Profitsiege Email - Was From Doc ( In Case some Wondered)

Qnreyna

Make Money Online
Very Active Members
#81
It was the com(dash) video that Steve did as the free video when Profit Siege first launched. He was saying to get domains like com-surveys.us and etc.

He then placed it in our membership area until Amish got sued by Microsoft for teaching stuff so then Steve took it out as a precaution.

Do you happen to have it? I bought several domains and want to use this method however I can't remember everything in the video.

Trish
 

hvtopiwala

Make Money Online
Very Active Members
#82
any1 get this email? looks interesting:
Hi,

you are getting this email because you are running the PPV Demon software from "Profitsiege". I am not affiliated with them and I do not know "Steven Rounds", the purported creator of the software.

You need to be aware of some serious security issues that could lead to having your campaign data stolen and even campaigns run on your account for someone else's benefit. "Someone else" would be the person who controls the backend of the software, the one who calls himself Steven Rounds.

I can't prove that he actually already does this, but I do have evidence that he built a backdoor into the software that would allow him to do so. Why else would he do this?

1.) "Steven's" credibility.
You have read the countless claims how "Steven" was a Paypal programmer, and while working on software to freeze Paypal accounts, he had the idea to create PPV Demon. It's a lie. No Steven Rounds has ever worked at Paypal:
http://www.moneymakerdiscussion.com...case-some-wondered-post268237.html#post268237

2.) The backdoor.
When you install the software, it checks your license code (Clickbank order number) with a backend server and links it to your domain. But PPV Demon does much more. Among other sensitive data, it also transfers your login name and your password to Steven's server!

The password is hashed (encoded), but that is little help because your password is stored in your software in the same hashed form. You can easily confirm this if you know how to use phpMyAdmin. Just look into your PPV Demon database at the users table. Everytime you enter your password it is first converted into this hash and then compared to the stored hash. If you have someone's hash and know the innards of the software, it's as good as the password itself.

See for yourself:
http://ppvdemon.com/licsvr/api.php?operation=db_query&licence_key=
Add your Clickbank order code to the end of that link with no space and paste it into a browser. Look at the page source.

3.) More.
"Steven" claims on his sales page he had a team of "power coders" that he could only find at "The Den", people that were hidden and keep to themselves and who he had to pay cash upfront. What BS - it was simply a cheap outsourcing shop in India: GALTech Enterprises

No wonder the software is just generally full of security holes. How do you think I got your email address?


What now?

If I were you I'd stop using this PPV Demon software immediately and ask for a refund if you still can. You can return your order through Clickbank:
https://www.clickbank.com/orderDetail.htm

If you need a tracking software like PPV Demon, be aware that there are plenty of alternatives out there. One of the most popular is also completely free - Prosper202:
Prosper202 Self Hosted Apps
Its source code has been scrutinized many times over by the community, there are no backdoors, no license required, no secret communication with any server. Most likely it was this, and not some bogus Paypal job, that inspired "Steven" to make his own software and charge money for it.

At the end, what you do with this info is up to you. But you've been warned.

Good luck!
Michael
 

Moto801

Make Money Online
#85
How did this guy get email addresses of the people who bought this course?

Also, what is his motive? Other then trying to warn people I don't really see what his intentions are.

I also just got this email and it kinda pisses me off.
 

hvtopiwala

Make Money Online
Very Active Members
#86
the only way he could of got it is through exploiting something in the code i believe....i think his only motive is to warn us, nothing else...im pissed too if its true
 

Moto801

Make Money Online
#87
I just received this email from Steven Rounds...

Well, we're in good company now because apparently we have gotten visible enough in this space to ruffle someone's feathers.

That's great because that means a lot of people have heard the good word about PPV Demon and what you can do with it.

The bad news is now that we are on the 'radar', we got hacked.

You may have received an email about your PPV Demon data being compromised by us from a ****** that claims to have benevolent intentions.

Nothing in his email is benevolent, nor was the actual ******* of our third party licensing server which is only used to validate your copy of PPV Demon and keep people from using it free.

Now, he did get some email addresses, and you would know because he would have emailed you if he got yours. But, he did NOT get any other information.

He alludes to us creating backdoors to get your campaign data and a few other key points, along with stating your PPV Demon password is at risk.

We don't use your data, which is why we gave you self installed versions of the program rather than hosting it ourselves. We don't know your password or keep it either.

And, nobody else can get your PPV Demon password either. It would take NSA supercomputers a hundred years to reverse-engineer our hashing algorithm. The average Joe can't do anything with it.

We have plugged the hole that allowed this ****** to get your email address and we apologize for that inconvenience. No other information of yours has been compromised.

If you receive an email from this person about PPV Demon, please do not respond or communicate with them. We will handle that. Simply delete the email and get back to the business of using PPV Demon the way it should be used.

We appreciate your business and loyalty and want to let you know we are loyal to you as well.

Thank you.

Steven & John

 

Catz

Make Money Online
Very Active Members
#89
Here is what I found out as a new purchaser and perhaps this is the way they have your emails.
When you went into the forum there was a section to list your email to other members or hide it.
I noticed that some who have posted here have their emails open to other members.
Perhaps it was not being hacked at all and this guy just got our emails because we signed up to forum and to allow people to have/see our emails.
This could be a member who played the PPV game and lost a lot of money and is trying to get back.

Food for thought!
 

DaGrip

Make Money Online
#90
The email I signed up with and the email registered on the forum are different to the email used in PPVDemon - it is the PPVDemon email address I received that email from, so he didn't get it from the forum.
 

keelo

Make Money Online
#91
I received the same email warning me about Profit Siege. As for the person getting emails from the forum I have never posted in the forum.
 

Catz

Make Money Online
Very Active Members
#92
@DaGrip @keelo
I had noticed your email was available to members on the forum but did not know that it was a different one. So, "my food for thought" got ate. Lol
Interesting that some are receiving the emails while others are not.
I have not received any email so far.
 

Spdbmp

Make Money Online
Very Active Members
#93
I received the same email warning me about Profit Siege. As for the person getting emails from the forum I have never posted in the forum.
Yeah...same here..honestly forgot there was a forum..., so never even registered
 

Salvatore

Make Money Online
Very Active Members
#94
the only way he could of got it is through exploiting something in the code i believe....i think his only motive is to warn us, nothing else...im pissed too if its true
No, there's three things you need to know.

1. It was simple to retrieve everyone's after I received the above email. I checked out the link and saw that it did disclose the installed address, username, email address, and SHA-1 HASHED password of everyone who has installed PPV Demon. This doesn't give away anything. It seems this information is used to make sure that someone isn't using a disable receipt or perhaps password recovery via email.

2. Steven's right in claiming that it would take forever (almost literally) to crack your individual password hash. In fact, the information wouldn't do anyone any good, unless they cracked the hash (which can be hard or easy, depending on how you view it with either bruteforce or rainbow tables, but its still a lengthy process).

The hash sent to the API isn't the same hash used to login to PPV Demon. If you poke around in the code some, you'll see that there is some salting done to the password before it's verified, and this salting changes the hash (i.e. makes it even harder to crack), that the PPV Demon script requires before logging you or anyone else in. So, there is no way for this to happen.

3. There are no backdoors into PPV Demon. I've traced all the off-server inputs and outputs of the code. There's only a few calls to the PPV Demon server and as such, its very easy to see what it does. Updates, registration, and licence query. The last two are really only done when you change your password (for recovery and licence management, it seems) and when you setup the site. The first one is done all the time, but only queries the server about to see if there's available updates and then to download them. In plain-text.

Those of you who are paranoid are gonna be paranoid. Those of you who can listen to reason won't be, and those of you who can read code should check it out. Its safe.
 

tommy67

Make Money Online
#95
I bought the Software and I think Its Easy, and "Steven Rounds" if Thats His Name... teaches with some Great videos. As to his Name being real... well...if I worked for PayPal, and I created this software, I wouldn't use my real Name either... a lot Of Celebrities don't use their real name either for privacy issues...
So what's the difference. But if he's scamming people and Stealing info then thats another story...I will though keep an eye out to See if I make money with his software...
 

tommy67

Make Money Online
#97
No, there's three things you need to know.

1. It was simple to retrieve everyone's after I received the above email. I checked out the link and saw that it did disclose the installed address, username, email address, and SHA-1 HASHED password of everyone who has installed PPV Demon. This doesn't give away anything. It seems this information is used to make sure that someone isn't using a disable receipt or perhaps password recovery via email.

2. Steven's right in claiming that it would take forever (almost literally) to crack your individual password hash. In fact, the information wouldn't do anyone any good, unless they cracked the hash (which can be hard or easy, depending on how you view it with either bruteforce or rainbow tables, but its still a lengthy process).

The hash sent to the API isn't the same hash used to login to PPV Demon. If you poke around in the code some, you'll see that there is some salting done to the password before it's verified, and this salting changes the hash (i.e. makes it even harder to crack), that the PPV Demon script requires before logging you or anyone else in. So, there is no way for this to happen.

3. There are no backdoors into PPV Demon. I've traced all the off-server inputs and outputs of the code. There's only a few calls to the PPV Demon server and as such, its very easy to see what it does. Updates, registration, and licence query. The last two are really only done when you change your password (for recovery and licence management, it seems) and when you setup the site. The first one is done all the time, but only queries the server about to see if there's available updates and then to download them. In plain-text.

Those of you who are paranoid are gonna be paranoid. Those of you who can listen to reason won't be, and those of you who can read code should check it out. Its safe.
Thanks for This Info, it really really Helps :)
 

Michael S

Make Money Online
#98
Just wanted to say Hi. I'm Michael, I sent those emails. I'm gonna read back through this thread to see if there are any open questions. But the email pretty much said all there is to say. Shoot the messenger if you want. Just so no one can say I'm hiding in the shadows...
 

Bama

Make Money Online
#99
So let me get this right...

You are the slanderous bit doing this from the goodness of your heart? LMFAO

Get real.
The information was useless to anyone and everyone.
Want to impress me?

Tell me the password from the hash and show some real skills on how it really was a "security hole"
It will be even more funny when you get totally outed.

Before you get all happy and stiff that I posted.

I am NOT any of the people involved in this just someone who got your retarded petty and most jealous email.
One may start to think you got a bit of a man crush on one of the players involved though.

Want to impress me and others?

Don't hide behind fake name and one use email....
but we both know that isn't going to happen now is it ?

Nice attempt at engineering and misdirection of the email, but just not good enough. FAIL.


Next
 

Michael S

Make Money Online
You may have received an email about your PPV Demon data being compromised by us from a ****** that claims to have benevolent intentions.

Nothing in his email is benevolent, ...
I got A LOT of replies from grateful people who see this quite differently.

Now, he did get some email addresses, and you would know because he would have emailed you if he got yours. But, he did NOT get any other information.
Not true. There's a lot more where that came from.

Anyone who doesn't believe that, here's a challenge: You know your email is already out there, but I don't know who here on this forum is behind which email. So PM me your PPV Demon email and I'll PM you back a few more details about your installation. I will not post such info publicly because I don't wanna compromise you more than you already are. Judge for yourself!

He alludes to us creating backdoors to get your campaign data and a few other key points, along with stating your PPV Demon password is at risk.

We don't use your data, which is why we gave you self installed versions of the program rather than hosting it ourselves.
Then why is your central server collecting peoples' login info? Controlling a network of self-hosted versions in this way, complete with an automatic update feature to inject new code isn't much different from running a bot net.

Sure, some legitimate software may do similar things, but they don't bait their users with lies and deception, they have a track record and a reputation to lose, and they don't have servers with more holes than a Swiss cheese.

We have plugged the hole that allowed this ****** to get your email address and we apologize for that inconvenience. No other information of yours has been compromised.
Sadly, not true. See above.

If you receive an email from this person about PPV Demon, please do not respond or communicate with them. We will handle that.
Great. Looking forward to hearing from you.