Was Netbilling Really Hacked?
 

I heard this through the grapevine and thought I would mention it here.

As some of you know, Netbilling was "hacked" a few months ago and the "hacker" only got access to email addresses and names.

Strange that the hacker didn't get any credit card numbers isn't it?

This "hacker" has been spamming email addresses used in transactions passed to Netbilling.

If you look at the sites the mailer is spamming, they are all .info and .biz domains hosted at 64.157.9.184

http://www.whois.sc/reverse-ip/64.157.9.184

Take a look at this IP and the domains hosted there.

There are 542 domains hosted on this IP. They are all .info and .biz domains.

Also, guess where this IP is located? Candidhosting.
http://www.whois.sc/reverse-ip/64.157.9.184

Candidhosting is hosting 542 .info and .biz domains that are constantly spammed and does nothing? Sounds strange?

It gets better.

Guess who controls the DNS for www.netbilling.com? Yep.

Candidhosting

www.netbilling.com
NS2.CANDIDHOSTING.COM 64.159.90.10
NS1.CANDIDHOSTING.COM 64.159.90.4

http://www.whois.sc/netbilling.com

So, a "hacker" hacks in to the Netbilling database and only takes names and email addresses but no credit card numbers, sets up a server right at Candidhosting and starts spamming away, while Netbilling and Candidhosting do nothing.

Sound about right?

I doubt Mitch would do anything like this on purpose?

Holy crap...

Well, speaking from my experiences with Mitch, I doubt there is any foul play going on. Stand up guy.

Would be nice if you posted under your real nick....

I am. This is my real nick.

You are suggesting something that is completely wrong. No credit card numbers were hacked whatsoever. Some emails and names were but that is all and it was fixed within minutes. I know nothing about where the spamming came from but will surely show this post to our network engineers and get back to this thread after they investigate. I assure you that we are completely honest and always have been since day.

Thanks for the heads up, Mitch

I assume, it will be bumped by the real nick behind this in the next day or two when this drops off the first page like a hot rock.

I wish the anon's would stop with the potential drama thread their first post.

and if your not an anon, then and introduction as to who you are and what you do should be in order if you plan on posting drama in your first thread.

And I'd be willnig to bet he actually does get back to us, unlike most :)

Well, I'm sorry you don't like me making a 1st post Drama thread, but the facts are laid out on the table.

Sorry you don't like it.

Mitch and his group are the most stand up bunch I have ever met in this industry. You know he will get down to the bottom of this.

It would be nice if you told us who you were at least . :)

Just someone who is sick of SPAM.

Exactly. Mitch and Sarah are very honest and wouldn't do anything to jeopardize everything they have worked so hard building, including their outstanding reputation in this industry.

Yes, Yes...Mitch is great etc. etc.

If thats the case, the spammer is right under their nose, could even be a server right next to theirs, or a provider and nothing has been done.

Bottom line, something is fishy here.

so Netbilling did get hacked? yikes.

We're a customer and I'm disappointed that I had to hear about this through a message board.

What the fuck does a webmaster from "Portland Oregon" fucking know...

:1orglaugh

God damn idiots.

Questioning Mitches ( Netbilling ) integrity is just fucking stupid. I hope that is not what I am reading.

Netbilling is an incredibly honest outfit, there really is not a bad bone in this guys body I have known him since day one.

Inferring a conspiracy is completely out of line.

If anything Netbilling is a victim of cybercrime if the email addresses were compromised.

There is no question of "IF" AlienQ, as Mitch stated above, they were "hacked".

You're correct, Mitch could be a victim.

If that's the case, the spammer has some balls setting up shop right next to Netbilling right in the same datacenter, don't you think?

Same here a bit...

Note to self. Mark this day.

I agree with AlienQ for the first time ever on something.

Customers that were effected were notified. There were only a few and it only lasted a few minutes. It was email addreses and some names only. No sensitive casrd or trasaction data whatsoever.

So you are aware, we employee some of the best securrity experts and engineers in the industry just as some of the other top gateways and #PP do. All of us are under regular attempted attacks from malicious hackers and do a tremendous job keeping them away. This was the first time in 7 years that anything got leaked and it is a great record.

Mitch

I'll go to battle with Mitch anyday....great company...knows all of his customers personally..If he did get hacked...we should support him instead of criticize him...I get hacked 6 times a day by password traders....happens all the time

How come noone knew that the hacker/spammer was hosted at Candid?

It's clear as day if you just look at the emails.

How come nothing has been done?

Interesting.

Thanks Mitch.

Thanks for the clarification, I'm sorry that it happened, but I'm glad it was an isolated incident.

Incidentally, I'm not sure if I've just not had the opportunity to deal with him in the past, or perhaps he is new, but Andy is a great support resource over there. He's in the process of assisting us with a a change on your end to enhance the way we use your API, which is beyond what I expected.

Thank you for the kind words. Andy is a great guy and a great addition to our tech team.

Mitch

Casn you forward me one or more of the emails please?

[email protected]

Thank you

Mitch,

All links in the emails point back to the following:

-------------
Reverse IP: Web server hosts 542 websites
IP Address: 64.157.9.184
IP Location: - New Jersey - Newark - Candidhosting Inc
-------------

There are many sites, all .info and .biz domains.

If Candid is honest, you can easily track them down.

Goodluck.

Do you actually have any of the emails?

Mitch

Of course, I've been getting them for months now, every single day.

I told you the links that they point to, its up to you if you want to act on it or not.

It seems you came here just to bash Netbilling. Your intentions are pretty obvious. If you are truly concerned you should forward some of the emails that you received to mitch as he requested.

Again, the proof is there and Mitch knows whats up.

Failing to act says a lot.

This will never happen, as this person is here to start shit, not solve it.
It is obvious. Otherwise, this person who is so tired of spam would have picked up the phone and called netbilling and advised them of this situation instead of coming to GFY for the very "first" time and posting this.

Send the man a few emails complete with headers, and give him a few days. If you are right you have saved the day and I am sure Netbilling would be very thankful.

This is the first I've heard about this as well, but from my experiences NetBilling is a great company and I trust them. :2 cents: