Sponsors! check your member email DB, you prolly are hacked. - GoFuckYourself.com - Adult Webmaster Forum

X

gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#1

Sponsors! check your member email DB, you prolly are hacked.

06-19-2010, 08:07 AM

When was the last time you (affiliate program owners) have placed a virgin email address in your member database on your server to see if your member's email list has been compromised? Bet when you do it, you will see spam on those emails in 3 to 5 days ;)

Got some serious hackers selling off member's lists fresh from hot small to huge sponsor programs DB's and the ones who buys these lists are some of the biggest affiliates in the biz.

Seed fake members in your DB and then thank me later for warning you.

Contact me: \\// E: webmaster /at/ unprofessional.com
Tags: None
bzent

Registered User

Join Date: May 2010

Posts: 90
Share

Post
#2

06-19-2010, 08:09 AM

Seconded.

Though, the less honest ones could be selling them... emails are worth a bit.

Real Girlfriend Porn | Black Teen Booties
Comment
SmokeyTheBear

►SouthOfHeaven

Join Date: Jun 2004

Posts: 28609
Share

Post
#3

06-19-2010, 08:10 AM

nats or no nats ? i remember when nats got hacked by someone using their admin username and password , the hacker stole all the signup emails from each of the sponsors running nats that they compromised

hatisblack at yahoo.com
Comment
SmokeyTheBear

►SouthOfHeaven

Join Date: Jun 2004

Posts: 28609
Share

Post
#4

06-19-2010, 08:13 AM

hmm i see nats sites in sig , bad sign. NATS seemed to want nothing to do with finding/exposing/criminally charging the culprits last time. Kind of an open invitation for hackers to try the same hack, especially when they know their target isn't interested in finding them, charging them or exposing holes.

hatisblack at yahoo.com
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#5

06-19-2010, 08:14 AM

Originally posted by bzent

Seconded.

Though, the less honest ones could be selling them... emails are worth a bit.

Nothing wrong with selling or mailing your own members, if you don't you leave money on the table, just talking about affiliate programs having their entire members DB being stolen from them without their knowledge, new members will be spammed within 3 to 5 days by the same guys. I've talked to several program owners and they all were surprised to have their DB's compromised like this after doing the test, and in each case it was the same spammer affiliates getting their lists.

The spammer will not be shut down by program owners (tried that) because they are making huge money on basically the most valuable email list ever created in the history of porn spamming.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
Serge Litehead

Confirmed User

Join Date: Dec 2002

Posts: 5190
Share

Post
#6

06-19-2010, 08:19 AM

if that's the case i would recommend seeding fake affiliate emails as well.

SilverCrocodile.com
Adult web design since '05
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#7

06-19-2010, 08:19 AM

Originally posted by SmokeyTheBear

nats or no nats ? i remember when nats got hacked by someone using their admin username and password , the hacker stole all the signup emails from each of the sponsors running nats that they compromised

NATS & non nats sponsors are getting their members stolen this time. From my tests they are just cracking SQL DB's logins. Definitely not just a NATS issue, although I'm not saying it's not part of it.

My theory based on tests and collecting info on this problem is there is a group that is cracking program owners DB's by any means, including php exploits, apache/sql/smarty exploits, and then straight up brute force cracking DB's and affiliate software admins if that fails. This has been going on for over a year. Once they gain access they are selling the lists to the same group of affiliates, one gets it exclusively for about a week or two, then it's sold to another affiliate who gets semi-exclusive spam access, then it's sold to several other spammers.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#8

06-19-2010, 08:20 AM

Originally posted by holograph

if that's the case i would recommend seeding fake affiliate emails as well.

affiliate lists in my case were not touched through every test we had over the last year. Not valuable enough for em to bother with. These guys are only after paysite members email addresses, they don't take their logins, so they know what's worth $$ and don't bother with anything else.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
SmokeyTheBear

►SouthOfHeaven

Join Date: Jun 2004

Posts: 28609
Share

Post
#9

06-19-2010, 08:35 AM

Originally posted by gleem

NATS & non nats sponsors are getting their members stolen this time. From my tests they are just cracking SQL DB's logins. Definitely not just a NATS issue, although I'm not saying it's not part of it.

My theory based on tests and collecting info on this problem is there is a group that is cracking program owners DB's by any means, including php exploits, apache/sql/smarty exploits, and then straight up brute force cracking DB's and affiliate software admins if that fails. This has been going on for over a year. Once they gain access they are selling the lists to the same group of affiliates, one gets it exclusively for about a week or two, then it's sold to another affiliate who gets semi-exclusive spam access, then it's sold to several other spammers.

seems to me if there is no common factor ( nats , wordpress, etc ) then why would the hacker not go for something more valuable. Usually when semi-valuable info get's hacked , it is something tied to a software bug/hole.

hatisblack at yahoo.com
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#10

06-19-2010, 08:39 AM

Originally posted by SmokeyTheBear

seems to me if there is no common factor ( nats , wordpress, etc ) then why would the hacker not go for something more valuable. Usually when semi-valuable info get's hacked , it is something tied to a software bug/hole.

what is more valuable than lists of emails they have buyers for and the list being top tiered when it comes to spamming since every person is guaranteed (almost) to have a credit card and willing to join a porn site within the last few days. Stealing card data might be a bit riskier than just yanking email addresses from sponsors who will prolly not call the FBI for that crime. I don't keep CC data on any of my servers, but a crime like that brings a world of shit on your head.

Last edited by gleem; 06-19-2010, 08:40 AM.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
SmokeyTheBear

►SouthOfHeaven

Join Date: Jun 2004

Posts: 28609
Share

Post
#11

06-19-2010, 08:46 AM

Originally posted by gleem

what is more valuable than lists of emails they have buyers for and the list being top tiered when it comes to spamming since every person is guaranteed (almost) to have a credit card and willing to join a porn site within the last few days.

cc data and affiliate data

Originally posted by gleem

Stealing card data might be a bit riskier than just yanking email addresses from sponsors who will prolly not call the FBI for that crime. I don't keep CC data on any of my servers, but a crime like that brings a world of shit on your head.

you do have a point there, although that risk hasn't stopped people before.

hatisblack at yahoo.com
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#12

06-19-2010, 08:49 AM

Originally posted by SmokeyTheBear

cc data and affiliate data

you do have a point there, although that risk hasn't stopped people before.

True, I don't keep CC data on my servers so I can't test if they were going after that as well other than I use my own CC's to do test joins all the time and they haven't been stolen, most sponsor other than huge programs leave the CC data at the gateways.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
cwd

Confirmed User

Join Date: Feb 2006

Posts: 1955
Share

Post
#13

06-19-2010, 09:39 AM

What kind of email are they sending?
I received one starting like that:
----
Here is your login information.

Username: daWeXeve
Password: xxxx
Website Location : http://www.lifetimeadultpass.com/
----
From: Customer Suport ([email protected])
Comment
Serge Litehead

Confirmed User

Join Date: Dec 2002

Posts: 5190
Share

Post
#14

06-19-2010, 10:46 AM

theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place as SQL servers are not open to receive connections from remote locations by default. I don't know inner workings of paysite scripts and billers how they're tied up together - but i highly doubt its required to have SQL DB access open for remote servers.

Last edited by Serge Litehead; 06-19-2010, 10:50 AM.

SilverCrocodile.com
Adult web design since '05
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#15

06-19-2010, 12:54 PM

Originally posted by SmokeyTheBear

hmm i see nats sites in sig , bad sign. NATS seemed to want nothing to do with finding/exposing/criminally charging the culprits last time. Kind of an open invitation for hackers to try the same hack, especially when they know their target isn't interested in finding them, charging them or exposing holes.

exactly, and all nats did was sue the whistle blower for stating information about the matter. the IP that was hacking all of the servers was in California at a hosting company, would not have been hard to get server logs.... but sueing "reporters" in washington was more important. or.... who knows.
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#16

06-19-2010, 12:59 PM

Originally posted by SmokeyTheBear

seems to me if there is no common factor ( nats , wordpress, etc ) then why would the hacker not go for something more valuable. Usually when semi-valuable info get's hacked , it is something tied to a software bug/hole.

i guess you dont know much about the value of a exmember/biller/processor list. there were some old ones that would net $5-10k+ every DAY! thats worth a lot more(money and risk wise) then a bunch of CC;s. furthermore, as far as i know, no one has ever been prosecuted for list theft, because its damned near impossible to prove. while CC theft is much harder to get away with.

customer emails are one of the most valuable assets an adult affiliate program has.... they should protect them.
Comment
raymor

Confirmed User

Join Date: Oct 2002

Posts: 3745
Share

Post
#17

06-19-2010, 01:00 PM

Originally posted by holograph

theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place

Most any PHP script will provide enough access, and by default no password is required to log
in to the database. This due to a widely held misconception about how the default account works.
So default MySQL, not secured by someone who knows what they are doing + any popular PHP script = DB publicly available.

Originally posted by holograph

theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place as SQL servers are not open to receive connections from remote locations by default. I don't know inner workings of paysite scripts and billers how they're tied up together - but i highly doubt its required to have SQL DB access open for remote servers.

Certainly DB access to remote servers (tcp) should be disabled if possible.

For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
Comment
PornoStar69

Confirmed User

Join Date: Oct 2008

Posts: 2069
Share

Post
#18

06-19-2010, 01:05 PM

Anyone after dating emails? I can acquire several million, im sure they would do well - sample available upon request.

GFY King?
Comment
jigg

Confirmed User

Join Date: Feb 2002

Posts: 2527
Share

Post
#19

06-19-2010, 01:16 PM

there's no question some programs are either compromised, or are stupid enough selling emails. I've signed up with emails that have odd, hard to guess usernames and they get spam

Last edited by jigg; 06-19-2010, 01:17 PM.

......
eight,eight,two,eight,eight,four,two
......
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#20

06-19-2010, 03:56 PM

Originally posted by PornoStar69

Anyone after dating emails? I can acquire several million, im sure they would do well - sample available upon request.

LOL!

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#21

06-21-2010, 07:01 AM

Originally posted by raymor

Most any PHP script will provide enough access, and by default no password is required to log
in to the database. This due to a widely held misconception about how the default account works.
So default MySQL, not secured by someone who knows what they are doing + any popular PHP script = DB publicly available.

Certainly DB access to remote servers (tcp) should be disabled if possible.

Care to expand further on the MySQL default account?

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
Agent 488

Registered User

Join Date: Feb 2006

Posts: 22511
Share

Post
#22

06-21-2010, 07:05 AM

these are very serious accusations about nats.
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#23

06-21-2010, 07:18 AM

welcome to yesterday

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#24

06-21-2010, 07:58 AM

Originally posted by Agent 488

these are very serious accusations about nats.

This isn't about nats, it about DB hacking and is happening to both NATS/Non nats & custom affiliate scripts.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#25

06-21-2010, 08:05 AM

you can register to public forums, where are hackers playing game like to have control over complete adult business. group of hackers, filling their list of hacked dbs. if there is new program, new job is started and program is hacked in few days. when the hack is compromissed for public, they just post the hole and then you wake up and say oooh i am hacked those bastards! some stupid ones are putting to your passfile also logins with ishere and similar passwords, but clever ones are only spamming and making big bucks with fake watches or viagra. and, there is not only one forum where they have control over almost everything ... welcome to the internet people

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#26

06-21-2010, 09:02 AM

Originally posted by TeenCat

you can register to public forums, where are hackers playing game like to have control over complete adult business. group of hackers, filling their list of hacked dbs. if there is new program, new job is started and program is hacked in few days. when the hack is compromissed for public, they just post the hole and then you wake up and say oooh i am hacked those bastards! some stupid ones are putting to your passfile also logins with ishere and similar passwords, but clever ones are only spamming and making big bucks with fake watches or viagra. and, there is not only one forum where they have control over almost everything ... welcome to the internet people

where's this?

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#27

06-21-2010, 09:14 AM

Originally posted by gleem

where's this?

cant post and cant share, but not impossible to figure out, three forums in different languages, none of them is english. there is so much valuable informations to throw it out, sorry man ...

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
tonyparra

Confirmed User

Join Date: Jul 2008

Posts: 4568
Share

Post
#28

06-21-2010, 09:27 AM

Originally posted by TeenCat

cant post and cant share, but not impossible to figure out, three forums in different languages, none of them is english. there is so much valuable informations to throw it out, sorry man ...

even if he gave you the forums names it wouldnt make a difference

High Performance Vps $10 Linode
Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#29

06-21-2010, 09:45 AM

Originally posted by tonyparra

even if he gave you the forums names it wouldnt make a difference

wouldn't make a difference to know what sites are posted there and what the exploits are?

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#30

06-21-2010, 09:53 AM

Originally posted by gleem

wouldn't make a difference to know what sites are posted there and what the exploits are?

i have been doing this for free, contacted about 50 programs, received about 2 thank replies and about 5 you fucking hacker replies, the rest filled hole and didnt even bothered with reply, i have no reason to do it anymore i have also offered password and exploit reports on 4o1.info, all for free, made some announcements here on gfy, got three programs interested and i am still sending them info, but come on, three programs? no more wasting of time

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#31

06-21-2010, 10:00 AM

Originally posted by TeenCat

i have been doing this for free, contacted about 50 programs, received about 2 thank replies and about 5 you fucking hacker replies, the rest filled hole and didnt even bothered with reply, i have no reason to do it anymore i have also offered password and exploit reports on 4o1.info, all for free, made some announcements here on gfy, got three programs interested and i am still sending them info, but come on, three programs? no more wasting of time

Well I'd be interested, I'll even send thank you cards

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#32

06-21-2010, 10:05 AM

Originally posted by gleem

Well I'd be interested, I'll even send thank you cards

well man cant say for 100% but will try to remember your revengebucks when will be checking some of those places, but as i said it is wasting of time now so im doing it once per month or so, will let you know if i see you somewhere anyway ... now i can give you only vip access to saff forum, where most of the hacked passwords ended, so contact me at radimcillik at gmail if you are interested in this. security of your users and affiliates in the first place everyone!

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
tonyparra

Confirmed User

Join Date: Jul 2008

Posts: 4568
Share

Post
#33

06-21-2010, 10:05 AM

Originally posted by gleem

Well I'd be interested, I'll even send thank you cards

i like gleem and i like your program too. your always pretty level headed.

High Performance Vps $10 Linode
Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#34

06-21-2010, 10:20 AM

Originally posted by TeenCat

contact me at radimcillik at gmail if you are interested in this. security of your users and affiliates in the first place everyone!

Email sent

Originally posted by tonyparra

i like gleem and i like your program too. your always pretty level headed.

Thanx Tony!

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment
Klen

Join Date: Aug 2006

Posts: 32235
Share

Post
#35

06-21-2010, 10:21 AM

Originally posted by gleem

where's this?

It's very easy to find them using google,i found once email database from one big tube site,downloaded it and it was real thing.
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#36

06-21-2010, 10:25 AM

Originally posted by gleem

Email sent

email replied, wish you best with your sites everyone!

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
Serge Litehead

Confirmed User

Join Date: Dec 2002

Posts: 5190
Share

Post
#37

06-21-2010, 11:50 AM

lesson from this thread:
- restrict db access only to from known hosts (shut anonymous db access if you have that)
- use complex generated passwords for db login and anything else
- also should consider securing ssh/ftp access
- for commonly used scripts - customize them, change admin url if possible, use strict passwords
what else is missing?

SilverCrocodile.com
Adult web design since '05
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#38

06-21-2010, 11:59 AM

Originally posted by holograph

lesson from this thread:
- restrict db access only to from known hosts (shut anonymous db access if you have that)
- use complex generated passwords for db login and anything else
- also should consider securing ssh/ftp access
- for commonly used scripts - customize them, change admin url if possible, use strict passwords
what else is missing?

- log all activity in admin areas on your server, get reports when unknown things happens
- do not send password through emails, do not store emails with passwords
- put your own testing real looking combos in htpasswd so you can track the hacks easily
- have all logins with captcha, not only popup 401 window

maybe sounds easy and basic, but those are things how smart kid can take your datas even without knowing any programming language

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
Serge Litehead

Confirmed User

Join Date: Dec 2002

Posts: 5190
Share

Post
#39

06-21-2010, 12:34 PM

Originally posted by TeenCat

- log all activity in admin areas on your server, get reports when unknown things happens
- do not send password through emails, do not store emails with passwords
- put your own testing real looking combos in htpasswd so you can track the hacks easily
- have all logins with captcha, not only popup 401 window

maybe sounds easy and basic, but those are things how smart kid can take your datas even without knowing any programming language

good call, abundance of basic security measures is what provides most vulnerability more often.

SilverCrocodile.com
Adult web design since '05
Comment
gleem

Confirmed User

Join Date: Jun 2001

Posts: 5593
Share

Post
#40

06-21-2010, 05:00 PM

Originally posted by TeenCat

- log all activity in admin areas on your server, get reports when unknown things happens
- do not send password through emails, do not store emails with passwords
- put your own testing real looking combos in htpasswd so you can track the hacks easily
- have all logins with captcha, not only popup 401 window

maybe sounds easy and basic, but those are things how smart kid can take your datas even without knowing any programming language

The password trading is of less concern than the emails, gonna have to figure out how to store emails somewhere off the nats DB.

Contact me: \\// E: webmaster /at/ unprofessional.com
Comment

Previous template Next

Working...