AVN: NATS/TMM Breached for More Than a Year

NATS/TMM works with the clients and the clients work with the Webmasters. And I don't think after a week NATS had much of an update for us.

I *think* they meant that the activity in the nats admin account was slowing down the server.

I know NATS fucked up big time, but comparing them to nazi germany?

You are totally clueless when it comes to Marketing...
Harvested emails are worth nothing.
Confirmed porn buyers (credit card + confirmed working email) are worth a TON.

Are they investigating the money trail or not ? There was NO statement from what I have read that said anywhere that they will take the proper stepts to report this fraud to the authorities or investigate at all.

I think the money trail has been exposed already.. Question is will people out who it is. Email lists are easy to pawn off as purchased from others too :/

I think TMM is on the hacker trail - but only being a week afterwards I haven't asked

The money trail has been exposed by webmasters teaming up and asking questions... that's beside the point.

Why are NATs not letting us know they are looking into things if they are ?

I dont have a horse in this but just from reading all of this your trying way too hard.

Wow, now im am complete. I feel so accomplished now. maybe we should all call minusonut a bro so maybe he will get off our industries nuts.

Not that it matters I will state again that I dont know one single person at nats other than when I need something done to my proggie. I do push quite a bit of traffic to all types of programs, and Im not talking the couple hundred clicks most of you part time affiliates push, and I know for a fact that most of the nats programs work a shit load better than some of the other garbage back ends some of these shady ass programs have. I work it from both ends so I know what proggies to stay away from because of their homemade backend. Nats is great software for sure. Atleast We know about what happened with nats and that its fixed. Im also sick of you bitches that call yourselfs adult webmasters trying to ruin a biz that in reality you are not even part of. Let me spell it out, if you have been in the biz more than a year and your not pushing atleast 10000 uniques a day somewhere, then you are NOT and adult webmaster and should keep your limited knowledge to yourselfs. You just sound like the idiots that you are.

No worries Tony, I'm done with these two tools. They read past the answers and modify their own questions for personal benefit.

How exactly would NATS follow the money trail? Wouldn't it take Webmasters to team up and expose it for them? And I know who they are, so what? NATS can't sue them.

NATS is looking into things, they have stated they are hunting down the hacker. Of course they can't comment more, I wouldn't either, nobody doing an investigation would.

Logic people, logic...

It´s not their job to provide security of their customers servers. But they - NATS - required a server access. So it´s their job to take care of it.

ORLy? which host would this be then???

Umm.. Well the old apache exploits/admin targets came in through VOIP IP exploits and not from the FL IP. So previous admin/attacks came through server level exploits first, once they had access they exploited the data the exact same way. This is why NATS made the admin/webmaster pw's one way, so they can't be pulled from the admin. A security step by NATS, mind blowing I know.

Hosts didn't know it was the same attacker each time doing the same thing in different ways. Not until recently at least and once people started posting on GFY, then people put two and two together, we saw it right here, live. Yes, I'm sure a couple of hosts knew something was going down, but they sure as hell didn't talk about it, fear, pfft..

If John ever threatened me for exposing an exploit I would have blasted his ass all of the boards. Anyone that wouldn't do the same is weak minded.

NATS has a ticket system. You have to post in for all support, ect. And icq history for those they talk to on ICQ. If all these clients really had these problems, threats, ect about the hacks/ips, exploits then why don't they just post the tickets? I'm sure people have tickets, I do, but they show NATS helping and not threating.

NATS isn't perfect, boy it's far from perfect. Clients already knew this - guess it was only time for Webmasters to find out. Support isn't the fastest, they don't always work on weekends, and you don't always get the right support person smart enough to help with your complex problem.

And since NATS doesn't monitor my NATS/server 24/7 - I take security into my own hands and my hosts, as it should be.

so you're saying this recently exposed hack was done by the same guy that did the previous exploit?

They better shut up about all this until they have concrete answer backed up
with facts and/or proof in a well written statement.....the guessing and
insinuations aren't doing any side good at this point.......well except for
entertainment of course........fuck it.....continue

I think it's the same group attacking us for the last 10 years. That damn voip exploit to connect and pull data works the same, but it's a different way of doing it. Either way the same method of getting the data was done and back then it didn't have to done through a nats admin account.

So other than the login ip - no I don't have any real proof it's the same people. Other than over the last several months. But my point was more than they attack us in several ways - but they always appear to get the data the same exact way once they are in.

Do you have something that points that it's more than one group/person?

Ok I'll bite this whole discussion about the hack, and how it was possible
to have happened....added with all the bullshit that every program could get
hacked just as the servers they're on.....that's all nice and dandy but it's
completely irrelevant to the argument........


Well ok....not completely it only serves the purpose to divert the negative
attention to a different subject in order to make it seem less bad as it already is.


So now you probably say.....well is that so? So what's the part then that DOES
matter about all this......

Brace yourselves here it comes.......The fact that it happened, TMM knowing
about it for a LONG time and didn't take proper action and informed their
clients about it.......making it appear...(I'll keep it polite tonight) that they
were trying to hide it hoping they'd be able to fix situation before it blew up
in their face like it did recently......

That's all.....continue the discussion please and show us what's your interest
in this by judging the arguments you come up with......

Sad as it is, if this didn't come out on the boards it wouldn't have been fixed. They didn't know wtf to look for. It blew up in their faces because they aren't security admins and the true fact that John's ego blocks his brain waves sometimes doesn't help.

But we all already know this.. We all know nats fucked up, no reason to bring up the dead horse another 1000000 times. The lesson to be learned, again... Is security is YOUR responsibility and not NATS.

And I thought we were talking about previous hacks/exploits with NATS?
Do you even use NATS?

I don't I had clients who did and got insulted by TMM on numerous occasions
when the issue was raised in a few occasions which all were done directly and
very politely to them and kept non public.

And not only insulted but badmouthed behind my back to clients......

I guess I don't get what happened, not being a dick about it, honestly.

What did TMM say to insult them? Did TMM mouth you or the clients or both? Was it face to face?

edit: read your post again, made more since this time :p

I ask, because of it was a ticket/icq, then post it so we can all rail john.

I'm not going to make a big deal out of this anymore....I spoke to John recently
and it was dealt with for my part.....no need to drag dead horses out again...

This kinda of behaviour wasn't exclusive towards me at the time.....there's
plenty of other threads where many different people were confronted with
the same type of behaviour.....hosting providers, sysadmins, tech people
who noticed the same thing many others did.....before it came out in the open.......

John should hire you for PR. So according to you NATS job is not to protect their own admin account info to people's servers? Never mind the fact that NATS asked people to leave these accounts open and then they didn't protect them and you saying that is not their responsibility??? They ask you for a key to your house basically and then they obviously didn't do a good job keeping that key from getting stolen, someone breaks into my house using that key, and you say it is my fault because i didn't have better security inplace. You are too fucking much, you should work for too much media.

all i do is quote you, you provide more than enough nonesense that one wouldnt have to make up or twist anything.

Ohhh.. yeah, don't get me wrong.. I know John has been a Dick. I couldn't spin that if I tried.

I thought you ment more like, I'm going to sue you if you say anything, or something like that. Yeah John isn't very well known for being Mr. Nice Guy

Aye, people have told me I should do John's PR work, it has been talked about. But it won't happen :/


If I give a key to my house, it's 100% my ass if the house gets broken into. No the house builder, door maker, key creator, or anyone else.. It's 100% my fault.

So if you gave NATS the keys to your program, it's your own fucking fault. Even more so when you didn't turn on the built in security feature that would have stopped this.

And agian, not all programs were breached.. Not even close to half. Most did use the ip lock feature and not all had tmm admin accounts, because you aren't forced to have them.

Your turn, please twist what was said one more time in a different direction so I can answer the same thing again for the 1000 time.

Well it was also along those lines but the I'll sue you if you do this thing
don't fly with me.......the bashing normaly neither.......but since I was
presented with the opportunity I decided to throw the ball back for a change.

how about

"what if it is the security company who have your key that breaks in to your house,, whos fault would it be then ?"

Thanks for making my case for me. John and the rest of the TMM team has no business running NATS or anything else that deals with sensitive data for exactly this reason. They esp. have no business running such an application and refusing to allow any third party to verify the safety of it when they run it encrypted. The whole thing is absolutely disgusting, I still cannot believe that there are people still sucking the NATS cock thinking this is all no big deal, just a small bump in the road that will soon pass, etc. It really says alot about this industry, the people in it and the state of affairs for both. Its good that people are taking sides on this one. Makes it real easy to tell who is upstanding and who you need to watch the fuck out for.

No, its not the program's faults. TMM was expected to take reasonable care to ensure that those keys (the logins) were not disclosed or used improperly. Leaving a file of user/pass pairs laying around on a server is not a proper practice and if you think it is, then you need to go back to school. Its the digital equivalent of keeping a post it note on the monitor and its fucking ridiculous. Yes, data breaches happen every day to all sorts of companies. But that does not excuse the conduct of any of those companies, it is still 100% their fault.

People like to throw up "Oh, well how wouldn't you have done it differently, Mr. Know It All?" and to that I say this: I wouldn't have done it at all. If I owned a program, I would have looked into NATS but I would have never bought it. The first red flag would be the fact that it runs on Zend. ANYTHING that requires Zend is always a concern. Next, I would have found out that not only does it run on Zend, but I am not allowed to even install it myself. Another red flag. Why would I not be permitted to install it? I paid for it. My software, right? Next I would have found that the software has never been audited by an independent third party and whats more, John won't allow you to bring a third party in, citing intellectual property concerns. Major red flag. The only people who fear independent audits at someone else's expense are those with something to hide. Sure, John might have concerns over a particular expert, but surely an exert exists that is completely independent but qualified to render a competent opinion that both sides can agree on does not present and IP concern. At this point, I'd start digging into the past of the company and when I found the PornGraph saga, I'd say "You know, this guy is always close by when things catch on fire and burn to the ground. This is a bad pairing, thanks but no thanks."

The only thing the programs are guilty of is making a poor choice on who to do business with. Responsible program owners are - right now - making plans to ditch NATS and TMM. Due to the complexity of such a move, its gonna take some time, 3 to 6 months I'd say. And because of John's history of playing dirty pool, I think most programs that are leaving him are afraid to say so publicly until they have something in place and are ready to pull the plug on NATS/TMM out of fear that John will cut the cord to their licenses in an attempt to bust any unions that start to form. So I am cool with that - for now. But in about 3 to 6 months, the question for program owners who are sticking with NATS is: why? Show me why this program should be trusted and moreover, why I should continue to trust you and not be concerned about your apparent inability to put personal friendships and personal fondness for someone aside and make the right decision for the company.

Yawn, you have no clue what you are talking about.

Dude, nats fucked up, hosts have fucked up, mpa3 fucked up really bad before, and the history of massive screwups in this business is very long. People move past them or we wouldn't have anyone to do business with.

Nobody gives a fuck but the few people that keep posting over and over on all the NATS threads. Anyone leaving NATS already had a plan to exit, otherwise I don't have a single client that has said they are leaving NATS.

Your logic is flawed too. Check this.. I bought paid for my NATS, monthly for a bit before I bought it. Most programs with any size just purchased it. So years go by and TMM/NATS isn't making a dime from me and several others but I still take up support hours, ect. I get pissed and I leave..

Did that hurt nats in the least bit? No, it helps them. Because every stable/paid up client that drops them will be replaced with 5 other smaller ones paying monthly fees.

And poor choices to do business with? Dude, this business is fucked. It's dirty, shady, and filled with money hungry dicks that will fuck their moms over for a dime. You no nothing about this business and try to toss us Tmm/nats as being super bad.. Fuck dude, the are mr clean compared to most companies that "they" do business with.

I keep telling you, that you only help TMM/NATS but you clearly do not understand even basics of brand marketing.

Lets hope this gets resolved soon.

Wow, you really are sucking John's dick hard. You should send him a bill for trying to whitewash the issue.

Have they contacted the FBI or the governemental institution in charge of this kind of crimes ?

Stop spinning the question arround and putting the responsability on everybody BUT TMM.

I haven't seen any statement that said they are initiating any criminal investigation, when clearly this has been a criminal activity that touched all of us.

Somebody out there had access to my identity because of this.

And as far as the responsability, it's clearly not the webmaster's fault if the TMM admin account has been compromised. It's your responsability to secure your server, and I'm glad you were one of the guys that went further, but it was nat's admin account that got compromised, not the webmaster admin.

Funny how he has no immediate reply to this, when he had an immediate reply for everyone and everything else. Telling.