Originally posted by darksoul
possible NATS exploit?
Collapse
X
-
Interesting, LOL... don't twist shit around man, you said you give out no information that could be used to exploit your scripts.. all I have said is that this is actually absolutely false, you give out _ALL_ information possible to help exploit it."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger -
Originally posted by NathanYeah, I do.. emm.. and we do not dictate what our clients use in terms of database privileges.. btw, if you think "least privileges" principle is so great, WHY THE FUCK do you tell your axscripts clients to set fucking templates and templates_c to mode 777?!? how is that LEAST PRIVILEGES?!
Seriously, people in a glass house should not throw with stones, you are looking stupid here.
Also, NATS has no single user that only fetches user and password... if you mean SPARTA setups with NATS, we actually tell our clients specifically which tables we need select and which we need update/insert privileges on...
Dude, you do the install for your customers you should be setting what privileges to use.
And dont try to pick on my script because you can't compare them.
You are trying to defend a paid script that deals with valuable company
datas by comparing it with a free link exchange script ?
Thats a bit lame don't you think ?Comment
-
-
Originally posted by NathanInteresting, LOL... don't twist shit around man, you said you give out no information that could be used to exploit your scripts.. all I have said is that this is actually absolutely false, you give out _ALL_ information possible to help exploit it.
Can you point me to where I said I dont give bla bla bla ?
Are you making stuff up now ?
C'mon you gotta find something betterComment
-
I am comparing it with a script that someone that claims he knows a lot about stuff wrote and obviously is (as that person stated himself) full of bugs and problems. The fact that it is free just means that it might get installed on MORE servers and thus making MORE systems vulnerable.. These systems might very well include sensetive information.Originally posted by darksoulDude, you do the install for your customers you should be setting what privileges to use.
And dont try to pick on my script because you can't compare them.
You are trying to defend a paid script that deals with valuable company
datas by comparing it with a free link exchange script ?
Thats a bit lame don't you think ?
Did you yourself not just a few minutes ago state that:
Make up your mind...You are supposed to take security seriously and not this fuck it attitude.
And, we install for our customers, we do NOT prepare the servers, our customers do that... for a very good reason, we are not their host."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
UhmOriginally posted by darksoulCan you point me to where I said I dont give bla bla bla ?
Are you making stuff up now ?
C'mon you gotta find something better
Right there... Where do you think people will look first if they want to hack a script thats called "axslinks"? Probably the page that comes up as result 1 on google: http://www.axscripts.com/axslinks/ ... and oh look, it has the source!Originally posted by darksoulI coded it in two hours but it wont give away any substantial info if lets say it would be hacked."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Originally posted by Nathanwhat other programs do not work right now? I only know of this one problem with panchodog.
Seems one program discovered this "little problem", then shortly thereafter yet another had the same "problem" now today I wake up & seems all the little birds had some chats at the grapevine & this "little problem" is spreading, yet affecting several others all of a sudden, like kids trying something new with their christmas toys.Comment
-
I can assure you that theres no vulnerability that allows server entrace in that script.Originally posted by NathanI am comparing it with a script that someone that claims he knows a lot about stuff wrote and obviously is (as that person stated himself) full of bugs and problems. The fact that it is free just means that it might get installed on MORE servers and thus making MORE systems vulnerable.. These systems might very well include sensetive information.
You're free to prove me wrong at any time, and it will be easy for you to do
since its open source.
I think the mysql user settings comes from your install instructions ?Did you yourself not just a few minutes ago state that:
Make up your mind...
And, we install for our customers, we do NOT prepare the servers, our customers do that... for a very good reason, we are not their host.
whats got to do with the host ?Comment
-
Oh my god.. dude.. you've been told in your own thread already that you have no clue man... its a fucking MYSQL ERROR... god, accept it, its not a damn exploit, there is no exploit.. mysql crashes now and then... at the number of clients we have, its normal that you notice some having mysql problems now and then.. post in the mysql forums and complain about it..Originally posted by spacedogSeems one program discovered this "little problem", then shortly thereafter yet another had the same "problem" now today I wake up & seems all the little birds had some chats at the grapevine & this "little problem" is spreading, yet affecting several others all of a sudden, like kids trying something new with their christmas toys."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
wtf are you talking about dude.Originally posted by spacedogSeems one program discovered this "little problem", then shortly thereafter yet another had the same "problem" now today I wake up & seems all the little birds had some chats at the grapevine & this "little problem" is spreading, yet affecting several others all of a sudden, like kids trying something new with their christmas toys.
nats is the shiat
all this is customers fault.
I bet all this servers talked to each other and said lets crash mysql.Comment
-
Last time I checked, there is no such instructions in terms of mysql user settings other than the main user that NATS uses and yeah, that user needs to actually have full access to the tables in the nats db. obviously.Originally posted by darksoulI can assure you that theres no vulnerability that allows server entrace in that script.
You're free to prove me wrong at any time, and it will be easy for you to do
since its open source.
I think the mysql user settings comes from your install instructions ?
whats got to do with the host ?"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
WTF, where do I say open source is bad?! Man, get your facts straight dude...Originally posted by darksoulso you're saying open source is bad ?
you're so full of it
For a moment there, I actually thought you had a clue, that you actually knew things and thats why you got pissed at me... but man, you obviously do not...Originally posted by darksoulwtf are you talking about dude.
nats is the shiat
all this is customers fault.
I bet all this servers talked to each other and said lets crash mysql.
The only damn site that has a problem is panchodog, their fucking accounts table crashed, it happends, its not our fault, its not an exploit, its not even POSSIBLE to exploit it, even IF it was then it would be a MYSQL exploit..
Don't feed the clueless people man, I thought you were more intelligent than that...
I was wrong."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Ah yes, you are so correct.. sorry..Originally posted by Pimpin_J...and santa is still alive and kickin
Dont claim things you cant proof!
"there is no known exploit" is what I meant...and I also meant this:
"_this_ is not an exploit"
There, happy?"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
darksoul, take this seriously please..Originally posted by darksoulwhat he meant is that theres no exploit he's aware of
This is an honest friendly advice: Do not bundle smarty with axscripts, especially not because you let people edit templates via the admin..."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Originally posted by NathanWTF, where do I say open source is bad?! Man, get your facts straight dude...
For a moment there, I actually thought you had a clue, that you actually knew things and thats why you got pissed at me... but man, you obviously do not...
The only damn site that has a problem is panchodog, their fucking accounts table crashed, it happends, its not our fault, its not an exploit, its not even POSSIBLE to exploit it, even IF it was then it would be a MYSQL exploit..
Don't feed the clueless people man, I thought you were more intelligent than that...
I was wrong.
what the fuck are you talking about dude ?
I didn't said those crashes are from a exploit, altho have you considered
that maybe nats would have something to do with it and find ways to improve it ?
Isn't it a bit weird that it happens so often ? Have you investigated the problems and decided its just an usuall crash ?
Or you just come in here and blindly defend your product, cause thats your job ? (my guess)
And shit, how could I be smarter than you, god forbid, I just coded a shitty script and I gave away all the sourceComment
-
Yes, sad but true, all software is exploitable, its just a matter of time until someone finds a way to do so... the goal with security of any software company must be that they can fix the exploits that arise as fast as possible...Originally posted by Pimpin_JI hope everyone got it finally that this error isnt any kind of exploit lol, but dont claim to say there´s no exploit for nats! Sooner or later you will see that you were wrong. Just a matter of time...sadly
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Did I fucking say it was a fucking exploit!! Did I fucking say ANYTHING about any fucking exploit!!Originally posted by NathanOh my god.. dude.. you've been told in your own thread already that you have no clue man... its a fucking MYSQL ERROR... god, accept it, its not a damn exploit, there is no exploit.. mysql crashes now and then... at the number of clients we have, its normal that you notice some having mysql problems now and then.. post in the mysql forums and complain about it..
My own thread??
I did NOT make or post any damn thread about no friggen exploits . ( I may have replied about the sponsor having issues or problems, yes.. but I did not say anything about no fucking exploits)
I just find it fucking strange that at least 5 sponsors are all having the EXACT SAME ERROR in the same fucking 24 hour period. Fucking dumbass.. Go back to school & take fucking classes in reading comprehension.Comment
-
No, it is not weird that it happends so often. The mysql errors that get posted on GFY either simply are from the fact that MYSQL failed to start after a reboot, MYSQL itself crashed totally, the external MYSQL server the client uses has a problem or a table crashed... Not ONCE was NATS involved in any of those mysql errors posted here, NATS was simply informing of it.Originally posted by darksoulwhat the fuck are you talking about dude ?
I didn't said those crashes are from a exploit, altho have you considered
that maybe nats would have something to do with it and find ways to improve it ?
Isn't it a bit weird that it happens so often ? Have you investigated the problems and decided its just an usuall crash ?
Or you just come in here and blindly defend your product, cause thats your job ? (my guess)
And shit, how could I be smarter than you, god forbid, I just coded a shitty script and I gave away all the source
And yes, we investigated the problems, obviously. We do that constantly each day, we have 5 people working here that do nothing other than that, helping out our clients with problems and questions they have.
And before some idiot says "damn, NATS has so many problems that you need 5 people?", no.. NATS does not have so many problems, we have so many clients..."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Do tell me those 5 sponsors... The errors I have seen on GFY in the past 24 hours relating to NATS were (as far as I remember) 3 different errors. Maybe just 2, but I think 3...Originally posted by spacedogDid I fucking say it was a fucking exploit!! Did I fucking say ANYTHING about any fucking exploit!!
My own thread??
I did NOT make or post any damn thread about no friggen exploits . ( I may have replied about the sponsor having issues or problems, yes.. but I did not say anything about no fucking exploits)
I just find it fucking strange that at least 5 sponsors are all having the EXACT SAME ERROR in the same fucking 24 hour period. Fucking dumbass.. Go back to school & take fucking classes in reading comprehension.
And sorry, I meant post, not thread..."Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Originally posted by NathanThe only damn site that has a problem is panchodog, their fucking accounts table crashed, it happends, .
I thought you knew your clients?
You even replied to my poetic comments making it clear that you were aware of others having this issue..
hmm..
In last 24 hours... "MySql" error
Wildcash
Hodough
Panchodog
MayorsMoney
NaughtyAmericaLast edited by spacedog; 07-08-2006, 06:27 AM.Comment
-
Wildcash: their mysql server was down for a short period of time (external server)
Hodough: honestly not sure there, I will have to look if they even asked us for help with that.
panchodog: accounts table is broken
mayorsmoney: same as hodough, not sure what was up there
naughtyamerica: not even a client of ours"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie MungerComment
-
Originally posted by spacedogSeems one program discovered this "little problem", then shortly thereafter yet another had the same "problem" now today I wake up & seems all the little birds had some chats at the grapevine & this "little problem" is spreading, yet affecting several others all of a sudden, like kids trying something new with their christmas toys.
Nice

FUBAR Webmasters - The FUBAR Times - FUBAR Webmasters Mobile - FUBARTV.XXX
For promo opps contact jfk at fubarwebmasters dot comComment
-
-
This thread is fascinating. I think there's like 300+ sponsors that use Nats. There's the possibility at any giving time at least 4 of them have some kind of issues. It's just how it is with SO many configurations and 1% is a styling percentage. And a good number of those probably have nothing to do with TMM
I do like good mudslinging though, and for reasons no made clear this seems more personal than anything else. Promote http://islanddollars.com while you enjoy the show.ISLAND DOLLARS
1000's of Exclusive TS scenes / Constant Updates
Best TS Network your surfers will ever joinComment
-
it was good, wasn't it ?Originally posted by The Ghost
I do like good mudslinging though, and for reasons no made clear this seems more personal than anything else.
sorry Nathan for name calling, you're right I get mad too quick sometimesComment
-
I want to make it clear that I am NOT suggesting that TMM has anything to do with it,,Originally posted by The GhostThis thread is fascinating. I think there's like 300+ sponsors that use Nats. There's the possibility at any giving time at least 4 of them have some kind of issues. It's just how it is with SO many configurations and 1% is a styling percentage. And a good number of those probably have nothing to do with TMM
I do like good mudslinging though, and for reasons no made clear this seems more personal than anything else. Promote http://islanddollars.com while you enjoy the show.Comment
-
Maybe they use seperate sql serverOriginally posted by darksoulbtw,
can you explain how the mysql on panchodog crashed ?
because using their uptime info looks the server is up for 50+
days, and under normal circumstances mysql doesn't just crash a table.
Comment
-
i thought darksoul brought up a very valid point, that being ( why show error messages at all )
Its nice for techs to see the errors displayed , but the software isnt built for techs , its built for surfers to buy porn with.
Would you rather a surfer see ( error #1727 blah blah ) or would you rather them see ( sorry there was asmall problem with the site , please BOOKMARK this link and try again in a few minutes , we apologize for the inconvenience .
Not only do you get a chance to make a sale , you let the surfer know the site isn't broken.. when i see errors like that on sites i dont trust them because i figure if i buy something i might just get the same error and be out the cash.hatisblack at yahoo.comComment
-
This is GFY after all...people like to blow shit way way out of propositionOriginally posted by The GhostThis thread is fascinating. I think there's like 300+ sponsors that use Nats. There's the possibility at any giving time at least 4 of them have some kind of issues. It's just how it is with SO many configurations and 1% is a styling percentage. And a good number of those probably have nothing to do with TMM
I do like good mudslinging though, and for reasons no made clear this seems more personal than anything else. Promote http://islanddollars.com while you enjoy the show.
Comment
-
if You don't understand "DB Arrors" what the fuck you're calling yourself as a webmaster?Originally posted by darksoulComment
-
-
that sounds good on paper, but in reality it isnt so cut and dry.Originally posted by The GhostThis thread is fascinating. I think there's like 300+ sponsors that use Nats. There's the possibility at any giving time at least 4 of them have some kind of issues. It's just how it is with SO many configurations and 1% is a styling percentage. And a good number of those probably have nothing to do with TMM
I do like good mudslinging though, and for reasons no made clear this seems more personal than anything else. Promote http://islanddollars.com while you enjoy the show.
How many times have you seen an error on a large porn pay sites signup process ? in my whole time on the internet NON-nats sponsors i can count the times on my hand ( discluding downtime ) , NATS on the other hand i have seen dozen and dozens and dozens of errors.. Now before this sounds like a NATS bashing post let me clarify.. Because of the way nats displays its errors its much more likely for me to visually SEE an error with nats and know its taking place thn with someone with a custom software that may have the same error , it just isnt displayed as visually ( i.e. the join button doesnt work , but no errors are seen )hatisblack at yahoo.comComment
-
How come your sig isn't telling the right city?Originally posted by SmokeyTheBeari thought darksoul brought up a very valid point, that being ( why show error messages at all )
Its nice for techs to see the errors displayed , but the software isnt built for techs , its built for surfers to buy porn with.
Would you rather a surfer see ( error #1727 blah blah ) or would you rather them see ( sorry there was asmall problem with the site , please BOOKMARK this link and try again in a few minutes , we apologize for the inconvenience .
Not only do you get a chance to make a sale , you let the surfer know the site isn't broken.. when i see errors like that on sites i dont trust them because i figure if i buy something i might just get the same error and be out the cash.
Comment
-
I never got NATS anyways, i'm going to trust some people with customers data and email lists just to prove to my affiliates that i don't shave,this to me is like putting both of my balls on the table....i don't like it, neither did i ever like the idea of giving some company 10-15% of my earnings...and re-selling my customer lists to spammers, to be sucessful in this industry you just need to be a one-man show...anyways back to the point, nats why would you trust it?Comment
-
Tru, someone needs to update their GEOIP'sOriginally posted by TurboAngelHow come your sig isn't telling the right city?
ICQ:119936Comment


Comment