When I check my site log stat. I found this dns ace.cj.com with ip address 216.34.209.23. It crawl every pages of my site. Are you familiar with it?
Never seen that before. Maybe they check for dead aff links? Anyway, looking on that domain gives some weird stuff that doesn't make any sense to the untrained eye: http://ace.cj.com/ace/export.do?action=poll The HELP suggests it's an intranet feature http://help.cj.com/intranethelp/CMS/ACE_Help.htm I exported a repository out of interest and get this: accounts.other.mail.rename_folder.new_name=Enter new folder name accounts.other.reauthenticate.currPasswd.incorrect=Incorrect password for {0} accounts.others.confirm_edit_contact.title=Confirm User Settings Change accounts.others.coowner.reauthenticate.passwd=Enter co-owner password accounts.others.member.reauthenticate.passwd=Enter superuser password accounts.others.reauthenticate.magic_word=Enter the characters shown in the image above accounts.others.reauthenticate.note=A superuser password is required to make changes to this section. Interesting accounts.others.reauthenticate.title=Reauthenticate Superuser Password action=Number of Actions adv.account.index.12_mon=12 Month adv.account.index.30_day=30 Day adv.account.index.3_mon=3 month adv.account.index.3_mon_epc=3 month EPC adv.account.index.7_day=7 day adv.account.index.7_day_epc=7 day EPC adv.account.index.account_bal=Account balance adv.account.index.announcement.default=Please check back here for great ideas to help you increase your online sales! adv.account.index.compared_to_cat=Compared to primary category (<b>{0}</b>) adv.account.index.compared_to_network=Compared to network adv.account.index.deposit=Deposit funds into account adv.account.index.deposit_funds=Deposit Funds adv.account.index.deposit_notice=Please deposit {0,number,currency} to meet the minimum account requirement. Thank you! adv.account.index.epc_ranking=EPC Ranking adv.account.index.group.header.messages=Messages adv.account.index.group.header.prog_maintenance=Program Maintenance adv.account.index.group.header.reports=Reports adv.account.index.na=N/A adv.account.index.no_application=You have no new applications to review. adv.account.index.nt_earnings=Network Earnings adv.account.index.num_my_pubs=Number of My Publishers adv.account.index.of={0,number} of {1,number} adv.account.index.performance=Program Performance adv.account.index.prog_status=Program Status adv.account.index.review=Review <b>{0,number}</b> pending applications adv.account.index.review_new_action=Review new {0} transactions adv.account.index.review_new_actions=Review all new transactions adv.account.index.review_new_lead=Review new lead transactions adv.account.index.review_new_msg=Respond to new messages adv.account.index.review_new_sale=Review new sale transactions adv.account.index.select_period=Select Period adv.account.index.select_type=Select Type adv.account.index.tasks=Today''s Tasks adv.account.index.trend_graph=Trend Graphs adv.account.index.view_trend=(view trend) adv.accounting.correction_txn_status.crumbtrail=Correct Transaction Result adv.accounting.correction_txn_status.title=Transaction Corrected adv.accounting.create_aof.crumbtrail=Create Advertising Order Form adv.accounting.create_aof.enter_forecast=Enter Forecast Period<Br><small>(number of days)</small> adv.accounting.create_aof.notice=When you create an Advertising Order Form (AOF) it is in addition to the Monthly AOF sent by Commission Junction. Your monthly AOF settings may be adjusted via your account payment settings. adv.accounting.create_aof.title=Create AOF # {0} = deposited amount # {1} = account number # {2} = date of deposit # {3} = new account balance # {4} = Extra text describing the currency conversion adv.accounting.deposit.email.body.plain=Dear valued Commission Junction advertiser:\n\nThank you for your recent deposit of {0,number,currency} for\naccount {1}. The deposit transaction\nwas recorded on {2,date} and is reflected in your\nnew account balance of {3,number,currency}. This information can\nalso be viewed in your Account Manager and in your\ntransaction reports.\n\n{4}\nBest regards,\n\nCommission Junction # The deposit receipt may contain a note describing the currency # conversion involved in the transaction adv.accounting.deposit.email.note.conversion=Your deposit was calculated from a USD equivalent amount\nof {1} which translates to {0,number,currency}.\n\n adv.accounting.deposit.email.subject=Payment received adv.accounting.deposit1.amount_to_pay=Amount ({0} minimum balance required) adv.accounting.deposit1.crumbtrail=Account Deposit adv.accounting.deposit1.curr_bal=Your current balance adv.accounting.deposit1.currency_note=Non USD Credit Cards deposits are subject to currency exchange fees. adv.accounting.deposit1.deposit_notice=The payment will be processed securely and the funds will be available in your account immediately. For assistance, please use the Contact Us link at the top of the Account Manager. adv.accounting.deposit1.min_deposit_req=Minimum deposit required adv.accounting.deposit1.title=Deposit adv.accounting.deposit2.address=Address adv.accounting.deposit2.amex=American Express adv.accounting.deposit2.city=City adv.accounting.deposit2.country=Country adv.accounting.deposit2.credit_card_expire=Expiration Date (mm/yy) adv.accounting.deposit2.credit_card_num=Card Number adv.accounting.deposit2.credit_card_type=Credit Card Type adv.accounting.deposit2.crumbtrail=Card Information adv.accounting.deposit2.deposit=Make Deposit # {0} = Text representation of the amount that will be charged adv.accounting.deposit2.deposit_notice=Your card will be billed <b>{0}</b>. Please enter your credit card information. adv.accounting.deposit2.mastercard=Mastercard adv.accounting.deposit2.name_on_card=Name on Card adv.accounting.deposit2.state=State adv.accounting.deposit2.title=Deposit adv.accounting.deposit2.visa=Visa adv.accounting.depositVAT.crumbtrail=VAT Deposit\r\n adv.accounting.depositVAT.currency_note=Non USD Credit Cards deposits are subject to currency exchange fees.\r\n adv.accounting.depositVAT.original_deposit=Deposit\r\n adv.accounting.depositVAT.title=VAT Deposit\r\n adv.accounting.depositVAT.total_deposit=Deposit Including VAT\r\n adv.accounting.depositVAT.vat_assessed=VAT\r\n adv.accounting.depositVAT.vat_notice=Value Added Tax (VAT) is calculated based on the deposit amount entered, and must be paid with the deposit.\r\n adv.accounting.extend_txn.import.ok=Ok adv.accounting.extend_txn.reason.testmode=Subscription in Test Mode. Record appears to be correct. adv.accounting.manualtransaction1.field.action=Select Action adv.accounting.manualtransaction1.field.pid=Enter Publisher Web site ID (PID) adv.accounting.manualtransaction1.form.title=Step 1 of 3| Enter Manual Transaction adv.accounting.manualtransaction1.title=Run Reports adv.accounting.manualtransaction2_review.amount=You have entered {0,number,currency}. Is this the correct {1}? adv.accounting.manualtransaction2_review.bonus=bonus amount adv.accounting.manualtransaction2_review.item=item amount adv.accounting.manualtransaction2_review.sim=amount adv.accounting.manualtransaction2_review.title=Step 3 of 3| Enter Manual Transaction # {0} is publisher pid adv.accounting.manualtransaction2_review_bonus.confirm=No active relationship exists with Publisher PID: {0}. Do you want to continue? adv.accounting.manualtransaction2bonus.button.createtxn=Create Transaction adv.accounting.manualtransaction2bonus.field.amount=Enter Bonus Amount adv.accounting.manualtransaction2bonus.field.oid=Enter Order ID (OID) adv.accounting.manualtransaction2bonus.field.refdate=Enter Reference Date (Format: MM/DD/YY) adv.accounting.manualtransaction2bonus.form.title=Step 2 of 3| Enter Manual Transaction adv.accounting.manualtransaction2bonus.title=Run Reports adv.accounting.manualtransaction2item_action.button.createtxn=Create Transaction adv.accounting.manualtransaction2item_action.field.amount=Item Amount adv.accounting.manualtransaction2item_action.field.itemid=Item Identifier adv.accounting.manualtransaction2item_action.field.oid=Enter Order ID (OID) adv.accounting.manualtransaction2item_action.field.quantity=Item Quantity adv.accounting.manualtransaction2item_action.field.refdate=Enter Reference Date (Format: MM/DD/YY) adv.accounting.manualtransaction2item_action.field.sid=Enter SID adv.accounting.manualtransaction2item_action.form.title=Step 2 of 3| Enter Manual Transaction adv.accounting.manualtransaction2item_action.title=Run Reports adv.accounting.manualtransaction2sim_action.button.createtxn=Create Transaction adv.accounting.manualtransaction2sim_action.field.amount=Enter Amount adv.accounting.manualtransaction2sim_action.field.oid=Enter Order ID (OID) adv.accounting.manualtransaction2sim_action.field.refdate=Enter Reference Date (Format MM/DD/YY) adv.accounting.manualtransaction2sim_action.field.sid=Enter SID adv.accounting.manualtransaction2sim_action.form.title=Step 2 of 3| Enter Manual Transaction adv.accounting.manualtransaction2sim_action.title=Run Reports adv.accounting.manualtransaction3.enter=Enter another transaction adv.accounting.manualtransaction3.form.title=Enter Manual Transaction adv.accounting.manualtransaction3.title=Run Reports adv.accounting.manualtransation3.error=Unable to process transaction: adv.accounting.manualtransation3.success=The transaction has been processed. adv.accounting.mer_gen_reports_trans_detail.contact=Contact Publisher about this transaction adv.accounting.mer_gen_reports_trans_detail.correc.amount=Correction Amount adv.accounting.mer_gen_reports_trans_detail.correc.c Code (markup): I get the impression that shouldn't be publicly available like that.
But I don't use my site for any affiliate program before... don't you think they are stealing site contents?
Yes, Cj.com equals Commision Junction REGISTER.COM, INC. IP Address: 216.34.209.14 (ARIN & RIPE IP search) IP Location: US(UNITED STATES) Record Type: Domain Name Server Type: Other 2 Lock Status: ACTIVE Web Site Status: Active DMOZ 1 listings Y! Directory: see listings Web Site Title: Online marketing solutions: performance-based affiliate programs & search marketing Meta Description: Commission Junction affiliate programs offer pay-for-performance online advertising and internet marketing solutions Meta Keywords: cj internet advertising online marketing affiliate programs pay for performance affiliate programmes commission junction cj.com performance marketing affiliate network comission junction commision junction comision junction pay for performance advertising Secure: Yes E-commerce: Yes Traffic Ranking: 1 Data as of: 21-Jun-2004
Its' a bunch of message templates - some for the web and some for emails. Somebody screwed up big time at cj.com - anybody can edit these messages now (on the manage repository page). Makes me think next time I use any of their clients http://www.cj.com/clients/ J.D.
Holy Crap, I didn't even realize. I just looked up one I listed earlier and you're right. Anyone can modify, delete and add shite to it. Cock-up of the year! Try this URL for instance: http://ace.cj.com/ace/someurl OK Who's going to put their links on their site? Could yield some nice high PR links. Wonder how long it will go unnoticed. Are we the first to find out about this? Let's start blogging...
Careful with editing - it can still be considered as hacking, even if they screwed up like this. The funny part is that it's a three-fold screw-up: 1. They have this machine publicly-accessible (it's not their main web server, somebody actually put in on the outside) 2. This apparently wasn't enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it's visiting 3. There's no authentication of any kind for this system J.D.
Yeah I figured best not to mess with it. Not the sort of people to get nasty with. Hence I didn't actually modify, just went there and looked one up. I guess they are smart enough to keep access logs somewhere, or maybe not Still can't believe it. Maybe we should give them a buzz, before Shawn's eBay earning are affected by someone finding out about this with malicious intent. http://www.cj.com/about/contact.jsp
WOW what a big screwup! BTW CJ is owned by ValueClick. There were some complaints in the past about a CJ spider that was hitting sites too many time (checking for compliance issues) and sometimes even hitting sites that didn't have affiliate links on them. Don't think this is the same one though. I'm not tecky enough to understand everything above - but are you saying someone COULD hack in and change these files? Is there also confidential info people could get into? I'll call CJ and let them know about this. I know one of the top tech people there. Not sure if I can reach anyone on a weekend though.
They already know and it seems they've closed the hole. It wasn't their actual database, just their templates. So it didn't affect end-user data, just site lay-out. It might have been a non-production server but even then, still not the cleverest thing to do. Also see my blog.
Not quite true - the attacker could easily modify one of the templates to embed their code and steal identitis and other associated private data of whoever views pages/emails generated from these templates. J.D.
Hmm yeah I guess you could have replaced a plain text entry with some code that then gets embedded in their site and do whatever you want it to do.
Well, good they have taken care of it. They are closed on Sat. I tried a bunch of extensions of people I know, but no one answered. So left a general voice mail and alerted them to this thread.
I too get similar hits form Archieve. About 1000+ connections at peak hours! Its blocked due to that sometimes, but I am thinking of a permanent solution so as these websites arent banned...
I am having this problem now, I dont even have any link on my site to cj and now their spider is on my website... But i did recently add a subforum to my forum that was name Commission Junction...does that have anything to do with it????