CCbill hacked?
 

when try to get the new banners and links i get a popupfarm?
Any one else tryed that?


Sourcecode is:

That text is too small on my screen, but how do u figure CCBill was hacked? Could this not just be a little glitch?

Oh, now I see the hahahaha... ugh... dunno! :-) Hahaha

This is the screendump

link

ITs fucking stealing my passwords:

probably some spyware

NO - i have the sourcecode, but they told me;


Webmaster,

Please contact the referral webmaster of the program you are signed up
with to resolve this issue.


Regards,

Lenny S
Tech Support

if you think they've been hacked, just give them a call and ask whats going on... CCBill techsupport 1-888-906-0666

read above to se their reply

They sent an e-mail over the phone?

:321GFY
I ALWAYS keep the dialog in writing, so I can prove what they/I said

Oh ok, well if that is the fastest way to solve a problem, its all good. Although I am sure if you would keep a little history, of when you called and who you talked to it would do the same.

But thats ok, everybody does it a different way, whatever works the best for you. :smokin

Hello ebus_Dk,

Can you please send me an email ([email protected]) regarding this issue, you can send the same one you sent into our support staff if you would like.

I will be happy to look into the situation for you.

Feel free to ICQ me as well 84769138,
or call 888 906 0666 ext. 158

Thanks,

Sean E.

Thanks - you have my mail I one minut

Problem fixed - thanks Sean:thumbsup

What was it?

cc bill is one of the easiest as can be seen by how many passwords one must delete until he/she gets pennywize

hahah

i use PW Sentry w/ ccBill to watch for both rogue accounts and accounts added via hacking the master script... but, since switching to the newer signup forms w/ ccBill, i haven't had one bogus account show up in our .htpasswd's... perhaps the hole is plugged finally..?

Why do people insist on posting this shit to the boards before calling tech support.

CCBill has 24-hour phone support for webmaster. You should try it sometime.

B

SHUT up bitch !!!

I DID contact them , and the support just told me "please contact the affiliate webmaster" Thats NOT good enough when he runs a script that lifts my CCbill password and upload it to another server

Thats whaen i posted it, and THATS when something happend.

But gladly Sean took care of it, but we are still waiting for an explanation from the webmaster

Well, that's an interesting point there, perhaps it's the webmaster and not CCBill causing the issue...

it IS the webmaster causing the problem, I dident say anything else. But its located on CCbills server and its their server that get compromised. Its a pretty important part of the page, to be able to get to your ref-codes without getting you accountid and password stolen :Graucho

ebus, you should participate in manual penile massagin much much more often.

Hello. I may be the one in question. But I can assure you it is not my fault. If you like I even posted a message earlier before this post on Amateurmasters. I am not sure what is going on here and have talked to also Sean moments ago. First off all the webmaster who signed u0p for my program has e-mailed me and I have answered back every e-mail trying to figure out wtf was going on. I do not understand what has happened and have explained that to him and asked him questions. When I spoke to Sean he assured me that that the problem was fxed. Well that is fine and dandy but why and how did this happen?? I did not tweak any thing in my program since I placed it up about a year ago. So some one hackled it or id on't know. Oh and also he added a screen cap of the site that loaded. That wasn't even my site that loaded.

Here is thecapture that was sent me. This is not mine!!
http://www.corinacurves.com/ccbill.jpg

So ccbill needs to come up with an answer to this because I will not allow them to make it look like this was me. I am a good webmaster and would never screw anyone over. I have been with ccbill for a long time and they have always attended promptly to any problems I have had. And I have been 95% happy with them so I am not trying to slam ccbill but there needs to be some thing done!!

did you get my last mail? Im NOT saying you did anything of this (and welcome to GFY by the way :thumbsup )
The Question was; was CCbill hacked ?
or what happend, and like I told you in the mail;
"I'll leve you and CCbill to find out what happend"

There are 2 reasons why I postet this on GFY.

1 - To make CCbill run a little faster (and Sean did a 100 meter sprint in about 8 seconds)
2 - To get a responce from the webmaster of your site (you) because the first mail bounced


Im Not gonna comment on anything else before:
1 - you guys found out how that script came there
2 - who put it there
3 - and what it did to my password

Yes I got your e-mail and I sent you one back.

I am very sorry that this has happened but I am still a bit clueless as to where and how you got that code.

Bret at ccbill brought to my attention that I had a bad link in my referral program. When you cick on it Homegrwon Video pops up, because they host my site and that is like a 404 page I think you would call it. It pops up when there is a dead link. Homegrwon is very reputable and would never put some thing like that in there pops. Homegrwon is also trying to help figure this out too.

As for the code where did you get that code??

When your ccbill admin and click on get code. It usually gives you a one line code to link to me. And that is your affilliate code so that your hits can be tracked and your sales will go to you. So that is why I am confused when you say you go to the admin and you click on html why it would give you that code you posted??

Or are you viewing source on one of the pop ups and the code is there?? Is that wherte your getting that funky code from.

We do need to figure out exactly where your getting it and what is happening so we can prevent this from taking place!!

Sincerely
Corina

I just posted this in response to Corina on the AmateurMasters Board:

"Corina,

Now that I see what is happening to the guy, it's not something either you or CCBill did, he already had the MoneyTree parasite in his system and browser! It can take over at random times, and it looked like it did when he was on the CCbill affiliate page.

What one of the varients does is randomly pop-up promos and ads for sites within the Moneytree system while someone is surfing. he blames it on the site he's on, without realizing that it's something already on his PC.

Tell him to scan his system with Ad-aware or similar program. he can also visit http://www.doxdesk.com/parasite which will find it for him and give him the fix.

Danny"

I'm a moneytree affiliate. What's this about a parasite?

IF Moneytree were popping up something that could possibly compromise the integrity of things like user names and passwords for logins to sites, I would think that there are many people who'd be interested in taking action against them.

The potential liability issues for the sites in question, and defending themselves against a liability suit that they had nothing to do with boggle my mind.

I wouldn't be surprised to see some c&d's go out IF this is indeed the case.

Check out http://www.doxdesk.com/parasite/MoneyTree.html for info on the Moneytree parasite

No I DONT have that paresite !!!!!!

Get you fackts straight asshole, and stop telling me whats on my system. Dont you think I would know if anything was on my mashine? Everytime something get added to my registrationn database, I get a popup - and I use spybot and adavare every day to ceep my PC clean. I posted the sourcecode THAT shoud had told you that you are WRONG

Kimmykim : they DIDENT :)
it is run by these guys
http://204.177.92.193


DannyWRP : I dont think you want to tell people that moneytree steals passwords - you in way over your head boy

ebus: I never said anything was run by Moneytree (SexTracker), I said that the parasite was called MoneyTree.

Follow the link I posted above.

...and BTW, I'm never over my head :1orglaugh

Did some digging. The IP addresses in question (204.177.92.0-204.177.93.255) are run by a company called Lexitrans

Tracked down some intersting stuff on some techie message boards about these guys. It seems they take existing dialer programs, and modify them with all sorts of stuff. If you see it installed on your PC, you just assume it's from mtree.com or goin.com, or any other site that runs dialers.

If you already have any of the dialer programs in your PC, this exploits them and installs itself over them without you even knowing. They can then do all sorts of nasty stuff.

BTW, on March 18th, Lexitrans was indicted for money laundering : http://stacks.msnbc.com/news/887174.asp


You see ebus, a litle research and digging goes a long way. You should do that before you blame CCBill or Corina on a public board for what is most probably embedded in your system.

Look dumbass, did you see anyone mention the word Sextracker?

I said:
"The potential liability issues for the sites in question, and defending themselves against a liability suit that they had nothing to do with boggle my mind. "

hello???? is this thing on??? Sextracker would also be a site apt to sue Moneytree.

I think Danny was only trying to be friendly and come up with a reason on why this happened. I am not sure why Kimmy and Ebus feel the need to respond so unfriendly back. Guess I don't get it.

I like to conduct business in more of a friendly manner not cussing at each other and being rude. This will be my last message here.

Ebus you know where to contact me and you know I will e-mail ya back. But I don't feel the need to participate in this discussion here.

I am also willing to keep this case open till we get some sort of concrete answers that way we can learn to prevent, watch for, or maybe stop this from happening again.

Sincerely
Corina

After Corina approached me regarding this I did a little research myself and think I have found roughly the same things that Danny had as well. This 204.177.92.193 ip in which you recieved the harmful code from is just one of several connections this person had around the world. It is indeed run by Lexitrans from KS, though I think the perp acted apart from the company owning this ip. I found a host of worms,spyware,addware at this ip addy.

Here is what I believe may have happened Ebus. Upon going to corina's webmaster page on ccbills side, there was a frame that pointed to a place on her site that did not exist. This triggered a redirect that sent you initially to homegrownvideo's front page. This is not malitious, we do this to steer traffic that is not going anywhere (404/401's) as many webmasters do on their servers. At this point you must have endured some exit traffic pop up's and then this hacker scrub made his move. He(bad guy) likely had a dialer spot that looked legit on the surface until he swapped out his page for a redirect that went to another redirect and so on. Eventually it led you to his unclean page that you posted originally.

Whatever the case is Ebus, this fellow is long gone. Once word came out of this he must have removed all redirects and flitted back into the shadows whence he came. CCbill resolved the missing page frame fairly quickly by my estimate. I can certainly appreciate the anger you felt upon being hit by this hacker. I hate these assholes to the core. Just know that we can be a source of help, but it becomes challanging when we are the source of your rancor.
I hope this helps you out some. :thumbsup

-N

\

LMAO. Yeah...Danny Cox is way over his head. Does that make Carol a newbie? :1orglaugh