![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Scammer Alert - Affiliates Read This
Just had this conversation...
EDITED (02:00 PM) : hello, i'm working for EDITED, my login "EDITED" dosen't work. Chris (02:00 PM) : Let me check it for you then. One sec. EDITED (02:00 PM) : thanks Chris (02:00 PM) : What is your affiliate ID number? EDITED (02:01 PM) : i have to ask my boss, i'll contact you later Chris (02:01 PM) : okay, I will be here (THIS IS WHERE I START WONDERING WTF?) Chris (02:02 PM) : Do you have any other info I could look you up with? Last name? Email address on the account? EDITED (02:02 PM) : EDITED EDITED (first last) EDITED (02:03 PM) : [email protected] Chris (02:04 PM) : And what is the problem? You can't log in? EDITED (02:04 PM) : i can't login Chris (02:04 PM) : What username and password are you using? EDITED (02:05 PM) : username is EDITED EDITED (02:05 PM) : i don't have the password here. EDITED (02:06 PM) : can i contact you by email later? for you give me info Chris (02:07 PM) : Well, sorry to be the one to tell you this. But some of the information you gave me does not match up. And you have to give me the proper password for me to reset it at this point. So one of two things is happening here: ONE - YOU are a scammer and I am telling you to FUCK OFF and stay away from my affiliates. Or TWO - this is just a miscommunication and I will need to contact your ?boss?. Chris (02:07 PM) : If it is TWO, then you understand why I keep the information so private. Chris (02:08 PM) : Any response to that sir? It has been 10 minutes and no reply. This is the second one like this I have got in the last 3 days. Someone is out there with a list of affiliate names I think trying to get access to other peoples accounts to most likely change their payment information. A particular account like this gets paid out some very good money EVERY week. Heads up guys, thats all. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#2 |
Confirmed User
Join Date: Jun 2005
Location: Montreal eh
Posts: 2,290
|
It's the FTC!!! lol
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#3 | |
Too lazy to set a custom title
Join Date: Jul 2002
Posts: 40,377
|
Quote:
__________________
I don't use ICQ anymore. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Heh, I had to edit it all out for the real affiliate...
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Too lazy to set a custom title
Industry Role:
Join Date: Jan 2001
Posts: 51,692
|
Yea ... makes it hard for honest affiliates that forget their passwords !
I forgot my pgonzo pass and it was a headache to receive it |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,660
|
Good catch
![]()
__________________
![]() Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#7 |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
We are going to have to incorporate some new password system to prevent this. It seems like the only solution worth merit. Anyone have any suggestions?
Maybe something along the lines of a secret question/secret answer? Is that stuff even worth while? |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#8 |
Confirmed User
Join Date: Dec 2001
Location: Sunny Queensland - perfect one day and better the next.
Posts: 2,106
|
Perhaps respond in person to those requests with a phone call to the number listed on the account details?
__________________
Left intentionally blank ... just like my brain |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 | |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Quote:
![]() I really wish more did, it would be easily solved that way. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 |
As you wish...
Industry Role:
Join Date: May 2002
Posts: 13,754
|
Well, can't say I didn't try....
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
Confirmed User
Join Date: Oct 2003
Location: Pennsylvania
Posts: 3,938
|
AND provide them with a phone number to call you.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 | |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 | |
Confirmed User
Join Date: Mar 2004
Posts: 767
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 |
Dialer Kingpin
Join Date: Jun 2003
Location: New York
Posts: 10,816
|
Change the payment information and leave a complete traceable trail ... Brilliant.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#15 |
Damn Right I Kiss Ass!
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
|
Best practices:
Encrypt the password in the DB using something sweet like MD5 or SH1. #1, Then when someone types in their password, the login script encrypts what they wrote and checks it with what is in the DB. If both encrypted passwords match, the person typed in the right unencrypted password in the form. #2, Make your password for the affiliate. If you did #1 correctly and someone can't decrypt your stolen DB, it doesn't matter because they stole the unencrypted DB of your competition and guess what, 85% of webmasters use the same password EVERYWHERE. #3, Have them create a secret question that must be answered with a phrase. Don't use stupid questions like, what is your favorite color. 70% of the world prefers blue and 98% prefer a primary or secondary color. That leaves only 9 colors to play with and you are in on EVERY account. A better question would be, What is the best part of your lover: and it should be answered with a phrase. She has a great ass. The script would check for a minimum of 3 spaces and a length of atleast 16 characters. This way you know it was a phrase... #4 Answering it correctly would send an email to the email they signed up with. They should not just get direct access to the account. #5 Emails must be from ISP's, not free accounts or domains owned by the affiliate. Hack their server and you get to read all their email. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#16 | |
Confirmed User
Join Date: Dec 2001
Location: Sunny Queensland - perfect one day and better the next.
Posts: 2,106
|
Quote:
We had a minor hassle with a host we use in Holland so we emailed them - two minutes later he rang us and 30 seconds after that the problem was solved. Try getting that sort or resolution by exchanging emails ... There is no quicker and surer way to overcome problems but by verbal communication - emails and instant messaging leave too much to chance because important things like the tone of voice are missing. We did actually have one sponsor call us one day - and it was one of the most helpful and informative contacts we've ever had with a sponsor. It sure beat newsletters and emails. In our business we often call clients who are about to pay for orders just so they know that they are dealing with real people - it's amazing the difference a phone call can make.
__________________
Left intentionally blank ... just like my brain |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 |
Damn Right I Kiss Ass!
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
|
You must have been talking to Mike the Bike..
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 | |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Quote:
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 |
Confirmed User
Industry Role:
Join Date: Jul 2003
Posts: 3,108
|
Chris...
hope you'll take a suggestion from me... (no bad blood and all) Although V knows his stuff, his #3 idea is good but might cause more problems.. I am sure he has his reasons, but I have yet to find a reason why a simple email system is a problem. Meaning: Simply have them type in the username and the email they signed up with. If the info is correct, send a new password (or the old one if you do not store it encrypted) to their email address on file. I understand the idea behind the secret question, but like V said, you have to make it COMPLICATED to make it secure. No wonder Paris's Sidekick account was hacked. The only reason some places have a secret question setup is so that they do NOT have to send an email out on requests. They just let them enter the password again then. As long as you do not display the password somewhere but email it to the account on file, I see no problem with this kind of stuff. V, your input on my oppinion would be appreciated.
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right." - Charlie Munger |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 |
Too lazy to set a custom title
Join Date: Oct 2001
Location: Spartaaaaaaaaa
Posts: 14,136
|
my middle name is Edited, gimme your IDs, passwords, and while you're at it CC numbers + the CVVs, thanks
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 | |
Confirmed User
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
|
Quote:
I'm just blown away that this has happened 2 times in one week! |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 | |
Confirmed User
Industry Role:
Join Date: Jul 2003
Posts: 3,108
|
Quote:
Anyway, unless V has some valid point against this simpler system, I would definately go with that, I have not seen any flaw in it yet...
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right." - Charlie Munger |
|
![]() |
![]() ![]() ![]() ![]() ![]() |