cj.com are you familiar?

[PinoyIto]

When I check my site log stat. I found this dns ace.cj.com with ip address 216.34.209.23. It crawl every pages of my site. Are you familiar with it?

[T0PS3O]

Never seen that before. Maybe they check for dead aff links?

Anyway, looking on that domain gives some weird stuff that doesn't make any sense to the untrained eye: http://ace.cj.com/ace/export.do?action=poll The HELP suggests it's an intranet feature http://help.cj.com/intranethelp/CMS/ACE_Help.htm

I exported a repository out of interest and get this:

Code:

accounts.other.mail.rename_folder.new_name=Enter new folder name
accounts.other.reauthenticate.currPasswd.incorrect=Incorrect password for {0}
accounts.others.confirm_edit_contact.title=Confirm User Settings Change
accounts.others.coowner.reauthenticate.passwd=Enter co-owner password
accounts.others.member.reauthenticate.passwd=Enter superuser password
accounts.others.reauthenticate.magic_word=Enter the characters shown in the image above
accounts.others.reauthenticate.note=A superuser password is required to make changes to this section. Interesting
accounts.others.reauthenticate.title=Reauthenticate Superuser Password
action=Number of Actions
adv.account.index.12_mon=12 Month
adv.account.index.30_day=30 Day
adv.account.index.3_mon=3 month
adv.account.index.3_mon_epc=3 month EPC
adv.account.index.7_day=7 day
adv.account.index.7_day_epc=7 day EPC
adv.account.index.account_bal=Account balance
adv.account.index.announcement.default=Please check back here for great ideas to help you increase your online sales!
adv.account.index.compared_to_cat=Compared to primary category (<b>{0}</b>)
adv.account.index.compared_to_network=Compared to network
adv.account.index.deposit=Deposit funds into account
adv.account.index.deposit_funds=Deposit Funds
adv.account.index.deposit_notice=Please deposit {0,number,currency} to meet the minimum account requirement. Thank you!
adv.account.index.epc_ranking=EPC Ranking
adv.account.index.group.header.messages=Messages
adv.account.index.group.header.prog_maintenance=Program Maintenance
adv.account.index.group.header.reports=Reports
adv.account.index.na=N/A
adv.account.index.no_application=You have no new applications to review.
adv.account.index.nt_earnings=Network Earnings
adv.account.index.num_my_pubs=Number of My Publishers
adv.account.index.of={0,number} of {1,number}
adv.account.index.performance=Program Performance
adv.account.index.prog_status=Program Status
adv.account.index.review=Review <b>{0,number}</b> pending applications
adv.account.index.review_new_action=Review new {0} transactions
adv.account.index.review_new_actions=Review all new transactions
adv.account.index.review_new_lead=Review new lead transactions
adv.account.index.review_new_msg=Respond to new messages
adv.account.index.review_new_sale=Review new sale transactions
adv.account.index.select_period=Select Period
adv.account.index.select_type=Select Type
adv.account.index.tasks=Today''s Tasks
adv.account.index.trend_graph=Trend Graphs
adv.account.index.view_trend=(view trend)
adv.accounting.correction_txn_status.crumbtrail=Correct Transaction Result
adv.accounting.correction_txn_status.title=Transaction Corrected
adv.accounting.create_aof.crumbtrail=Create Advertising Order Form
adv.accounting.create_aof.enter_forecast=Enter Forecast Period<Br><small>(number of days)</small>
adv.accounting.create_aof.notice=When you create an Advertising Order Form (AOF) it is in addition to the Monthly AOF sent by Commission Junction.  Your monthly AOF settings may be adjusted via your account payment settings.
adv.accounting.create_aof.title=Create AOF
# {0} = deposited amount
# {1} = account number
# {2} = date of deposit
# {3} = new account balance
# {4} = Extra text describing the currency conversion
adv.accounting.deposit.email.body.plain=Dear valued Commission Junction advertiser:\n\nThank you for your recent deposit of {0,number,currency} for\naccount {1}. The deposit transaction\nwas recorded on {2,date} and is reflected in your\nnew account balance of {3,number,currency}. This information can\nalso be viewed in your Account Manager and in your\ntransaction reports.\n\n{4}\nBest regards,\n\nCommission Junction
# The deposit receipt may contain a note describing the currency
# conversion involved in the transaction
adv.accounting.deposit.email.note.conversion=Your deposit was calculated from a USD equivalent amount\nof {1} which translates to {0,number,currency}.\n\n
adv.accounting.deposit.email.subject=Payment received
adv.accounting.deposit1.amount_to_pay=Amount ({0} minimum balance required)
adv.accounting.deposit1.crumbtrail=Account Deposit
adv.accounting.deposit1.curr_bal=Your current balance
adv.accounting.deposit1.currency_note=Non USD Credit Cards deposits are subject to currency exchange fees.
adv.accounting.deposit1.deposit_notice=The payment will be processed securely and the funds will be available in your account immediately.  For assistance, please use the Contact Us link at the top of the Account Manager.
adv.accounting.deposit1.min_deposit_req=Minimum deposit required
adv.accounting.deposit1.title=Deposit
adv.accounting.deposit2.address=Address
adv.accounting.deposit2.amex=American Express
adv.accounting.deposit2.city=City
adv.accounting.deposit2.country=Country
adv.accounting.deposit2.credit_card_expire=Expiration Date (mm/yy)
adv.accounting.deposit2.credit_card_num=Card Number
adv.accounting.deposit2.credit_card_type=Credit Card Type
adv.accounting.deposit2.crumbtrail=Card Information
adv.accounting.deposit2.deposit=Make Deposit
# {0} = Text representation of the amount that will be charged
adv.accounting.deposit2.deposit_notice=Your card will be billed <b>{0}</b>. Please enter your credit card information.
adv.accounting.deposit2.mastercard=Mastercard
adv.accounting.deposit2.name_on_card=Name on Card
adv.accounting.deposit2.state=State
adv.accounting.deposit2.title=Deposit
adv.accounting.deposit2.visa=Visa
adv.accounting.depositVAT.crumbtrail=VAT Deposit\r\n
adv.accounting.depositVAT.currency_note=Non USD Credit Cards deposits are subject to currency exchange fees.\r\n
adv.accounting.depositVAT.original_deposit=Deposit\r\n
adv.accounting.depositVAT.title=VAT Deposit\r\n
adv.accounting.depositVAT.total_deposit=Deposit Including VAT\r\n
adv.accounting.depositVAT.vat_assessed=VAT\r\n
adv.accounting.depositVAT.vat_notice=Value Added Tax (VAT) is calculated based on the deposit amount entered, and must be paid with the deposit.\r\n
adv.accounting.extend_txn.import.ok=Ok
adv.accounting.extend_txn.reason.testmode=Subscription in Test Mode. Record appears to be correct.
adv.accounting.manualtransaction1.field.action=Select Action
adv.accounting.manualtransaction1.field.pid=Enter Publisher Web site ID (PID)
adv.accounting.manualtransaction1.form.title=Step 1 of 3| Enter Manual Transaction
adv.accounting.manualtransaction1.title=Run Reports
adv.accounting.manualtransaction2_review.amount=You have entered {0,number,currency}. Is this the correct {1}?
adv.accounting.manualtransaction2_review.bonus=bonus amount
adv.accounting.manualtransaction2_review.item=item amount
adv.accounting.manualtransaction2_review.sim=amount
adv.accounting.manualtransaction2_review.title=Step 3 of 3| Enter Manual Transaction
# {0} is publisher pid
adv.accounting.manualtransaction2_review_bonus.confirm=No active relationship exists with Publisher PID: {0}. Do you want to continue?
adv.accounting.manualtransaction2bonus.button.createtxn=Create Transaction
adv.accounting.manualtransaction2bonus.field.amount=Enter Bonus Amount
adv.accounting.manualtransaction2bonus.field.oid=Enter Order ID (OID)
adv.accounting.manualtransaction2bonus.field.refdate=Enter Reference Date (Format: MM/DD/YY)
adv.accounting.manualtransaction2bonus.form.title=Step 2 of 3| Enter Manual Transaction
adv.accounting.manualtransaction2bonus.title=Run Reports
adv.accounting.manualtransaction2item_action.button.createtxn=Create Transaction
adv.accounting.manualtransaction2item_action.field.amount=Item Amount
adv.accounting.manualtransaction2item_action.field.itemid=Item Identifier
adv.accounting.manualtransaction2item_action.field.oid=Enter Order ID (OID)
adv.accounting.manualtransaction2item_action.field.quantity=Item Quantity
adv.accounting.manualtransaction2item_action.field.refdate=Enter Reference Date (Format: MM/DD/YY)
adv.accounting.manualtransaction2item_action.field.sid=Enter SID
adv.accounting.manualtransaction2item_action.form.title=Step 2 of 3| Enter Manual Transaction
adv.accounting.manualtransaction2item_action.title=Run Reports
adv.accounting.manualtransaction2sim_action.button.createtxn=Create Transaction
adv.accounting.manualtransaction2sim_action.field.amount=Enter Amount
adv.accounting.manualtransaction2sim_action.field.oid=Enter Order ID (OID)
adv.accounting.manualtransaction2sim_action.field.refdate=Enter Reference Date (Format MM/DD/YY)
adv.accounting.manualtransaction2sim_action.field.sid=Enter SID
adv.accounting.manualtransaction2sim_action.form.title=Step 2 of 3| Enter Manual Transaction
adv.accounting.manualtransaction2sim_action.title=Run Reports
adv.accounting.manualtransaction3.enter=Enter another transaction
adv.accounting.manualtransaction3.form.title=Enter Manual Transaction
adv.accounting.manualtransaction3.title=Run Reports
adv.accounting.manualtransation3.error=Unable to process transaction:
adv.accounting.manualtransation3.success=The transaction has been processed.
adv.accounting.mer_gen_reports_trans_detail.contact=Contact Publisher about this transaction
adv.accounting.mer_gen_reports_trans_detail.correc.amount=Correction Amount
adv.accounting.mer_gen_reports_trans_detail.correc.c

I get the impression that shouldn't be publicly available like that.

[PinoyIto]

But I don't use my site for any affiliate program before... don't you think they are stealing site contents?

[T0PS3O]

No I wouldn't think CJ is up to anything bad. cj.com IS Commission Junction though is it?

[PinoyIto]

I am not sure if cj.com is owned by commission junction...

[T0PS3O]

Whois it and you'll know.

[yfs1]

Yes, Cj.com equals Commision Junction

REGISTER.COM, INC.
IP Address: 216.34.209.14 (ARIN & RIPE IP search)
IP Location: US(UNITED STATES)
Record Type: Domain Name
Server Type: Other 2
Lock Status: ACTIVE
Web Site Status: Active
DMOZ 1 listings
Y! Directory: see listings
Web Site Title: Online marketing solutions: performance-based affiliate programs & search marketing
Meta Description: Commission Junction affiliate programs offer pay-for-performance online advertising and internet marketing solutions
Meta Keywords: cj internet advertising online marketing affiliate programs pay for performance affiliate programmes commission junction cj.com performance marketing affiliate network comission junction commision junction comision junction pay for performance advertising
Secure: Yes
E-commerce: Yes
Traffic Ranking: 1
Data as of: 21-Jun-2004

[J.D.]

Its' a bunch of message templates - some for the web and some for emails. Somebody screwed up big time at cj.com - anybody can edit these messages now (on the manage repository page).

Makes me think next time I use any of their clients http://www.cj.com/clients/

J.D.

[T0PS3O]

Holy Crap, I didn't even realize.

I just looked up one I listed earlier and you're right. Anyone can modify, delete and add shite to it. Cock-up of the year!

Try this URL for instance: http://ace.cj.com/ace/someurl

OK Who's going to put their links on their site? Could yield some nice high PR links. Wonder how long it will go unnoticed.

Are we the first to find out about this? Let's start blogging...

[J.D.]

Careful with editing - it can still be considered as hacking, even if they screwed up like this.

The funny part is that it's a three-fold screw-up:

1. They have this machine publicly-accessible (it's not their main web server, somebody actually put in on the outside)

2. This apparently wasn't enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it's visiting

3. There's no authentication of any kind for this system

J.D.

[T0PS3O]

Yeah I figured best not to mess with it. Not the sort of people to get nasty with. Hence I didn't actually modify, just went there and looked one up. I guess they are smart enough to keep access logs somewhere, or maybe not Still can't believe it.

Maybe we should give them a buzz, before Shawn's eBay earning are affected by someone finding out about this with malicious intent.

http://www.cj.com/about/contact.jsp

[5starAffiliates]

WOW what a big screwup!

BTW CJ is owned by ValueClick.

There were some complaints in the past about a CJ spider that was hitting sites too many time (checking for compliance issues) and sometimes even hitting sites that didn't have affiliate links on them. Don't think this is the same one though.

I'm not tecky enough to understand everything above - but are you saying someone COULD hack in and change these files? Is there also confidential info people could get into?

I'll call CJ and let them know about this. I know one of the top tech people there. Not sure if I can reach anyone on a weekend though.

[T0PS3O]

They already know and it seems they've closed the hole.

It wasn't their actual database, just their templates.
So it didn't affect end-user data, just site lay-out. It might have been a non-production server but even then, still not the cleverest thing to do.

Also see my blog.

[J.D.]

Quote:

Originally Posted by T0PS3O

They already know and it seems they've closed the hole.

It wasn't their actual database, just their templates.
So it didn't affect end-user data, just site lay-out. It might have been a non-production server but even then, still not the cleverest thing to do.

Not quite true - the attacker could easily modify one of the templates to embed their code and steal identitis and other associated private data of whoever views pages/emails generated from these templates.

J.D.

[T0PS3O]

Hmm yeah I guess you could have replaced a plain text entry with some code that then gets embedded in their site and do whatever you want it to do.

[5starAffiliates]

Well, good they have taken care of it. They are closed on Sat. I tried a bunch of extensions of people I know, but no one answered. So left a general voice mail and alerted them to this thread.

[samayahuja]

If you do not sell a product as affiliate within 6 month your a/c may be deactivated.

[inworx]

I too get similar hits form Archieve. About 1000+ connections at peak hours!

Its blocked due to that sometimes, but I am thinking of a permanent solution so as these websites arent banned...

[lilsimon04]

I am having this problem now, I dont even have any link on my site to cj and now their spider is on my website... But i did recently add a subforum to my forum that was name Commission Junction...does that have anything to do with it????