
      He didn't change anything this time. Last time he changed the payout name and address. Of course, I got a password reset sent to my email and got back in. I immediately received an email notifying of the password change. So go figure. Something is very wrong if someone can do as they please inside of a NATS affiliate page and I don't find out until I cannot login.
      CryptoFeeds

      Comment

      • lucas131
        ¯\_(ツ)_/¯
        • Aug 2004
        • 11475

        #4
        i mean, that if he is on your email, he can reset nats pass also. but if its only one program, it is more like the program is hacked

        Comment

        • signupdamnit
          Confirmed User
          • Aug 2007
          • 6697

          #5
          It really is kind of ridiculous that in 2014 NATS still shows the whole SSN rather than just the last four digits. It's stupid. Legally I'm not sure if it would qualify as negligence if a major incident occurred. Possibly?

          You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

          Comment

          • ruff
            I have a plan B
            • Aug 2004
            • 5507

            #6
            Originally posted by lucas131
            i mean, that if he is on your email, he can reset nats pass also. but if its only one program, it is more like the program is hacked
            I think it is hard to hack a Google email address, but I could be wrong. I think you are right about the program being hacked.

            This is the same hacker fuck you can read about in this thread:
            http://gfy.com/showthread.php?t=1124799
            CryptoFeeds

            Comment

            • ruff
              I have a plan B
              • Aug 2004
              • 5507

              #7
              Originally posted by signupdamnit
              It really is kind of ridiculous that in 2014 NATS still shows the whole SSN rather than just the last four digits. It's stupid. Legally I'm not sure if it would qualify as negligence if a major incident occurred. Possibly?
              That's is a fact. Also there should be some serious security solutions available to webmasters that use NATS if only to protect affiliates. I suppose NATS will be along in this thread to explain. But, for the life of me, I cannot imagine, in this day and age, that some one can use a brute force password attack on a program like this and get my password. If in fact, that is how they got in.
              CryptoFeeds

              Comment

              • AHarper
                Confirmed User
                • Jul 2010
                • 846

                #8
                Sent this thread to Vlad from TMM. Guess he will respond soon
                Bitcoin Webcams | Send your EU traffic here | Cheap Shared & Reseller Adult Hosting

                Comment

                • freecartoonporn
                  Confirmed User
                  • Jan 2012
                  • 7683

                  #9
                  http://strongpasswordgenerator.com/
                  SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

                  Comment

                  • HomerSimpson
                    Too lazy to set a custom title
                    • Sep 2005
                    • 13826

                    #10
                    I doubt he hacked account by using brute force attack than rather by hacking your computer, browser or email account...
                    Make a bank with Chaturbate - the best selling webcam program
                    Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                    PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                    Comment

                    • ruff
                      I have a plan B
                      • Aug 2004
                      • 5507

                      #11
                      Originally posted by HomerSimpson
                      I doubt he hacked account by using brute force attack than rather by hacking your computer, browser or email account...
                      I spoke to the program owner and he checked his server logs so no brute force attack. My computer and browsers have not been hacked. My email is handled by Google so doubtful that was hacked. I kept the password in my head. If the hacker requested a password reset, that would suggest he hacked my email address, but that has not happened. Any other ideas?
                      CryptoFeeds

                      Comment

                      • ladida
                        Confirmed User
                        • Nov 2005
                        • 2179

                        #12
                        Chances are high the program is hacked and the owner knows it but does not care.
                        agentGFY *at* gmail.com

                        Comment

                        • ruff
                          I have a plan B
                          • Aug 2004
                          • 5507

                          #13
                          Originally posted by ladida
                          Chances are high the program is hacked and the owner knows it but does not care.
                          I can't imagine that. A hacker could bring down his whole operation just by redirecting affiliate payouts. I agree the program may be hacked, but the owner may not be aware of it or is denying it. At any rate, I have heard nothing of simple basic security features to protect affiliates using NATS. I think I will go back to depending on CCBill programs for my affiliate work. At least hackers can't get my personal information handed to them on a platter there.
                          CryptoFeeds

                          Comment

                          • dunhill
                            Confirmed User
                            • Jul 2013
                            • 89

                            #14
                            Originally posted by ruff
                            i spoke to the program owner and he checked his server logs so no brute force attack. My computer and browsers have not been hacked. My email is handled by google so doubtful that was hacked. I kept the password in my head. If the hacker requested a password reset, that would suggest he hacked my email address, but that has not happened. Any other ideas?
                            xss .

                            Comment

                            Working...