If you use Rapid Action Profits, check your sites

52 replies
Thank goodness I'm using RAP Bank.

I found out this morning that it has a feature where it notifies you if it sees a change to the PayPal or equity partner address.

I received 2 notifications today. This scum had changed my info to his:

deng.mis [at] hotmail.com

He also inserted an "f-word" support email address.

I changed my RAP admin passwords, not sure if that will matter, and posted for advice in the RAP forum.

Point is, if you don't have your products on RAP Bank, you'd better check your dashboards. I doubt I was the only person hit.
#action #check #profits #rapid #sites
  • Profile picture of the author Gene Pimentel
    You're not alone Dennis, one of my RAP sites was hacked by the same bastage this morning. Thanks to RAPbank, I was notified immediately.
    {{ DiscussionBoard.errors[2528116].message }}
  • Profile picture of the author Dexx
    I thought RAP automatically emails you when any admin settings are changed...it did for me when I recently updated them in my dashboard...

    But the more troubling news is that your site got hacked to begin with! Are you running the latest version? (or which version are you using)
    {{ DiscussionBoard.errors[2528127].message }}
    • Profile picture of the author Dennis Becker
      Originally Posted by Dexx View Post

      I thought RAP automatically emails you when any admin settings are changed...it did for me when I recently updated them in my dashboard...

      But the more troubling news is that your site got hacked to begin with! Are you running the latest version? (or which version are you using)
      And no, RAP didn't notify me. RAP Bank did.

      And when I changed the admin settings myself to fix this, RAP didn't notify me.
      {{ DiscussionBoard.errors[2528149].message }}
      • Profile picture of the author halfpoint
        He got 2 of my sites a week or so ago but luckily he didn't end up with any money as I caught it quickly.

        Another Warrior (Kok Choon) had about 4-5 sales go from this same guy.

        I really have no idea how he still has an active PayPal account attached to that email address.
        {{ DiscussionBoard.errors[2528194].message }}
  • Profile picture of the author Dennis Becker
    I'm running 3.1.9, I haven't upgraded yet because I have so many domains, and there are compatibilties with some of the add-ons that have to be addressed, then testing and all that busy work.

    I know I should get up to date, but you know what? There's never enough time in the day to do everything. Once I hear from the RAP forum if installing the new version would have prevented this, I'll do what needs to be done, but I don't even know if that's the case yet.
    {{ DiscussionBoard.errors[2528144].message }}
  • Profile picture of the author Dexx
    What RAP version was your website Pat?

    Maybe we can find what the hacked sites have in common...if its the latest version then Sid will need to get on this ASAP...
    {{ DiscussionBoard.errors[2528202].message }}
    • Profile picture of the author halfpoint
      Originally Posted by Dexx View Post

      What RAP version was your website Pat?

      Maybe we can find what the hacked sites have in common...if its the latest version then Sid will need to get on this ASAP...
      It wasn't the most latest version. It was the one before that, I think.

      John Burnette handles all of my RAP stuff and he quickly upgraded them for me so I think I'm all good now.

      I still check them pretty much daily now, though.

      I'd say he'd most likely be finding them via a search string on Google.

      For example;

      inurl:affiliates "powered by Rapid Action Profits"
      {{ DiscussionBoard.errors[2528224].message }}
  • Profile picture of the author Dennis Becker
    Luckily he didn't cause any financial damage to me either. One site hasn't had a sale since May, and the other pays 100% commissions to affiliates, and he only changed the equity partner setting, so there was nothing to split among partners.
    {{ DiscussionBoard.errors[2528204].message }}
  • Profile picture of the author ECS Dave
    As I understand things, RAP's notification ability is tied to the latest release, not to earlier releases, such as the 3.1.9 version. A suggestion, if I may, those sites that you have Rapid Action Profits on, that are generating regular sales, update those ASAP, in order to minimize any revenue loss. Of course, the others should also be updated ASAP as well, but you get my point...

    Be Well!
    ECS Dave
    {{ DiscussionBoard.errors[2528318].message }}
  • Profile picture of the author Dennis Becker
    That makes sense.

    Thanks, Dave. I just wish Sid would say whether or not 3.2.4 would fix the problem, or if he has a new one that would bear waiting for.
    {{ DiscussionBoard.errors[2528324].message }}
    • Profile picture of the author Kevin Riley
      ******* got me too. I say disemboweling time. Fortunately, it's an older product so I think I caught it before there was even a sale. Still, good time to exercise the old disembowelling cutlasses.
      Signature
      Kevin Riley, Kevin Riley Publishing, Osaka, Japan


      {{ DiscussionBoard.errors[2528357].message }}
      • Profile picture of the author ECS Dave
        Originally Posted by Kevin Riley View Post

        ******* got me too. I say disemboweling time. Fortunately, it's an older product so I think I caught it before there was even a sale. Still, good time to exercise the old disembowelling cutlasses.
        To everyone, not just Mr. Kevin "Slice First, Ask Questions Later" Riley...

        Consider changing your passwords using https://secure.pctools.com/guides/password/ to generate STRONG passwords for your RAP admin access...

        Be Well!
        ECS Dave
        {{ DiscussionBoard.errors[2528371].message }}
        • Profile picture of the author Kevin Riley
          Originally Posted by ECS Dave View Post

          To everyone, not just Mr. Kevin "Slice First, Ask Questions Later" Riley...

          Consider changing your passwords using https://secure.pctools.com/guides/password/ to generate STRONG passwords for your RAP admin access...

          Be Well!
          ECS Dave
          What? "1234" is not secure enough?
          Signature
          Kevin Riley, Kevin Riley Publishing, Osaka, Japan


          {{ DiscussionBoard.errors[2528384].message }}
          • Profile picture of the author ECS Dave
            Originally Posted by Dennis Becker View Post

            I changed all my admin passwords already, but is that the way he gets in?
            I am NOT versed in the HOW the hackers get in, however, closing that particular door may help...


            Originally Posted by Kevin Riley View Post

            What? "1234" is not secure enough?
            Oh my... Lemme check that paypal account for you Mr. "G@%# !$#@, Where's My Money Gone To?" Riley...

            Be Well!
            ECS Dave
            {{ DiscussionBoard.errors[2528431].message }}
          • Profile picture of the author George Wright
            Originally Posted by Kevin Riley View Post

            What? "1234" is not secure enough?
            Two things Mr. Riley, 1. How did you guess the password to all my accounts and 2. why are you making it public?

            George Wright
            Signature
            "The first chapter sells the book; the last chapter sells the next book." Mickey Spillane
            {{ DiscussionBoard.errors[2530280].message }}
            • Profile picture of the author rts2271
              Are there any public notifications or posts from RAP about this? I'd like to send this to my clients so they can check their assets.
              {{ DiscussionBoard.errors[2530294].message }}
              • Profile picture of the author JohnMcCabe
                Originally Posted by Kevin Riley View Post

                What? "1234" is not secure enough?
                Originally Posted by George Wright View Post

                Two things Mr. Riley, 1. How did you guess the password to all my accounts and 2. why are you making it public?

                George Wright
                Damn, George, what are the odds we'd pick the same password?

                I'm gonna change all of mine to "password", but don't tell anyone, okay?

                :p
                {{ DiscussionBoard.errors[2531103].message }}
          • Profile picture of the author R Hagel
            Originally Posted by Kevin Riley View Post

            What? "1234" is not secure enough?
            Jeepers, Riley. You've been in this business long enough to know better. Seriously? 1234?

            Geeze. Everyone knows you need at least a five character password: 12345.

            Some people.
            {{ DiscussionBoard.errors[2531573].message }}
  • Profile picture of the author Dennis Becker
    I changed all my admin passwords already, but is that the way he gets in?
    {{ DiscussionBoard.errors[2528382].message }}
  • Profile picture of the author Lifeimprovement
    Strong passwords are essential. I am curious why most sites don't have a lockdown mode where you can get wrong more than 10 times a day. That would prevent these brute force hacks.

    Note: This is a general statement and not aimed at Rapid Action Profits
    {{ DiscussionBoard.errors[2528440].message }}
    • Profile picture of the author Boomachucka
      Originally Posted by Lifeimprovement View Post

      Strong passwords are essential. I am curious why most sites don't have a lockdown mode where you can get wrong more than 10 times a day. That would prevent these brute force hacks.

      Note: This is a general statement and not aimed at Rapid Action Profits

      I would say the most likely case for these intrusions are due to SQL injections - attacking a website on a brute force bases would take a ridiculously long amount of time. It takes long enough with a supercomputer guessing the password on local files unless it's really easy.
      {{ DiscussionBoard.errors[2531398].message }}
  • Profile picture of the author James B. Allen
    Same hacker/email, same problem for me today too.

    Install.php file always removed during setup. Strong username & password - unchanged - so appears to be a backdoor. Site's in offline mode until I hear back from the RAP folks.

    Glad to have gotten the notification from RAP Bank - but not the email I wanted to wake up to on a Sunday morning.
    {{ DiscussionBoard.errors[2529226].message }}
  • Profile picture of the author globalpro
    OK,

    Am curious. How many are using RAP Bank that got hacked?

    Also, I sent a heads up message to Sid about this.

    Thanks,

    John
    {{ DiscussionBoard.errors[2529815].message }}
    • Profile picture of the author Tom B
      Banned
      The two products that I had listed on RAP Bank has also been hacked.

      My other products have not been hacked. They must be finding the products through rap bank.

      I wonder if it is RAP or the Rap Bank Addon that has the security problem.
      {{ DiscussionBoard.errors[2529817].message }}
  • Profile picture of the author Dennis Becker
    My products are all on RAP Bank.

    But one of my Earn1KaDay members had this to say:

    I had the same thing happen by the same scumbag (deng.mis or what ever)... and I'm not listed on RapBank nor do I have affiliates... I think he's searching for an indexed version number and exploiting the weaknesses of those.
    {{ DiscussionBoard.errors[2529866].message }}
    • Profile picture of the author Tom B
      Banned
      How do we tell what version number we are running?
      {{ DiscussionBoard.errors[2529871].message }}
      • Profile picture of the author Gene Pimentel
        Originally Posted by Thomas Belknap View Post

        How do we tell what version number we are running?
        It'll say the version number right at the top of your dashboard. Can't miss it.
        {{ DiscussionBoard.errors[2529878].message }}
        • Profile picture of the author Tom B
          Banned
          Originally Posted by Gene Pimentel View Post

          It'll say the version number right at the top of your dashboard. Can't miss it.

          haha DUH! Thanks Gene.
          {{ DiscussionBoard.errors[2529882].message }}
  • Profile picture of the author zinally
    Wow! That is bad! I really can't understad why ppl do this kind of stuff. Hope our fellow IM marketers are being spared from these unethical behavior. However do check cos better safe than sorry. Thanks for the feedback.
    {{ DiscussionBoard.errors[2530262].message }}
  • Profile picture of the author globalpro
    I gave Sid a link to this thread, so he can get up to speed with what is going on.

    Thanks,

    John
    {{ DiscussionBoard.errors[2530266].message }}
  • Profile picture of the author JamesPenn
    I got done as well on an older version of RAP. My updated RAP was not hacked, however.

    Why does this guy still have a Paypal account?

    James
    {{ DiscussionBoard.errors[2531458].message }}
    • Profile picture of the author globalpro
      Originally Posted by JamesPenn View Post

      Why does this guy still have a Paypal account?
      James
      Maybe if the email address is reported to PayPal would help close this one down. I know in the past, I have reported others to PP and the account gets removed.

      spoof@paypal.com

      Thanks,

      John
      {{ DiscussionBoard.errors[2531473].message }}
      • Profile picture of the author Dexx
        Originally Posted by globalpro View Post

        Maybe if the email address is reported to PayPal would help close this one down. I know in the past, I have reported others to PP and the account gets removed.

        spoof@paypal.com

        Thanks,

        John
        I think PayPal only cares when their good name / brand image is at risk...someone with a paypal hacking into websites and re-directing the money to their paypal account...paypal can't be "held accountable."

        Unlike someone using Paypal to collect money for ecommerce etc.

        That and the "proof" aspect of things...

        Really at the end of the day, hackers are gonna hack, and the guy is probably in some Nigerian-style country that won't do anything anyways...not to mention he could always just create a new paypal account and keep going...

        Best bet is just to upgrade to new versions of RAP to fix all known security holes and the new version DOES send an email out when any system settings are changed, so that's also a benefit in stopping his lil' game.
        {{ DiscussionBoard.errors[2531506].message }}
    • Profile picture of the author Maria Gudelis
      Originally Posted by JamesPenn View Post

      I got done as well on an older version of RAP. My updated RAP was not hacked, however.

      Why does this guy still have a Paypal account?

      James
      Don't get me %*#$ going on paypal -they don't do anything about these %$#_stards....we informed paypal on blatant info product stealing of mine - etc. and here is the guys' paypal id blah blah blah....paypal does nothing...oh - they may choose to freeze your own account! urghhhh.... that's why i have more than one paypal account, and a merchant acct! backup
      Signature

      Brand NEW: How To Dominate Facebook SEO - LIVE Coaching - Closes SOON! Get In Now Click Here


      {{ DiscussionBoard.errors[2531480].message }}
  • Profile picture of the author Dennis Gaskill
    I hope you folks that are getting hacked have reported this to Paypal. I should think if Paypal starts getting complaints they will suspend the hacker's account. In an ideal world they would even report the user to his local law enforcement agency.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[2531627].message }}
  • Profile picture of the author Steve Peters Benn
    Are you guys looking at server logs? You might find that the hacks are all coming from a forum post or something like that?
    {{ DiscussionBoard.errors[2531730].message }}
    • Profile picture of the author takingaction
      Just got 2 notifications from RAPBank and found that a 3rd site had also been hacked. I thought my 3.1 versions were all up to date. Just haven't switched to 3.2 yet.
      {{ DiscussionBoard.errors[2537363].message }}
    • Profile picture of the author wortell
      Originally Posted by Steve Peters Benn View Post

      Are you guys looking at server logs? You might find that the hacks are all coming from a forum post or something like that?
      Spent a lot of time doing this before, and found that people (who were getting 'hacked' so to speak) either had exposed install files (un-taken care of) or were just plain not using updated RAP versions... anything less than 3.2 runs a severe security rick.

      This may be mute, but even myself I found that on ONE of my 7 sites, I left an (ahem!) exposed installation file... and voila! an 8-day gap of $700 in losses (nice, eh?) sent me to paypal to complain!

      After of course, I took care of the issue...

      but YES! I found it by looking at my access_logs (found above html root) and doing some covert investigating .

      outside of that one incident, I've got 2 sites at 3.03, 3 at 3.1.3 (with fixes for security) and a couple others at 3.2+.

      But since that one incident, no other issues... nada, none, not a single-flippin' one...

      SEVERAL attempts! (as seen by the access logs - same hackin' ip addy) but nothing successful to now there's no unusual activity.

      these security issues were the same ones used in RAP 3.2+ {hint-hint}

      later.
      Signature

      Bill "Red Bill" Ortell
      RAP Addons, WP Plugins, Graphics, and Scripts
      WSOs: SecureDL Protects files above/below ROOT, across domains, including Amazon S3
      RAP Bank - *the* Instant Commissions Vault - 100s of instant commission products
      List-N-Earn - List/Sell YOUR products on RAP Bank without owning RapidActionProfits

      {{ DiscussionBoard.errors[2538032].message }}
  • Profile picture of the author Dennis Becker
    Trouble is, RAP Bank keeps notifying me about a change to this one site. And every time I go over to look, nothing's been changed. It was originally, I fixed it back to what it should be, but RAP Bank somehow is sensing a change every time it comes around to check.
    {{ DiscussionBoard.errors[2537385].message }}
    • Profile picture of the author netkickstart
      Originally Posted by Dennis Becker View Post

      Trouble is, RAP Bank keeps notifying me about a change to this one site. And every time I go over to look, nothing's been changed. It was originally, I fixed it back to what it should be, but RAP Bank somehow is sensing a change every time it comes around to check.
      Hi, Dennis. Assuming you've checked your equity partner spots and everything looks right there too, please do drop us a support ticket at RAP Bank - Instant Payment King and we'll get to the bottom of it, with apologies for the false positives. I don't see that it's happening to anyone else. Lucky you.
      Signature
      {{ DiscussionBoard.errors[2537955].message }}
  • Profile picture of the author Dennis Becker
    Thanks. Yeah, lucky me. I wasn't going to complain until after I get the site upgraded to 3.2.4, and the latest RAP Bank release. After that, hopefully it will go away.

    Yeah, I checked the equity partner emails also, that's the one that was originally changed by the scumbag.
    {{ DiscussionBoard.errors[2537995].message }}
  • Profile picture of the author Stuart Stirling
    I got done the first time about a week ago and then 2 more times today!
    I don't think they got any sales because I removed the scumbag's email
    pretty quick..

    All sites were still running 3.1 but have since updated to 3.2 except for one
    but will have to do that asap. I wouldn't have know if I didn't get the alert
    email from rap bank.. thanks Bill!
    {{ DiscussionBoard.errors[2539904].message }}
  • Profile picture of the author Matt Morgan
    Originally Posted by Dennis Becker View Post

    Thank goodness I'm using RAP Bank.

    I found out this morning that it has a feature where it notifies you if it sees a change to the PayPal or equity partner address.

    I received 2 notifications today. This scum had changed my info to his:
    They are ahead of the game, and can catch people out
    Signature
    -> [FREE WSO 1] Discover 77 FREE Ways To Generate Traffic!
    -> [FREE WSO 2] Discover 67 Killer Traffic Methods Which Will Crush Your Competition!
    -> [FREE WSO 3] Discover 77 Amazing Blogging Tips To Explode Your Profits!

    ...…..Now LISTEN CAREFULLY! ===> [WSO REPORTS 4, 5, 6 are >> Found Here]
    {{ DiscussionBoard.errors[2577706].message }}
  • Profile picture of the author Luke McCormack
    Thanks for the heads up guys, will now be paying more attention to upgrades and notifications!
    {{ DiscussionBoard.errors[2577800].message }}
  • Profile picture of the author webmaestro
    Having been appraised myself some time ago of the potential problems on a site of mine about the issues re: SQL injections (Google for it) I'd say, in agreement with Boomachucka, that it's MUCH more likely to be something like this and/or the leaving of standard files like install.php (or whatever) that cause such problems rather than password cracking.

    STRONG passwords should be mandatory and LONG - I despair of the number of sites that STILL limit passwords to ONLY 8 characters - since even BEFORE being attacked by the very FIRST Internet worm (unsuccessfully! ... > 450 unsuccessful attempts logged!) over 20 years ago I have NEVER used less than 13 characters in any of my passwords. With software like LastPass and Roboform and others available, using the excuse of "I can't remember my password if it's more than 6 characters" just doesn't wash any more. The solution to password cracking lies solely in YOUR hands.

    Leaving standard files (like install.php) on your server is likewise your OWN responsibility and if you do leave them lying around and they're used to hack your site ... well who's a brainless muppet then? I do wonder about the quality of thinking from some of the people who code in this way though - I mean just HOW hard is it to delete a file automatically as part of a (successful) installation - it's JUST SMOP (Simple Matter Of Programming)!

    The solution to badly coded software that leaves SQL injection holes all over is a far bigger problem that is typically NOT in your hands (to solve anyway) since the code usually (but not always) sits on a third party site and to which you may have NO access at all. Again though it's down to the distinct lack of good programming and data handling practice that exists on the Internet (and elsewhere - look no further than those gross security violators Microsoft for countless examples of appallingly bad and inconsistent coding practice).

    However, where the code sits on your OWN site and is NOT obfuscated by Zend or equivalent it is WELL worth just understanding the SQL injection process and checking out the code yourself. You do NOT have to be a programmer to do this, just check out any of the HUGE amount of info available on this subject via a Google search, open relevant PHP files in a text editor and search for SQL statements within the code. Just comparing these to on-line samples of good and bad code will tell you very quickly and without becoming a programming expert IF the code is poorly written or not from a SQL perspective. Here's a good link to give a reasonably understandable explanation and examples (just Googled it):

    unixwiz.net/techtips/sql-injection.html - sorry I can't post a clickable link

    I don't have or use RAP so I can't do such a check to confirm or deny this possibility, but perhaps someone on the forum that has it and is not afraid to search through the PHP text might want to check it out. Alternatively, if the owner of RAP follows this forum and reads this thread perhaps they'd like to have their code security vetted by an approved and independent source and publish the findings here on the forum to boost users' confidence.

    Good security is a matter of mindset and awareness - if you're NOT aware of issues then you are extremely vulnerable. If you are aware, but of the mindset that it's "someone else's problem" I'd argue that you are just as, if not even more vulnerable, and certainly grossly negligent not to check things out properly. Get clued up on the basics at least and don't even think of bitching to Paypal - it's NOT their problem OR responsibility to solve YOUR site's security holes - It's YOURS!

    Best regards.
    {{ DiscussionBoard.errors[2710178].message }}
  • Profile picture of the author Paul Myers
    WebMaestro,

    Excellent points. I'd add just one thing: Do not use the same password for more than one thing. Re-using passwords (especially the way many people do, which is "the same one for everything") is a recipe for big trouble.

    To make the point, consider this, from XKCD.com:



    (Note: Cartoon specifically licensed for non-commercial re-distribution.)
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[2710202].message }}
    • Profile picture of the author CDarklock
      Originally Posted by Paul Myers View Post

      Re-using passwords (especially the way many people do, which is "the same one for everything") is a recipe for big trouble.
      Especially in a world where just about every site will email your password to you if you click a link and put in your username.
      Signature
      "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
      {{ DiscussionBoard.errors[2710310].message }}

Trending Topics