Page 2 of 4 FirstFirst 1234 LastLast
Results 21 to 40 of 75
  1. #21
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default

    Quote Originally Posted by ElaineGardiner View Post
    Hi guys,

    I'm not sure if this is the same guy or not but I found this page today:

    xxx.asaub.edu.bd/?kbfjijyfqp=scandinavia/automater-p-nett.php which is a Bangladesh University.

    The affiliate programs seem to be similar as to ones Leopold mentioned.

    /Elaine
    "I'm not sure if this is the same guy or not but I found this page today: xxx.asaub.edu.bd/?kbfjijyfqp=scandinavia/automater-p-nett.php which is a Bangladesh University. The affiliate programs seem to be similar as to ones Leopold mentioned."

    Thank you Elaine so much for your discovery. I don't know if this is the same guy, but the hack is for sure a different one (3rd edition). Your post is very important.

    Please enter in your Google search box

    site:asaub.edu.bd casino

    to see the vast extent of hacking in your victim example.

    You will see results like this: http://tinyurl.com/mce6bgl

    This hack is different, because the hacked websites of the victim will be blocked by Kaspersky. So this hack is more malicious. Not the domain will be blocked (asaub.edu.bd). It's the root of evil, that will be blocked, because a code implented into the victims website is the engine to awake the monster.

    Root of evil in 3rd edition hack: rokebyvenus.com
    (Discovered by Elaine Gardiner )

    Leopold

  2. The Following 4 Users Say Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (13 January 2015), dfiocch (13 January 2015), ElaineGardiner (13 January 2015), thepogg (13 January 2015)

  3. #22
    thepogg's Avatar
    thepogg is offline Private Member
    Join Date
    August 2011
    Posts
    711
    Blog Entries
    8
    Thanks
    284
    Thanked 620 Times in 303 Posts

    Default

    It's interesting to note that the site in question is a 100% lift from Gambling.com (anyone know the owners?) and is using the GPWA seal, CAP seal, iGB Award seal and the Poker Player's Alliance seal (never heard of them but I'm not a poker player. The code's clearly just been ripped out the Gambling.com site as the PPA seal has an active link in it, though I note that the GPWA seal doesn't and I thought that was a requirement of having the seal?
    Casino Reviews, Casino Complaints, Terms and Conditions Monitoring and the biggest Slots RTP resource on the web -
    thepogg.com - POGGWebmasters.com

    ThePOGG Auditing Service

    "I've got nothing left, It's kind of wonderful, 'Cause there's nothing they can take away"

    Broken Bells

  4. #23
    thepogg's Avatar
    thepogg is offline Private Member
    Join Date
    August 2011
    Posts
    711
    Blog Entries
    8
    Thanks
    284
    Thanked 620 Times in 303 Posts

    Default

    My apologies - the site that the pages are linking to is a rip off of Gambling.com (hxxp://potatoeaters.net/uk/#)
    Casino Reviews, Casino Complaints, Terms and Conditions Monitoring and the biggest Slots RTP resource on the web -
    thepogg.com - POGGWebmasters.com

    ThePOGG Auditing Service

    "I've got nothing left, It's kind of wonderful, 'Cause there's nothing they can take away"

    Broken Bells

  5. #24
    Anthony's Avatar
    Anthony is offline Affiliate Services
    Join Date
    June 2003
    Location
    Everywhere
    Posts
    7,063
    Blog Entries
    67
    Thanks
    2,031
    Thanked 3,350 Times in 1,758 Posts

    Default

    AffPower replied to my request and are removing the GPWA logos immediately.

    They apologized for the use and said it was the designer's error.
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  6. The Following 3 Users Say Thank You to Anthony For This Useful Post:

    -Shay- (13 January 2015), Roulette Zeitung (13 January 2015), thepogg (13 January 2015)

  7. #25
    Alex911 is offline New Member
    Join Date
    November 2014
    Posts
    6
    Thanks
    4
    Thanked 3 Times in 1 Post

    Default bestcasinoarticles . net

    Hi, i found one new one domain bestcasinoarticles . net
    client.php file with encripted code at upload directory of my WP blog and rewrire path at .htaccess


    Roulette Zeitung can you said how to protect WP from this hacker?
    This is alredy second time my blog is hacking. All changes was made from ip 103.24.220.18, is hacker from China?

    Alex

  8. #26
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default

    Hello Alex,

    have you done all actions described in this post?

    ===> https://www.gpwa.org/forum/current-c...tml#post776421

    and actions regarding the 1st hack edition described in this post?

    ===> https://www.gpwa.org/forum/urgent-al...tml#post767493

    Leopold
    Last edited by Roulette Zeitung; 13 January 2015 at 4:30 pm.

  9. The Following 3 Users Say Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (13 January 2015), Alex911 (14 January 2015), Zuga (15 January 2015)

  10. #27
    Alex911 is offline New Member
    Join Date
    November 2014
    Posts
    6
    Thanks
    4
    Thanked 3 Times in 1 Post

    Default

    Thanks, I will try

  11. #28
    Scampi's Avatar
    Scampi is offline Private Member
    Join Date
    August 2013
    Posts
    855
    Thanks
    371
    Thanked 307 Times in 181 Posts

    Default

    One of my work in progress sites was hacked, with added extensions; /bingo-online /online-casino-canada /online-casino-australia /horse-racing
    Each page was a similar table to the other hacked sites mentioned here (verifiedcasinos). 888 was the hackers 2nd recommended choice, the other brands I had not heard of.
    Updating to Wordpress 4.1 cured the problem, so people who use Wordpress, make sure you are on the latest update.
    Last edited by Scampi; 14 January 2015 at 4:44 pm. Reason: Clarification

  12. #29
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default

    Quote Originally Posted by Gambling Joe View Post
    Each page was a similar table to the other hacked sites mentioned here (verifiedcasinos).
    "mentioned here (verifiedcasinos)"
    This is not the verifiedcasinos hack thread. It's obviously the thread for the 2nd and 3rd editon of the hack.

    Some essential things:

    The malicious file decoded

    As I promised, here are the original (encoded) and decoded version of the malicious client.php. In the decoded version you will see a lot of Russian notes. Perhaps the script is purchased.

    Original version of client.php as it will be infiltrated in victims websites (You don't see anything useful):
    ===> https://gist.github.com/anonymous/9aa95407aee33b467c62

    Completely decoded version of client.php (With Russian notes and some other exicting things e.g. a very interesting link in the header of the script ("[...] $myHost = "zerowebstats.com"; //адресс твоего сервера (доргена)")):
    ===> https://gist.github.com/anonymous/e2c97e57f5d74d12ab6c

    Leopold
    Last edited by Roulette Zeitung; 15 January 2015 at 4:10 am.

  13. The Following 3 Users Say Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (15 January 2015), thepogg (15 January 2015), universal4 (15 January 2015)

  14. #30
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default

    My regarded forum colleague from Great Britain thebookiesoffers gave me a very interesting hint today.
    futurebusinessmagnates.co.uk/online-casino-bonuses/
    A victim website.

    Look, how much entries was infiltrated: http://tinyurl.com/ngggmho

    Go back to futurebusinessmagnates.co.uk/online-casino-bonuses/.

    You see the menu "Rank", "Casino", "Special Bonus Offer" ...
    It's a graphic. So click right (!) to see address of the graphic.

    Url of graphic: stylesshet.net/casino/top/images/top-online_05.png
    Enter the root into your browser: stylesshet.net
    You will see this:



    ---

    Read my post from yesterday.

    Quote Originally Posted by Roulette Zeitung
    Completely decoded version of client.php (With Russian notes and some other exicting things e.g. a very interesting link in the header of the script ("[...] $myHost = "zerowebstats.com"; //адресс твоего сервера (доргена)")):
    "zerowebstats.com"

    Go to zerowebstats.com.

    You will see this:



    ---

    You see the pattern?



    I checked it. Both graphics will be automatically visible if you have a relationship to ISPsystem.com

    Graphic host and hacking engine: zerowebstats.com | stylesshet.net = Russia (ISPsystem.com)

    For me ISPsystem.com is down or slow, but their forum is loading:

    English: forum.ispsystem.com/en/index.php
    Russian: forum.ispsystem.com/ru/index.php

    So the Russian code in the client.php was no accident!

    Leopold

  15. The Following 5 Users Say Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (16 January 2015), Alex911 (17 January 2015), dfiocch (18 January 2015), GCG (20 January 2015), thepogg (16 January 2015)

  16. #31
    thepogg's Avatar
    thepogg is offline Private Member
    Join Date
    August 2011
    Posts
    711
    Blog Entries
    8
    Thanks
    284
    Thanked 620 Times in 303 Posts

    Default

    I've been saying that "someone" should contact the various gambling regulators responsible for the venues that have continued to be listed with these groups for some time now, so I decided this afternoon to stop being the one talking about it and start being the one doing it. I've sent the following email to the New Jersey licensing commission (in regard to 888 ) and the UKGC (in regard to several brands);

    Quote Originally Posted by ThePOGG
    Hello,

    In the last 4 months a serious issue has emerged in the online gambling affiliate spectrum that is having substantial implications for the industry. Certain Wordpress vulnerabilities are being exploited by individuals/groups to hack into otherwise non-gambling and trustworthy sites (instances have been recorded of old folks homes, schools and universities) and illegally place gambling content.

    Many responsible vendors have quickly taken action against any affiliate found to be involved in this type of activity and this action has had a substantial impact on the revenue streams for those groups engaged in such unauthorised and illegal activity.

    Unfortunately several groups that holds a UKGC gambling license have continued to work with these individual/groups despite being made aware of this issue numerous times by several parties. A short but far from exhaustive list casinos knowingly continuing to receive prominent placement and substantial traffic/earnings derived directly from parties engaged in cyber crimes follows;


    Spin Palace/Spin Casino
    888

    Betway

    Noble/S/Titan

    Winner/Casino Las Vegas

    For your convenience I'll draw your attention to several extended discussions of these issues on various industry forums;

    http://www.affiliateguarddog.com/com...-hacking.8099/
    https://www.gpwa.org/forum/affiliate...hlight=hacking
    https://www.gpwa.org/forum/urgent-al...hlight=hacking
    https://www.gpwa.org/forum/current-c...tml#post776691 (this post highlights a clear example of a hacked university website - I've attached a screenshot of the webpage showing various UKGC licensed casinos)

    I hope this information proves useful to you and that you will be able to take action to ensure that UKGC licensed casinos do not continue to work with affiliate partners engaged in such disreputable behaviour. If you need any further information please do not hesitate to get in contact. If I do not know the answers myself I'll be sure to put you directly in contact with someone who does.

    (owner of ThePOGG.com)
    Casino Reviews, Casino Complaints, Terms and Conditions Monitoring and the biggest Slots RTP resource on the web -
    thepogg.com - POGGWebmasters.com

    ThePOGG Auditing Service

    "I've got nothing left, It's kind of wonderful, 'Cause there's nothing they can take away"

    Broken Bells

  17. The Following 8 Users Say Thank You to thepogg For This Useful Post:

    -Shay- (20 January 2015), dfiocch (19 January 2015), GCG (20 January 2015), Jokerman99 (17 January 2015), Moonlight Cat (24 January 2015), Roulette Zeitung (18 January 2015), Zuga (18 January 2015)

  18. #32
    Alex911 is offline New Member
    Join Date
    November 2014
    Posts
    6
    Thanks
    4
    Thanked 3 Times in 1 Post

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    My regarded forum colleague from Great Britain thebookiesoffers gave me a very interesting hint today.
    futurebusinessmagnates.co.uk/online-casino-bonuses/
    A victim website.

    Look, how much entries was infiltrated: http://tinyurl.com/ngggmho

    Go back to futurebusinessmagnates.co.uk/online-casino-bonuses/.

    You see the menu "Rank", "Casino", "Special Bonus Offer" ...
    It's a graphic. So click right (!) to see address of the graphic.

    Url of graphic: stylesshet.net/casino/top/images/top-online_05.png
    Enter the root into your browser: stylesshet.net
    And if you open source of stylesshet . net, you can find interesting script:






  19. #33
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default



    Thank you thepogg for writing this letter. That was a great job.

    On your shame list among others is 888.
    For the audience it should be very interesting, that the German market leader is working with criminals not for the first time!

    By the way: 888 staff is obviously crawling out of their holes and nests:

    anna888
    New Member
    Posts: 0
    Last Activity: 18 Jan 2015
    Join Date: 15 Jan 2015
    Occupation: Affiliate Account Manager
    Source: https://www.gpwa.org/member/anna888

    Anna is reading here on GPWA, also in this thread. There is no other reason to open an account, because it was at any time policy of 888 to refuse solving problems with third parties.

    Now we will look, what 888 did in the other hacker case (verifiedcasinos), because this includes also the answer to the question, why they are again on the new list, regarding this thread, acting as an accomplice of hacking:

    Anthony
    30. October 2014

    "these are the ones that have stopped or are stopping their relationship with the hacker [...] Is moving in a positive direction, but don't have firm commitment yet. 888.com"
    Source: https://www.gpwa.org/forum/urgent-al...tml#post771018

    thepogg
    7. November 2014

    "Any news on the 888 group?"
    Source: https://www.gpwa.org/forum/urgent-al...tml#post771763

    Anthony
    13. November 2014

    "Michael spoke with 888 at the SiGMA conference and I hope to have an update on them soon."
    Source: https://www.gpwa.org/forum/urgent-al...tml#post772304

    [Sidenote: Sigma Conference was from November 10-12 2014]

    thepogg
    30. December 2014

    "Due to the ongoing presence of certain programs on clearly hacked sites I've decided to upgrade from Not Recommended to Blacklisted status [...] 888 - 888, Reef Club, Supro, Casino-On-Net, Casino 848"
    Source: https://www.gpwa.org/forum/urgent-al...tml#post775761

    After 13. November 2014 no updates were published, no confirmation obviously was ever sent to Anthony.

    The fact, that thepogg blacklisted 888 on 30. December 2014 (more than 6 weeks after Sigma Conference!) proofs, 888 was still accomplice of a crime at least until this day. So there is no doubt, that it was an intentional cooperation between 888 and the criminal, knowingly and willingly, because the quoted posts demonstrate, 888 was provably informed about the situation by Anthony Telesca and Michael Corfman.

    And now, with this new crime -hacking version #2 and #3- it's the same situation:

    Roulette Zeitung
    11. January 2015

    "Here is the complete list of all casinos / programs who are involved -knowingly or unknowingly- in abuse of children, old and sick people and their helpers right now. [...] 888 Casino 888Affiliates Germany - Canada - Finland - Netherlands - UK - Italy de.888casino.com/exclusive/freeplay.htm?sr=1064403"
    Source: https://www.gpwa.org/forum/current-c...tml#post776542

    Anthony
    12 January 2015

    "I have now contacted everyone on the list Leopold posted."
    Source: https://www.gpwa.org/forum/current-c...tml#post776619


    Today
    18. January 2015

    The result?

    anna888
    New Member
    Posts: 0
    Last Activity: 18 Jan 2015
    Join Date: 15 Jan 2015
    "Posts: 0"
    [Again] No update, no verification, no statement, no intention to terminate cooperation with the criminal.

    Leopold

  20. The Following User Says Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (18 January 2015)

  21. #34
    Muppet is offline Private Member
    Join Date
    December 2007
    Posts
    575
    Thanks
    165
    Thanked 659 Times in 289 Posts

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    "BestPay Partners closed that related affiliate account with immediate effect since we from BestPay Partners don't provide ground for affiliates/partners with a negative impact on our industry."

    Dear reader,

    you see? Acting as a real model -as John did- is as easy as opening a full saliva producing jam jar.
    Click the French, Spanish, or Italian flag and you will see that all their brands are still clearly on the site.

  22. #35
    dfiocch's Avatar
    dfiocch is offline Private Member
    Join Date
    September 2006
    Posts
    878
    Thanks
    789
    Thanked 567 Times in 350 Posts

    Default

    Quote Originally Posted by Muppet View Post
    Click the French, Spanish, or Italian flag and you will see that all their brands are still clearly on the site.
    Confirmed: I can see (IT IP, US IP, CA IP, FR IP tested) that all their brands are still live.

  23. #36
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,446
    Blog Entries
    5
    Thanks
    6,015
    Thanked 6,685 Times in 2,950 Posts

    Default

    Quote Originally Posted by Muppet View Post
    Click the French, Spanish, or Italian flag and you will see that all their brands are still clearly on the site.
    Quote Originally Posted by dfiocch
    Confirmed: I can see (IT IP, US IP, CA IP, FR IP tested) that all their brands are still live.
    What's the meaning of this ... today?
    Nothing.
    Because there are absolutely no changes at luckycasinoslist until this moment (as things stand today)!
    If I am wrong, then please tell me exactly the changes on the list that was made.

    So, if you want in public call Miss Clara Hans from AffActive (the same situation as BPP*) and John Stein from Bestpayparters a liar (liar = at least indirect results of your post) only because of a "frozen" (!) list, then you have to bring more evidence, because a false statement of a real existing representative with a real name (no fake like "DinoG") would be sheer suicide, and if you think twice, a "frozen" list is no evidence.

    Moreover: For me a public statement from Clara and John is as long a credible statement until the contrary is proven by new facts.

    And exactly here comes the difference between these two programs (AffActive and Bestpaypartners) and e.g. 888, Affpower or AffEurope. These three evil examples refuse to terminate the cooperation with criminals in public or they played for time (888 without any statement). No public statement from (at least) all these three programs exist, that the criminal affiliate account was suspended. Not for the first case and not in this current case.

    It is a narrow ridge between serious investigation and indiscriminate use of sensationalism.

    And don't forget, that with a probability bordering on certainty the hacker is reading this thread too! Please don't play into his hands. I can not go into details in public to force his games.

    Leopold

    ----

    *Clara
    13. January 2014

    "Hi Roulette, thanks for bringing this to our attention on the forum. I spoke with Antony today by email. The affiliate account has been suspended."
    Source: https://www.gpwa.org/forum/affactive...tml#post776698
    AffActive brands also still on the "frozen" list!

  24. The Following 2 Users Say Thank You to Roulette Zeitung For This Useful Post:

    GCG (20 January 2015), thepogg (20 January 2015)

  25. #37
    dfiocch's Avatar
    dfiocch is offline Private Member
    Join Date
    September 2006
    Posts
    878
    Thanks
    789
    Thanked 567 Times in 350 Posts

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    What's the meaning of this ... today?
    ... a probability bordering on certainty the hacker is reading ...
    He/she is not an hacker, he/she is a lamer.
    Every guy who knows "techs and mechs" of the web could do such a thing . Anyone who works on the web would be able to inject code into other sites (assuming you know the basic techniques of programming ).

    Hackers are the "warriors" of the web. He/she is just a criminal

  26. The Following User Says Thank You to dfiocch For This Useful Post:

    -Shay- (20 January 2015)

  27. #38
    coreen.starpartner is offline Sponsor Affiliate Program
    Join Date
    August 2014
    Location
    South Africa
    Posts
    109
    Thanks
    45
    Thanked 39 Times in 28 Posts

    Default

    You should start working for the FBI Roulette Zeitung Thanks a lot for this post.

    It's crazy how these sites pop up on a daily basis.

    I'll be sure to have a look out for these guys when trying to register with us.

  28. The Following 4 Users Say Thank You to coreen.starpartner For This Useful Post:

    -Shay- (20 January 2015), dfiocch (20 January 2015), Roulette Zeitung (20 January 2015), thepogg (20 January 2015)

  29. #39
    GCG
    GCG is offline Public Member
    Join Date
    February 2009
    Location
    Not here
    Posts
    1,249
    Thanks
    291
    Thanked 759 Times in 418 Posts

    Default

    For the love of money is a root of all kinds of evil.

    Someone should report the hacker / programs on his list to Interpol for supporting a terrorist group with financial means.

    I guarantee you one they hear the T word the squad will raid on the suspects and ask questions later.

  30. The Following 2 Users Say Thank You to GCG For This Useful Post:

    -Shay- (20 January 2015), dfiocch (20 January 2015)

  31. #40
    Anthony's Avatar
    Anthony is offline Affiliate Services
    Join Date
    June 2003
    Location
    Everywhere
    Posts
    7,063
    Blog Entries
    67
    Thanks
    2,031
    Thanked 3,350 Times in 1,758 Posts

    Default

    I have some updates from programs I contacted regarding luckycasinolist.com

    Fortune Affiliates terminated the account and asked all of their materials to be removed. This is the second account FA has terminated. The hacker has been slow to remove sites, but that does not mean an affiliate program has not taken acted. I want to thank Fortune for taking action quickly each time I reach out to them.

    Affactive said they also terminated the account and asked to be removed from the site. Affactive sites have been removed from verified casinos, but are still on lucky casino list.

    Winner Affiliates is looking into the site and will have an update for me soon.
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  32. The Following 3 Users Say Thank You to Anthony For This Useful Post:

    -Shay- (20 January 2015), Roulette Zeitung (20 January 2015), thepogg (20 January 2015)

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •