Results 1 to 17 of 17
  1. #1
    GPWA Teresa's Avatar
    GPWA Teresa is offline Former Staff Member
    Join Date
    September 2008
    Location
    West Newton, MA
    Posts
    842
    Thanks
    17
    Thanked 25 Times in 22 Posts

    Default PAL Reports Affiliate Media Hack Attempt

    In case you had not heard, or were not a member at PAL, Jeremy has posted this :

    http://www.pokeraffiliatelistings.co...-hack-pal.html

    I am actually quite shocked as I type this right now. Most of you know I am not a big fan of all the industry drama. I have purposely stayed out of all the gossip, rumors, and even facts about anything and everything to do with CAP, AMI, and PAP. Even when my account at PAP was hacked and AMI executives posted on it pretending to be me, I kept my cool.

    But what just transpired really pisses me off, and I feel I should share with the group. While I was not even at my computer I get the following email on my blackberry.



    Of course after I see this I immediately went to PAL to do a little investigating. What I found made my jaw drop. I logged into the admincp and ran a query on the I.P. address 64.58.138.146 where the attempted login to my account came from. This was the result.



    Who could this be you ask?




    The Jarwl account is the account that Warren and Lou from Affiliate Media (CAP,PAP) had been using to read PAL since its inception while the forums were private. I knew this account was theirs the whole time, but allowed them to use it anyways up until about a week ago. Even when private, I had nothing to hide from them. In fact they are welcome members here at PAL if they would like to be.

    But what I don't understand is why would they attempt to login to my account (Jeremy) here at PAL? Say what you want about "a staff member thought it would be funny" like Warren did when they jacked my PAP account. Fine, they own PAP. But trying to login to my PAL account here 5+ times with what I assume are my old passwords from PAP stuff when I worked there...........this is shady, and nothing short of a hacking attempt.

    So Warren, Lou, and whoever else from AMI reading this; Why are you trying to login to my PAL account? What were your intentions? What would you have done after you got in?

    Quite frankly guys, I am disgusted and would love a real explanation about what your intentions were. And save the bullshit lies and just be honest for one ******* time in your career. Your business ethics are a disgrace to this industry, and I am embarrassed to say I spent any time with AMI as an employee.
    Teresa Adam

  2. #2
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,582
    Thanks
    1,587
    Thanked 7,275 Times in 4,616 Posts

    Default

    That IP address is an IP owned by Cox Communications(GA), and a geographic lookup shows it is in CA. (as per a dnsstuff lookup)

    Currently there is a Windows Small Business Server 2003 on the IP, so this could mean that it is any small business in CA.

    It could be that the server or a workstation behind it (since often SBA will run a proxy by default) could have been compromised and the hacker may have been going through the history and attempting the break-in.

    Without further forensic details, there are so many scenarios possible that the above is just one possible one.

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  3. #3
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,582
    Thanks
    1,587
    Thanked 7,275 Times in 4,616 Posts

    Default

    Another possible scenario is that the attempt is a true hacker trying to get in and is using a proxy that forges the IP Header also.

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  4. #4
    Brandon is offline Non-sponsor Affiliate Program
    Join Date
    March 2007
    Location
    California
    Posts
    11
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by universal4 View Post
    Another possible scenario is that the attempt is a true hacker trying to get in and is using a proxy that forges the IP Header also.

    Rick
    Universal4
    I have been watching this IP read all CAP/PAP related threads on PAL since the creation of the account.

    I also so it last week having issues trying to login to an account, I can only speculate that this was not their first attempt to get into Jeremy's account.

  5. #5
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,582
    Thanks
    1,587
    Thanked 7,275 Times in 4,616 Posts

    Default

    My point is that had a user account on the small business server been compromised, and someone used that account, ANY and ALL outgoing traffic from that server would show that ip address.

    Also, had that account been compromised been one of the accounts that was used previously by them to view/read/post whatever at your forum, (you yourself said this was happening and you sanctioned it) that the address and username to login to your forum would have been in the browser history in that account on that server.

    I am not defending or denying what you said happened, I am just offering another possible scenario to the situation since there are many possibilities of what might have happened.

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  6. #6
    mojo's Avatar
    mojo is offline Private Member
    Join Date
    March 2005
    Posts
    4,985
    Thanks
    1,933
    Thanked 1,882 Times in 1,222 Posts

    Default

    I am not defending or denying what you said happened, I am just offering another possible scenario to the situation since there are many possibilities of what might have happened.
    I personally don't think it is different scenario than what was presented above. This has happened to jeremy before and it was acknowledged by warren. Unfortunalty, history is a factor here. JMO

    http://www.pokeraffiliatelistings.co...r-my-name.html

  7. The Following User Says Thank You to mojo For This Useful Post:

    Jinnia (25 January 2009)

  8. #7
    alexpratt's Avatar
    alexpratt is offline Private Member
    Join Date
    August 2006
    Posts
    1,429
    Blog Entries
    3
    Thanks
    151
    Thanked 717 Times in 423 Posts

    Default

    Posted but deleted - I need to keep my promise to myself that I will not get involved in these threads and help them get massive
    iGB Affiliate - The biggest magazine and events for affiliates in igaming

  9. #8
    ck8795 is offline Private Member
    Join Date
    March 2007
    Location
    Canada
    Posts
    1,005
    Thanks
    3
    Thanked 5 Times in 3 Posts

    Default

    Quote Originally Posted by alexpratt View Post
    I also find it hard to believe they would try this as its plain stupid and they know the IP etc is tracked so why risk it! I also know that CAP had no access to the forum prior to it going public this week as they have been trying to find out what was being said in their about them since it launched to no success apart from the odd bit of hearsay -

    I just find it hard to believe the guys at CAP who are tech savy etc etc would try this

    Alex thats not true either. The forum was invite only. I invited a number of people I had on my IM's etc. The account Jarwl was listed to aj@affiliateprograms.com
    That specific account would have had to accept the invite sent to aj@affiliateprograms.com in order to access the forums...which they were. I know who sent him the invite...not going to mention it here but yes someone did have access to the forums up until the beginning of Jan.

  10. #9
    Brandon is offline Non-sponsor Affiliate Program
    Join Date
    March 2007
    Location
    California
    Posts
    11
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by alexpratt View Post
    Posted but deleted - I need to keep my promise to myself that I will not get involved in these threads and help them get massive
    Alex,

    You obviously are going to stick with CAP to the death, but I hope you realize that they are indeed not thinking straight.

    The evidence is there, and if you have any doubts please contact me and I will send you screenshots that will verify that someone in the Irvine office was responsible for this.

    Also, you say you know that CAP had no access to the forums? Thats funny because Warren himself told me he did and is reading everything that is said. I can show you that as well.

    BTW, I am pretty sure PAL has been the most active forum since it was created, so I would be careful being proven wrong in that aspect as well.

  11. #10
    rknuppel's Avatar
    rknuppel is offline Private Member
    Join Date
    August 2008
    Location
    Orlando, FL
    Posts
    111
    Thanks
    92
    Thanked 32 Times in 23 Posts

    Default

    I sure hate hearing this kind of stuff. Will be interesting to see what kind of response comes out of it from the other side.

  12. #11
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,582
    Thanks
    1,587
    Thanked 7,275 Times in 4,616 Posts

    Default

    I will send you screenshots that will verify that someone in the Irvine office was responsible for this.
    The only way to prove this is with the ip address.

    And the way Small Business Server setup this way works, is that anyone remotely can connect to a workstation (or virtual desktop on the server) and go anywhere on the internet in a browser and the IP reported to the destination will be the server IP (or proxy IP if the proxy is enabled, or the workstation IP if a 1to1 nat is enabled)

    There are also other ways to mask and forge the originating ip address, but that becomes very complicated and is mostly only successful using a proxy set up on the block of ip's that is reported.

    If I sit on a FL IP and use an account on a SBS in NY and go to whatismyip.com in a browser using that account, my ip will show the orginating ip as the one in NY although I am sitting on a workstation in FL.

    The only point I am trying to make is that the person does NOT have to be sitting in CA.(thus the hacker could be in any country providing they hacked the SBS Server)

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  13. #12
    Brandon is offline Non-sponsor Affiliate Program
    Join Date
    March 2007
    Location
    California
    Posts
    11
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by universal4 View Post
    The only way to prove this is with the ip address.

    And the way Small Business Server setup this way works, is that anyone remotely can connect to a workstation (or virtual desktop on the server) and go anywhere on the internet in a browser and the IP reported to the destination will be the server IP (or proxy IP if the proxy is enabled, or the workstation IP if a 1to1 nat is enabled)

    There are also other ways to mask and forge the originating ip address, but that becomes very complicated and is mostly only successful using a proxy set up on the block of ip's that is reported.

    If I sit on a FL IP and use an account on a SBS in NY and go to whatismyip.com in a browser using that account, my ip will show the orginating ip as the one in NY although I am sitting on a workstation in FL.

    The only point I am trying to make is that the person does NOT have to be sitting in CA.(thus the hacker could be in any country providing they hacked the SBS Server)

    Rick
    Universal4
    I understand what you are saying, there is always a chance that this is not true. But lets be honest, with their history of already logging into Jeremys account at PAP, having one of the PAP mods invite them to pal, signing up under that IP, and then having that same IP try and guess Jeremy's password?

    I am no detective, but that shoe fits.

  14. #13
    Enke is offline Public Member
    Join Date
    March 2007
    Posts
    29
    Thanks
    4
    Thanked 28 Times in 7 Posts

    Default

    Hi guys, it is very unfortunate that this has transpired and I'm extremely disappointed. Part of me wanted to ignore the entire incident and not make it public. I sincerely have no interest in being a part of the industry drama or airing out any beefs with Warren or Lou. At the end of the day I just want to be a poker affiliate and provide a community for fellow poker affiliates and operators to do business. But there comes a point where enough is enough!

    I'm sure there are some plausible ways in which it is just a "crazy coincidence" that the jarwl account registered and confirmed with an AMI email address has the same I.P. as the I.P. yesterday that tried to login to my account 5+ times.

    With all due respect Rick, I'm sure we could make a 100 page thread on how it is "possible" that this is just a freak coincidence. I will do my dilligence and look at the server logs, passwords attemped, etc. But considering this happened to me once at PAP, and I know the jarwl account was used daily to read PAL for months.............well it's not hard to draw a conclusion that this is not a coincidence.

    Also keep in mind I doubt anyone expected me to find out about this attempt, or even worse, for me to make it public. Sometimes people simply get caught when they least expect it.

  15. The Following User Says Thank You to Enke For This Useful Post:


  16. #14
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Lou explained the player database sale with the suggestion that someone had hacked into his account to make the famous post - see the GPWA database sale discussion.

    Now, he appears to have done the exact same thing, hacking into an account.

    The irony.

  17. #15
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,582
    Thanks
    1,587
    Thanked 7,275 Times in 4,616 Posts

    Default

    OK, the server logs etc, are only going to point at the IP, and that is it.

    This is a crime that is being accused.

    Do you go through your logs and post the IP's of every single failed password attempt?

    Do you scan your user data looking to make sure that all other attempts are not current users trying to guess other account passwords?

    Website hack attaempts are a part of having a website.

    I brought up the whole scenario because I took a look at the server sitting on that ip and to me it looks as if it could use a little more security sitting in front of it.

    You guys may just be right, but we have seen many times in recent past where there were things stated that turned out to not be true, now granted they led to other things that should have been known previously, but I just posed this as something that should be looked at maybe, but stating it as fact might not be prudent without further investigation.

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  18. #16
    Enke is offline Public Member
    Join Date
    March 2007
    Posts
    29
    Thanks
    4
    Thanked 28 Times in 7 Posts

    Default

    Thanks for the heads up Universal. I am not a database administrator nor do I care to be one. Likewise before I receive my 4th legal threat from CAP, I will state that I am just reporting the facts about the information I have and I am not alleging any criminal activity by any individuals. Quite frankly I can think of 10,000 better ways to spend a weekend than this.

    I am simply just posting the information I readily have in front of me. I am working on extracting the attempted passwords. In the event they are passwords I used at PAP, then there is really no way to deny who attempted this. Likewise I suppose it is just ironic that this I.P. was also monitoring CAP/PAP/EMG threads at PAL closely.

    Nonetheless, I appreciate your thoughts on the topic, and feel free to shoot me a PM or email if there is anything I can provide for you that would shed more light on things. I am assuming by your title here, you are much more savvy than I am in respect to this type of stuff.

  19. #17
    Integrity's Avatar
    Integrity is offline Private Member
    Join Date
    September 2002
    Location
    Vegas State of Mind
    Posts
    1,600
    Blog Entries
    14
    Thanks
    856
    Thanked 966 Times in 367 Posts

    Default

    Totally discusting.

    Totaly expected.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •