Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 07-29-2005, 02:19 PM   #1
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Scammer Alert - Affiliates Read This

Just had this conversation...

EDITED (02:00 PM) : hello, i'm working for EDITED, my login "EDITED" dosen't work.

Chris (02:00 PM) : Let me check it for you then. One sec.

EDITED (02:00 PM) : thanks

Chris (02:00 PM) : What is your affiliate ID number?

EDITED (02:01 PM) : i have to ask my boss, i'll contact you later

Chris (02:01 PM) : okay, I will be here


(THIS IS WHERE I START WONDERING WTF?)


Chris (02:02 PM) : Do you have any other info I could look you up with? Last name? Email address on the account?

EDITED (02:02 PM) : EDITED EDITED (first last)

EDITED (02:03 PM) : [email protected]

Chris (02:04 PM) : And what is the problem? You can't log in?

EDITED (02:04 PM) : i can't login

Chris (02:04 PM) : What username and password are you using?

EDITED (02:05 PM) : username is EDITED

EDITED (02:05 PM) : i don't have the password here.

EDITED (02:06 PM) : can i contact you by email later? for you give me info

Chris (02:07 PM) : Well, sorry to be the one to tell you this. But some of the information you gave me does not match up. And you have to give me the proper password for me to reset it at this point. So one of two things is happening here: ONE - YOU are a scammer and I am telling you to FUCK OFF and stay away from my affiliates. Or TWO - this is just a miscommunication and I will need to contact your ?boss?.

Chris (02:07 PM) : If it is TWO, then you understand why I keep the information so private.

Chris (02:08 PM) : Any response to that sir?


It has been 10 minutes and no reply. This is the second one like this I have got in the last 3 days. Someone is out there with a list of affiliate names I think trying to get access to other peoples accounts to most likely change their payment information. A particular account like this gets paid out some very good money EVERY week.

Heads up guys, thats all.
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 02:21 PM   #2
pawsregd
Confirmed User
 
pawsregd's Avatar
 
Join Date: Jun 2005
Location: Montreal eh
Posts: 2,290
It's the FTC!!! lol
pawsregd is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 02:21 PM   #3
polish_aristocrat
Too lazy to set a custom title
 
Join Date: Jul 2002
Posts: 40,377
Quote:
Originally Posted by pawsregd
It's the FTC!!! lol
lol 5678
__________________
I don't use ICQ anymore.
polish_aristocrat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 02:25 PM   #4
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Heh, I had to edit it all out for the real affiliate...
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 02:34 PM   #5
Doctor Dre
Too lazy to set a custom title
 
Doctor Dre's Avatar
 
Industry Role:
Join Date: Jan 2001
Posts: 51,692
Yea ... makes it hard for honest affiliates that forget their passwords !

I forgot my pgonzo pass and it was a headache to receive it
__________________
Quote:
Originally Posted by rayadp05 View Post
I rebooted, deleted temp files, history, cookies and everything...still cannot view the news clip. All I see is that fucking gay ass music video from "Rick Roll". Anyone else have a different link to the news clip?
Doctor Dre is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 02:36 PM   #6
TMM_John
Confirmed User
 
TMM_John's Avatar
 
Industry Role:
Join Date: May 2004
Posts: 6,660
Good catch
TMM_John is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 03:13 PM   #7
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
We are going to have to incorporate some new password system to prevent this. It seems like the only solution worth merit. Anyone have any suggestions?

Maybe something along the lines of a secret question/secret answer? Is that stuff even worth while?
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 03:30 PM   #8
The Other Steve
Confirmed User
 
Join Date: Dec 2001
Location: Sunny Queensland - perfect one day and better the next.
Posts: 2,106
Perhaps respond in person to those requests with a phone call to the number listed on the account details?
__________________
Left intentionally blank ... just like my brain
The Other Steve is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 04:30 PM   #9
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Quote:
Originally Posted by The Other Steve
Perhaps respond in person to those requests with a phone call to the number listed on the account details?
I put a little thought into that as well, but the fact is most affiliates don't put in their phone number. And its Funny, alot of them have the same number "123456789". They must all live at the same house. I think they think we want to telemarket stuff to them. lol

I really wish more did, it would be easily solved that way.
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 04:30 PM   #10
Donny
As you wish...
 
Industry Role:
Join Date: May 2002
Posts: 13,754
Well, can't say I didn't try....
Donny is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 04:30 PM   #11
Murderous
Confirmed User
 
Join Date: Oct 2003
Location: Pennsylvania
Posts: 3,938
AND provide them with a phone number to call you.
Murderous is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 04:47 PM   #12
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Quote:
Originally Posted by DonovanPhillips
Well, can't say I didn't try....
AaronM tries once a week. You think he would know I have caller ID here by now.
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-29-2005, 06:04 PM   #13
David - PG
Confirmed User
 
Join Date: Mar 2004
Posts: 767
Quote:
Originally Posted by Doctor Dre
I forgot my pgonzo pass and it was a headache to receive it
We have a password retrieval function. If you do not have access to your original email address however we require some security questions, the last thing you want is your payout sent to some scammer's Epassporte.
David - PG is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 12:55 AM   #14
emthree
Dialer Kingpin
 
Join Date: Jun 2003
Location: New York
Posts: 10,816
Change the payment information and leave a complete traceable trail ... Brilliant.
__________________

Sell Patches & Pills
emthree is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 01:13 AM   #15
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
Best practices:

Encrypt the password in the DB using something sweet like MD5 or SH1.

#1, Then when someone types in their password, the login script encrypts what they wrote and checks it with what is in the DB. If both encrypted passwords match, the person typed in the right unencrypted password in the form.

#2, Make your password for the affiliate. If you did #1 correctly and someone can't decrypt your stolen DB, it doesn't matter because they stole the unencrypted DB of your competition and guess what, 85% of webmasters use the same password EVERYWHERE.

#3, Have them create a secret question that must be answered with a phrase. Don't use stupid questions like, what is your favorite color. 70% of the world prefers blue and 98% prefer a primary or secondary color. That leaves only 9 colors to play with and you are in on EVERY account. A better question would be, What is the best part of your lover: and it should be answered with a phrase. She has a great ass. The script would check for a minimum of 3 spaces and a length of atleast 16 characters. This way you know it was a phrase...

#4 Answering it correctly would send an email to the email they signed up with. They should not just get direct access to the account.

#5 Emails must be from ISP's, not free accounts or domains owned by the affiliate. Hack their server and you get to read all their email.
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 01:40 AM   #16
The Other Steve
Confirmed User
 
Join Date: Dec 2001
Location: Sunny Queensland - perfect one day and better the next.
Posts: 2,106
Quote:
Originally Posted by iBanker
I put a little thought into that as well, but the fact is most affiliates don't put in their phone number. And its Funny, alot of them have the same number "123456789". They must all live at the same house. I think they think we want to telemarket stuff to them. lol

I really wish more did, it would be easily solved that way.
I understand mate but I find the unwillingness of some people in this industry to use the phone to be amazing. It's the fastest way I know of to get a problem resolved.

We had a minor hassle with a host we use in Holland so we emailed them - two minutes later he rang us and 30 seconds after that the problem was solved.

Try getting that sort or resolution by exchanging emails ...

There is no quicker and surer way to overcome problems but by verbal communication - emails and instant messaging leave too much to chance because important things like the tone of voice are missing.

We did actually have one sponsor call us one day - and it was one of the most helpful and informative contacts we've ever had with a sponsor. It sure beat newsletters and emails.

In our business we often call clients who are about to pay for orders just so they know that they are dealing with real people - it's amazing the difference a phone call can make.
__________________
Left intentionally blank ... just like my brain
The Other Steve is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 03:43 AM   #17
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
You must have been talking to Mike the Bike..
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 11:41 AM   #18
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Quote:
Originally Posted by V_RocKs
Best practices:

Encrypt the password in the DB using something sweet like MD5 or SH1.

#1, Then when someone types in their password, the login script encrypts what they wrote and checks it with what is in the DB. If both encrypted passwords match, the person typed in the right unencrypted password in the form.

#2, Make your password for the affiliate. If you did #1 correctly and someone can't decrypt your stolen DB, it doesn't matter because they stole the unencrypted DB of your competition and guess what, 85% of webmasters use the same password EVERYWHERE.

#3, Have them create a secret question that must be answered with a phrase. Don't use stupid questions like, what is your favorite color. 70% of the world prefers blue and 98% prefer a primary or secondary color. That leaves only 9 colors to play with and you are in on EVERY account. A better question would be, What is the best part of your lover: and it should be answered with a phrase. She has a great ass. The script would check for a minimum of 3 spaces and a length of atleast 16 characters. This way you know it was a phrase...

#4 Answering it correctly would send an email to the email they signed up with. They should not just get direct access to the account.

#5 Emails must be from ISP's, not free accounts or domains owned by the affiliate. Hack their server and you get to read all their email.
Those are some great suggestions. I am going to pass them on to my programmer. Thanks a lot!

__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 11:47 AM   #19
Nathan
Confirmed User
 
Industry Role:
Join Date: Jul 2003
Posts: 3,108
Chris...

hope you'll take a suggestion from me... (no bad blood and all)

Although V knows his stuff, his #3 idea is good but might cause more problems.. I am sure he has his reasons, but I have yet to find a reason why a simple email system is a problem. Meaning:

Simply have them type in the username and the email they signed up with. If the info is correct, send a new password (or the old one if you do not store it encrypted) to their email address on file.

I understand the idea behind the secret question, but like V said, you have to make it COMPLICATED to make it secure. No wonder Paris's Sidekick account was hacked.

The only reason some places have a secret question setup is so that they do NOT have to send an email out on requests. They just let them enter the password again then.

As long as you do not display the password somewhere but email it to the account on file, I see no problem with this kind of stuff.

V, your input on my oppinion would be appreciated.
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger
Nathan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 11:50 AM   #20
Antonio
Too lazy to set a custom title
 
Antonio's Avatar
 
Join Date: Oct 2001
Location: Spartaaaaaaaaa
Posts: 14,136
my middle name is Edited, gimme your IDs, passwords, and while you're at it CC numbers + the CVVs, thanks
Antonio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 11:50 AM   #21
iBanker
Confirmed User
 
Join Date: Dec 2004
Location: San Diego, moving to Portland.
Posts: 2,758
Quote:
Originally Posted by Nathan
Chris...

hope you'll take a suggestion from me... (no bad blood and all)

Although V knows his stuff, his #3 idea is good but might cause more problems.. I am sure he has his reasons, but I have yet to find a reason why a simple email system is a problem. Meaning:

Simply have them type in the username and the email they signed up with. If the info is correct, send a new password (or the old one if you do not store it encrypted) to their email address on file.

I understand the idea behind the secret question, but like V said, you have to make it COMPLICATED to make it secure. No wonder Paris's Sidekick account was hacked.

The only reason some places have a secret question setup is so that they do NOT have to send an email out on requests. They just let them enter the password again then.

As long as you do not display the password somewhere but email it to the account on file, I see no problem with this kind of stuff.

V, your input on my oppinion would be appreciated.
No bad blood at all, and your imput is appreciated. You solution is essentially what I am doing now, so that makes me feel like I'm going the right direction so far.

I'm just blown away that this has happened 2 times in one week!
__________________
www.JasonandAlex.com
Christopher's ICQ: 268-843-170
iBanker is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-30-2005, 12:00 PM   #22
Nathan
Confirmed User
 
Industry Role:
Join Date: Jul 2003
Posts: 3,108
Quote:
Originally Posted by iBanker
No bad blood at all, and your imput is appreciated. You solution is essentially what I am doing now, so that makes me feel like I'm going the right direction so far.

I'm just blown away that this has happened 2 times in one week!
You are right, its scary enough that people try at all.. but twice in a week.. scary...

Anyway, unless V has some valid point against this simpler system, I would definately go with that, I have not seen any flaw in it yet...
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger
Nathan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.