if nats doesnt come near cc info and that is the case, then thanks for pointing it out and i apoligize to nats for my suspicions

50..avn articles about nats

No worries, it's okay to be suspicious when it comes to cc info :)


Overall this article is lame, not news, and anyone that thinks they will exit nats and find the golden path of perfection isn't getting on cloud9, they rolled up and smoked cloud9.

Any program that drops nats to open a new program/backend will be exploited/hacked within 6 months. Anyone that doesn't agree with that shouldn't open a program.

I agree there. It's better to keep moving forward and deal with each problem as it rolls out. I have only seen people who don't actually run programs coming up with all the scenarios that they think are how it works.
Guys...if NATS was really the horror story that you portray we would all drop them and either build our own or go back to single processing. Who knows? Maybe we'll all jump to CC Bill's new backend anyway. :)
Bottom line is...you just keep going forward. It seems like there is a lot of negativity here but no real productivity. I've been posting on this thread in between adding galleries to my tgps. I hope everybody else (except minusonebit of course since he isn't really in this business) is just posting here to take small breaks from what we all really do: Make money and kick ass. :thumbsup

no way programs are going to drop nats. Atleast with nats the cats out of the bag and we have locked shit down. It is not as easy as you think for an older program to just up and change back ends. It would be biz suicide. How many affiliates would they lose? Much more than you know. I prefer promoting nats programs because they always convert and are much less likely to waste your traffic then some guy who has his finger on the shave button of his homemade back end.

I would say at this point it might very well be a question of "how many affiliates would they gain". :2 cents:

See thats the thing that doesn't make sense to me.

Fact: we know it was a password list that was obtained from TMM some kind of way, either a server hack, someone leaked the info, etc... some kind of way their admin account info for every client was released.

They say they noticed "this" problem months ago but thought it was isolated and they thought they fixed it.

Question: If you noticed that a few clients were having someone accessing their servers using your NATS admin account info, why the hell didn't you check all of your client's servers that you have access to.

Most likely answer: John probably blammed each of the people affected months ago and passed it off as their servers were hacked. I would bet he didn't think the problem was on his end so he didn't bother to take a couple mins to randomly start logging into clients servers to see if NATS admin accounts were accessing those servers 10x a day. He said this much in the first couple threads posted here a couple weeks ago. he siad the most likely answer was that the clients server was hacked.

If i am wrong please explain to me what I am missing here.

Do you understand what goes on in this business at all? Really understand I mean? Not this fake nats hack drama shit.. clearly not.

If you think opening your own software provides a golden path, then you are mistaken due to a lack of experience. If you think it will make you more secure, you again would be incorrect. Software does not make you secure.

The only problem around here is people like you putting your trust into software. Your security is YOUR responsibility, period! Every backend has been hit in some way, if you don't get that then I'm sorry.

I'm defending logic, not NATS.

TheDoc is as biased as they come. He does work for Nats, do you think he is going to do anything less than defend them. He has been biased from day one and has posted in just about every thread thrying to down play things, say only emails were taken, he said all people using nats was fine now (all clear) even microsoft has problems, everyone gets hacked, your info is already out there so why worry about it, etc etc etc etc.

i think i will pass on posting that thanks

lol good god man, too bad nats didnt tell you first..
you obviously know very little about servers, if your database is slow then your sites contacting it are also slow..



wow something even an imbecile could do . but nats somehow couldn't :(
yes actually i did , you made a false statement exaggerating what was said in the article, i pointed you straight , now you are bitching about it.

nope , do you own a vanilla ice album ?
speculating about what ? i have been inside nats sponsors as an admin yes , so i know what can be done.
don't know what could be worse than someone that could take all your credit card signups until you noticed.. thats about as bad as it gets.

but hey dont trust me , let me run a javascript on your signup page and find out.

thats just your opinion i suppose , i have been here since the internet started and i would rate it as pretty deep, and we wont know how deep until each and every sponsor has been hand checked or upgrades

then how in the world would you say a price structure of emails in the article was wrong if you have never bought them.

thus the large elaborate hack to steal emails was worthless :Oh crap
people buy and sell emails, really ? omg i didnt know that ..

and this would be coming from your experience in never buying an email list ever.. ok then.. :1orglaugh

you have been reading those "1 million emails for $10" spams again havent you. LOL




lol i dont want to buy yours you already admitted you got hacked so yours are now worthless.


obviously, because you fail to realise thats about what they cost
so you make up an exaggerated story and a fake promise to sell your emails

:1orglaugh:1orglaugh

ok then. lol


people get broken into every day , but if your house was broken into because someone hacked your alarm companies passwords and they knew about it but didnt notify you , perhaps its time to find a new alarm company ? just a thought.

Now i'm certainly not advising sponsors to drop nats , do what you think is best , but if you dont factor trust into the equation you are asking for trouble..
:2 cents:

thats exactly what happened. a couple people mentioned reporting to nats and being told it was their password not nats , only to get rehacked several more times.

I don't understand this.

They were "aware of the problem a few months ago". Wasn't "the problem" that someone get access to the master list of NATS admin account info for each client's server ????

So the must have thought that someone got access to a couple different client's NATS admin login. So they "fixed" the problem by deleting that account?

Is it me or does all of this sound like bullshit? unless there was a different problem happening "in the past" then it has to be the current problem which was a list of NATS admin accounts that got released.

Why didn't they check their other clients accounts? If what i said above is the case, why didn't they just for 1 second entertain the idea that maybe something was breached on their end and it wasn't each client independently that was the fault or source of the problem. Why not just take 5 mins and randomly check a few other clients and see if the problem was happening to anyone else ?

I don't get it?

They were confident they had fixed the

Damn Smokey...I didn't realize how fucking stupid I am. And how smart you are. Who are you again? And what do you run? And what site were you the admin for NATS with? I'm not asking that in a mean spirit. But since you know so much more about the internet than I do, I just wanted to know who I'm talking to.
You can offer your opinions all day long. Show me how successful you are by identifying yourself so I can know how much weight your opinions hold.
I have told you what the reality is. You can continue to make conjectures 'til the cows come home and it doesn't mean anything my friend.
I see things differently if you don't mind. I see the whole situation as me being responsible for myself. I don't need NATS to tell me that my shit is being broken into. And that's exactly what I did. Yes, we asked questions when we saw strange things.
But I didn't expect some third party rental software to give me answers. And sure enough they didn't. So stupid ol' me, who obviously doesn't know shit...well we took care of it ourselves. It was pretty simple to take a look in mysql and see what was happening and handle it.
It's nice to know what happened after the fact. And I'm very interested in finding out when everything washes out. In the meantime I'm just gonna keep making money. I could give two shits if it's with NATS or some other backend.
Now please, let's stop quoting each other. You are obviously some old school guy...maybe one of a handful who have been around longer than me, and you are toying with me with your vast knowledge. I surrender.
I would just like to say...unless somebody has a positive direction to go in then it's all just negative.
My solution is FIX THE PROBLEM. Then direct your energies back to making money. And people should do whatever they think will make them the most money.
If nobody wants to promote NATS sites. More power to you. If you're scared that some hacker is going to steal your info...I don't blame you one bit. If you think there is a better backend that can not be hacked and/or would alert you much faster so you don't have to worry about your own security, then please only promote the sites that use that backend.
Everybody has their own preferences and their own ideas on how to make money.
And again, I don't know who you are. Smokey The Bear? Okay, you're either a cop or a spokesman for firefighters! LOL! I'm just kidding with you.
But my name is Robbie. My nickname is "Robbie". I was born "Robbie"
No smoke and mirrors here. Just me explaining how I see this whole thing.
If you think this is a big deal...then more power to you.
I don't. Maybe I somehow got "lucky" and just happened to know a few things that went down over the years that you weren't privy to somehow. Who knows? Who cares?
Let's all make some money and feed our families. This "crisis" is past for the moment. Maybe tomorrow somebody will hack it again. How can any of us know? Maybe tomorrow somebody will hack a major bank again.
Can't predict the future. But I can deal with it when it comes along.
I wish everyone else lots of fortune in 2008 and keep a positive, productive attitude and be prosperous.
Later guys...

That's funny, best out of context text ever!

I have had to keep posting, if you guys were to keep going so much bad and wrong info would have been posted by now. My god, so much wrong info has already been posted that I have had to prove was wrong, like this cc info - it still isn't dead, should be now though.

And us program owners have known this forever man, you guys think it's a huge conspiracy of sorts. Please, program owners are just happy it's fixed so they can be the only ones spamming the members. Their friends are buying the lists and they don't care, don't you guys get it at all?

And my data, was secure, like lots of nats programs we had proper protection in place. So I think you guys attacking NATS in general hurts my program and other protected programs.

So yeah, I will continue to post as long as you guys continue to post wrong information or people ask questions.

None of this means that the hacker did not install something else on the server to store the cc info elsewhere until they were collected, nor does it mean that the data was not compromised as a direct result of the NATS breach. No one knows partly because TMM is not being forthcoming with detailed info. So far, all we have out of them is denials as to what supposedly did not happen, what did not get breached and who did not do whatever. They have apparently now had almost a years and a half (18 mos = 1.5 years) to investigate the matter and they still claim to not know what the deal was or exactly how it happened.

This whole "Oh, the CC data is safe, but everything else on the servers is toast!" is just bullshit. Its like this constant splitting of hairs that - "Oh, it wasn't NATS that was breached, it was a server in TMM's office that got breached. Stop pissing on NATS, M1B, you asshole!" At the end of the day, it does not matter whether it was John's server, is blackberry, his laptop or his cordless phone that was incompetently managed, nor does it matter what order the devices were compromised in. At the end of the day, the result is still the same. Data lost and people got fucked.

Man, this as any other NATS thread has so much spin to it that my head is all dizzy just reading some of the responses of the usual suspects...

Slowly that rug is growing to a size that someone might actually stumble / fall.

Now THAT is what I'm talking about! fuckingfuck...you are the man! None of this pussy ass whining shit for you! :thumbsup

NObody ever had access to a server and this is impossible through the admin.

No, we are able to exactly see what they are getting.

I said before this isn't new, nats has been the target of several exploits. I'm sure those exploits is what lead to the first nats pw leaks, duh.. Then NATS getting hit 2 times didn't help either.

You are correct and NATS got hacked and they did the legally correct thing and let all Clients know. We can only hope he learned from the lesson, just like 100's of owners learned that security is your responsibility.

I know from each hack/exploit that I have had from the 10+ years in this business I learned and improved each time. Live and learn.

When NATS was sold to the industry, it was pitched as tool to keep the program owners honest by stopping shaving. TMM worked very hard to spin this on the boards and pretty soon affiliates started demanding NATS-based programs. The idea was that John's software, which could not be touched by the programs - would be unshaveable. Thats all good and well and had it actually functioned that way, it would have been a good thing for the industry. But these kind of things never work out this way.

Anyone who has taken college level (for that matter, probably high school level as well) courses in government, public service, democracy, world history and the like knows that concentration of power is a dangerous thing. We saw this in Nazi Germany, here in our own country and just about everywhere else throughout the world. The thing is that TMM was saying to affiliates: "Hey, trust US. We have YOUR best interests at heart. We wont let you bring in an independent third party to audit our code to prove this, but we do. You don't wanna get shaved, do you? What? You still don't believe us? You good for nothing board whore, if you publish that, We're, gonna sue you for libel!" and this has worked for a long time for TMM. They have made a good run of scaring their critics into silence and programs into using them. And this concentration of power led to the ultimate in lax, completely incompetent security: a list of passwords sitting on somebody's server.

Given the choice between NATS incompetently managing my personal data and the possibility that a dishonest sponsor *may* shave sales, at the end of the day I'll take the possibility of shaved sales. Its a small price to pay. First off, most program owners are honest, most of them are very generous with their affiliates and most of them would not consider - so its not even a really large risk. Second, dishonest people always get caught at their games eventually. iBill's greed eventually caught up to them. John's incompetence and/or crookedness has caught up to him. If you believe the story that PornGraph was actually sold before the trojans went on, then you can see it caught up with the new owners as PG is no more. Finally, program owners who fuck their affiliates through shaving probably fuck their employees, contractors, business partners and talent as well. By proxy, this means they likely already have a bad reputation and everyone knows who to stay away from anyway.

that had abolutely nothing to do with what I posted. I never made 1 false accusation. Yes Doc we get it, everyone's personal info is all ready all of the net, all programs get hacked, the people only took emails and didn't touch anything else, and all nats servers are completly ok now. I don't even know why anyone should have posted about this Nats issue in the first place, after all it happens to all companies. :upsidedow

So what is it you do, provide rss feeds or something like that for nats ?

I wonder how much NATS is paying their lawyers to read GFY print outs?

No, I don't provide rss feeds for TMM, I created my own NATS plugin that attaches to NATS, rebuilds your hosted galleries, allows for auto updates, and much more. NATS doesn't support it or sell it, they complete with me on rss dish.

I have it for MPA3 too, if that was your point.

It's fine that it hit the boards, it's good that it was corrected. The problem is it has been corrected, it's not a problem now, but you guys just won't drop it and keep dragging it through the mud.

Of course you don't care, you don't own a program.

And he is correct and Webmasters still have that trust.

You are being a little single minded.. Think of it like this. If I posted my ProgramA was breached and your data 'could' have been post, I won't lose any webmasters, even after it's posted on GFY. However, if someone posted a shaver script with screenshots in my program, I would lose most of my Webmasters and Clients.

Huge difference in trust with these things, I think people trust the program for data security, not the software.


You would think that.. You really would, but honestly people got fucked by Ibill for like 2 years afterwards. People don't care, don't listen, it's all about the greenbacks. And some of the biggest programs are scamming freaks but are loved by Webmasters.

It's a crazy business.

I'd worry more about the number of trees that are dying to print out GFY. Hell, I have already gone through a set of toner and six reams of paper on this mess.

there you go exaggerating again , i never claimed you were stupid nor that i was smart.
if you asked me politely and it had anything to do with the conversation then i might tell you, but seeing as how it doesnt have a single thing to do with this thread i won't..

alot of questions. what do any of these questions have to do with the facts as i have laid them out.
then don't ask in such a rude fashion :2 cents:



your words not mine..
my name is above each post.
the difference is my opinion is based on facts that any nats employee can verify.

i could give a fuck less if you don't believe facts

that a server going down 15 times in a day is "bringing a server to its knees" ?

That you think running a nats database on a slow server would have no effect on the functionality of your sites as long as they are on a sep server ?

that you don't understand how someone having the master nats password list is a serious breach ?





anyone can simply verify my facts with nats or anyone with experience in the nats admin

i dont mind if you see things incorrectly :winkwink:

and most everyone else feels differently :winkwink:

answers about why they lost the master password list used to view all your nats info

:Oh crap i sure hope any affiliates arent reading that ..

i had a porn site before the internet started :)

[QUOTE=Robbie;13595389]
My solution is FIX THE PROBLEM.
[/quoter]

we are on the same path , just my idea of fixing is to make sure you have isolated the problem first

:thumbsup:thumbsup

Smokey there was no "Master Nats password list" There was ONE LOGIN that they used to do maintenance on everybodies NATS setup. And since you are a former NATS employee I have no idea why I am having to explain this...especially since it's already been said 1,000 times in other posts.
Having a single user/pass for them to log in and do upgrades etc. wasn't such a great idea.
A worse idea was all of us who didn't delete that user in the beginning, before anything happened. Leaving it on there is totally optional. And a LOT of program owners did NOT leave that on there and were NOT hacked. A lot were. We were one of the ones who were slack. Not the stupid NATS program. They had a flaw...we didn't protect ourselves by realizing it...
But again...YOU ARE INCORRECT....THERE WAS NO MASTER PASSWORD LIST. Every post you make like that shows your true knowledge of this particular situation. Damn...

:1orglaugh:1orglaugh:1orglaugh:1orglaugh:1orglaugh

They wouldn't gain a single affiliate that could make a sale by switching :2 cents:

so what , all that makes it is even more ridiculous, what does it matter if one password was compromised or all of them were.


add that onto the list of lies/"exaggerations" you have made

understatement of the year

and even worse you werent told to do so.

you are wrong , there is a master password list , there MAY have only been one username with access to sponsors and one used to hack the data , but this is a rather trivial point and such a silly thing to quibble about.. you rant on for pages and your only comeback is " there is no master password list" :1orglaugh , if your bank account was hacked would you care if one password was used or 2 ?

shows how much you know :thumbsup , you should do some research before you scoff, many of us aren't young uns, there was lots of porn sites well before the internet :thumbsup

I have gota start making more crazy posts like this.. I have never had more publicity or fun over a comment. Oh wait, that isn't true the post(s) about Review Sites is still my fav.

I wonder how much the retainer fee is and if they already blew through it with printing out GFY threads.

"For June 1, 2006 to May 31, 2007 the rates are as follows: 20+ years of experience, $425 per hour; 11-19 years, $375; 8-10 years, $305; 4-7 years, $245; 1-3 years, $205; and Paralegals/law clerks $120"

THe guys at MPA3 seem really nice and patient, where as John from nats seems like the evilchris type of guy, don't get me wrong this is just from observing the drama that goes on but from an honest opinion from the outside even though I agree minusonebit is a retard, John isn't handling this well at all.

:2 cents:

I am amazed at all the responses here. The "BRO CLUB" is deep...

all i can say is that if i lost any data, (email, personal, members, etc) due to a 3rd party application, i would be pretty pissed off...

Word, too much dick sucking going on here.

i've posted raw apache access logs of 6 months ago which showed the issue
has been on much longer than initially was assumed

You, sir, are so very very wrong on this point. JohnA even made a post to clarify this, but I can't be arsed to find it.

At last someone comes in with common sense. It does not matter if the servers were brought down, to their knees or slowed down. What matters is NATS, as we all know, were well aware of this issue. There had been numerous warnings that email addresses were being compromised. They failed to look at it properly. Even when they had it brought to the their attention in a way they could not ignore they did not fix the problem properly, did not warn other clients and tried to stop the information getting out. A C&D is a legal letter and a threat.

So the question is why did they take so long to look into it, not fix it and try to keep it quiet?

Incompetent and don't want people to know. Or. Dishonest?

There are no other answers.

Yes I feel for the companies that went the way of NATS. But you made a bad decision and did not keep a good enough control on who you were dealing with. As Chimera says you can keep burying your head in the sand and stick with a company that's incompetent or dishonest.

Heaven help us if they had put up a site with a few magic join links.

Another great post. They are arguing with him because he's saying things they don't want to hear and the only attack they have is to attack the messenger. Because the message is best ignored.

All those email addresses getting spammed is not proof?

Another great post.

If we are to believe TheDoc then hacking is a real problem. Hackers are very devious, persistent and a threat. So why is he supporting someone who clearly does not think they are? Someone who ignores to look at the problem properly?

Now are TMM bright enough to program something like NATS and so dumb they do not understand that hackers are a problem? I come back to the same question every time, incompetent or dishonest. They have to be one or the other.

I think the issue of the emails getting spammed was raised a long time ago.

Yes I know.....but I backed it up with logs.....it was raised something like
2 years ago if I remember correctly

With TheDoc telling us how so many big and secure programs get hacked, how easy the hackers get in and hew common it is. One has to wonder what TMM were doing ignoring it and not even thinking it might be more wide spread than the few who put the proof in front of them.

Why were they so convinced it was not a wide spread problem?

Paul and Will76, did both of you end up with the short ends of the stick?

Yeah, we know hacks/exploits targeted at NATS have taken place for years. Every host, program owner, and webmaster knows this. It's not some secret that you guys want to find out about.

NATS job is NOT to provide security. It’s to provide a program backend, only. YOUR job is to secure it, your hosts and yours, period.

So how did those accounts get breached before? That's very simple logic, let me help. When a NATS "Machine" is exploited they got your ass, your pw's, ect.. (Exploits targeted at NATS machines happen daily) Once they have the admin data they can start running the bot that pulls the data.

So get it through your heads, NATS thought the attacks were different. Different enough that even Admins at the same host didn’t know it was the same attackers.

Why don't you guys go bash the Program Owners who failed basic 101 security? Why not yell at the hosts they host with? NATS job is to provide us the software, not the security.

I put my trust into my host, and my own skills not in software that I have ask for support on and can’t modify myself.

John should definitly comment about the investigation and keep everybody that was affected (affiliates and sponsors) updated... At this point, keeping the investigation behind closed doors after having ignored the problem for so long will only make people logically there are some kind secrets they want to keep.

yea are they bringing out their own affil system or something?