why do you care, you don't even have an affiliate program

Perhaps his details have got into the wrong hands if hes joined nats programs :2 cents:

The TMM login name seems pretty generic and long. AFAIK, there isn't one master access user/pass that accesses all installs.

John said in another thread that it "fully appears to be a compromised password list", so I guess the TMM passwords all got out somehow.

Looks like that's all closed now as he also stated "We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future"

So, to summarise, since John's last post has gotten buried in a lot of FUD

It looks like a password list has gotten out so NATS owners should contact TMM to see if their customer data has been compromised. OC3 ([email protected]) have also said they can help people with this.

TMM have or are in the process of changing all TMM passwords throughout their client base.

TMM have now taken additional security measures by not storing all passes on their end to prevent this happening again.

TMM are adding additional security measures (1-way encrypted passes) in future NATS releases.

So, if I'm not mistaken, any current NATS owners should now be secured (or over the next day or two) from further compromise via this route.

But, in all, everyone, nomatter what software you use, should take database security very seriously and daily audit any accounts (ssh/mysql/web-based) that have privilege access.

Looks like this issue has come to resolution, so I'm off to enjoy my holidays :thumbsup

It wouldn't be the first time it had happenned and it wouldn't be the first time someone got an admin's password and used it on other machines either.

I thought NATS were more security conscious than most though

The lawsuit might be coming, but in a different direction.

NATS haters unite..lol. TMM is awesome and unliKe most other companies in the industry are on the problems before or as they happen. Its funny you see the shady programs come in here to bash nats when they are the most suspect. Your stats scare the shit out of me....0/10ooo+.

DO NOT TRUST PROGRAMS THAT HAVE CUSTOM BACKENDS. THEY ARE THE ONES TO WATCH FOR.

thats funny because they were aware of this problem many moons ago and yet instead of fixing the problem they put the blame on their customers. meanwhile MY personal information was stolen.. that doesnt sound like being "on the problem" this issue has been going on for MONTHS.



you must be the "exception" to the rule , i have never seen any sponsors "bashing" nats , and i think any long term webmaster has noticed non-nats sponsors perform better as a whole.

like nastydollars and bangbros , industry leaders ?

p.s. i should also mention at this point that one of the only sponsors i have heard from that WASN'T hacked was mayors money, and this is because THEY went thru extra security measures above and beyond.

big props to mayors money, your info is secure

i wonder if one of their security measures will be to listen to their clients and stop blaming their customers for their own security problems.

http://www.mayorsmoney.com/
http://www.score-group.com/
http://www.evilgneiuscash.com/
http://www.dukedollars.com/

I haven't checked everyone and as I do have updated - corrected them. Thus far, these 4 programs do not have any logins from that IP.

This is a short list of the SEVERAL that use the NATS built in security features that protect your members, webmasters, and admin data.

NATS has the security features already - question is which sponsors are using them?

While that certainly is a possibility, there's no indication that this has occured.
It so far just appears to be a harvest of emails

You need to be checking not for just that IP, but *any* IP on the TMM account that isn't TMM's (67.84.12.95)

Mod to above post, wrong URL for score, duh..

http://www.score-cash.com/ (clean program)

Aye, I know this.. When the NATS systems are IP locked, nobody but the allowed IP's can access the backend.

i would find it very unlikely they "only" grabbing emails of members.

the bot is likely used to maintain the list thats why it accesses so often but the affiliate info would likely only be grabbed once making it alot harder to spot amongst the hundreds of email grabs :2 cents:

Why do you care, you are just a contest whore, amazing you are actually posting in a thread that is not a contest, you silly fuck.

True since they full access they probably collected much more... I just posted what we discovered back in October 2007

https://gfy.com/fucking-around-and-business-discussion/794159-nats-issue.html

Perhaps I'm misremembering, but I coulda sworn that affiliate passwords were displayed... is the encryption something that's changed in the last eighteen months?

And even if passwords are not available, I do, certainly, remember the 'become reseller' option... can affiliates examine their own password via their account's interface, or no? If "no," maybe the case is that I've misremembered, and would appreciate confirmation on that.

Been awhile, and I don't have an updated version of NATs in front of me to play around with.

Add TastyDollars to that list.

We had 1 login from that NATS admin account and the date matched on the day they were doing some work for us.

We have also deleted that account just to extra carefull.

Ray

I wonder if anyone tried to warn people a long time ago that they had serious security issues but was bashed by all the guys John bought drinks for.

Yes, this is true. Both affiliate (including admin users who are stored as affiliates) and members (surfer joins) are stored in plaintext.

PURE FUD.

QuickBuck has not been compromised in any way.

You're a fucking moron :thumbsup

:thumbsup:thumbsup

then again , if the head programmer at nats has his password compromised its likely they "could" use nats ip to connect and get the info the same way.

Raises hand.

You're just an idiot that nobody takes serious. You didn't warn anybody of anything. You don't have nor have you ever had any insider information about nats or anything else. Again, you're just a broke tool.

You're a fucking dick. Thanks for the compliment.

As mentioned in this thread previously by Uno, our 'version' of nats, has been 'customized' to such extent, we no longer recieve updates from NATS(TMM). This also means we have been taking measures to prevent issues such as this one, via additional security measures that were taken almost 2 years ago.

In a nutshell: Our information is safe.

This is a constant struggle for all of us and we're doing our best to make sure our systems and sites are as safe as they can be, on a continuous basis.

I am sorry to see others have problems, but it is definately not the case for us.

Search in the history dumb bitch.
I have long stood against NATS/Porngraph for quite some time.

So technically you're not really "with NATS" then ...

maybe so, but they certainly don't fail when it comes to compromising users PC's, or allowing 'rogue' affiliates to steal content from other programs and promote Quickbuck join pages, or using other malware to pop your join pages over other programs join pages.

smokey, let me ask you this, wouldnt there inherently be another backdoor that nats uses to get into the server to report back to nats what plan level the account is at for billing purposes?

That is correct. But it 'still' is their software, so i prefered to clarify. :)

Rico - if you have a moment, could you hit me up please?

Thanks

more like industry cheaters

aren't these the same guys that only show 1 out of every 100 hits that end up in their system?

yeah, you may have 1:100 ratios, but they are only counting 10% of your traffic, hahaha

when I was a drug dealer my sister in law kept telling me for 3 years that I would eventually get busted

sure enough, after drug dealing for 3 years I got busted

does that make her right? lol

Kind sir, would you be interested in some swampland and a couple of bridges I have for sale?

Sure at the same time I grab some of that traffic adept traffic.:1orglaugh

Given how gullible you are, you probably wouldn't know what to do with it anyway. :)

and could you please explain the the world what exactly i am gullible about?
If you got some dirty secret about how Ron Paul voted a certain way, did cocaine in college, cheated on two wives, voted for the war, voted for bigger goverment, voted for preemptive invasions of nations that have no chance of hurting us, PLEASE FILL ME IN.

ps. please provide facts with your assumptions.

:1orglaugh yes it does.
You should also stop dippin' into your supply :1orglaugh

Aliens a moron, but even a broken clocks right 2 times a day.

no you have the wrong sponsor, nastydollars and bangbros have pretty close stats , your thinking of sponsors like realitycash .

Math obviously isn't your forte.

at least realitycash says they count "qualified hits" or whatever

bangbros just doesn't count hits...AT ALL

I sent them at least 10,000 hits a while back and saw maybe 100-200 in their admin

i believe there were a few more affiliates that posted on gfy about the same problem....they sent a bunch of hits and maybe saw 10-20% showed up in the admin

the fact is, the adult industry STINKS to high heaven these days, cheaters and scammers have run wild for years now, and that seems to be all that is left

hell, even a few of the largest program owners have been publicly OUTED for scamming or cheating affiliates, and they still get high fives!!!!

you got that right, I suck at math, completely

but if you missed the point then intelligence isn't your forte

Everything is hackable, every program, every server, every host, at some point, some software, something can have an sql, apache, unix, nats, email from - ect related.. Very common.

NATS has never had a way to approve/disapprove an affiliates sale, ever. Please get your facts straight before posting such slander.

so does bangbros
i don't disagree there , i have noticed similar things with bangbros but there are lots of other factors such as a qualified hit may be a "unique" ip not a "unique" hit for your ref code

nastydollars counts hits perfect

but hey you are arguing a moot point , i think most webmasters have noticed nats sponsors don't convert as well whatever the stats say. , all my top sponsors use custom backends.

can't argue with that for the most part :1orglaugh