Yesterday i received an e-mail supposedly from a member who said he couldn't log into his account.

The e-mail address didn't look familiar, and when i checked the account it looked normal to me, but with a different e-mail than the member was e-mailing from.

The e-mail in the account looked familiar, so did the paypal e-mail.

So i replied that this member needed to e-mail me from the e-mail in the account without saying what that e-mail was.


I got a reply back from the same e-mail he originally sent, was a zwallet account.

But he also had a copy of his signup confirmation so i figured it was legit, and may;be my memory failed. me.

So i changed the password and the e-mail but it bothered me all night.


I finally checked his account, and saw that i had paid him via paypal 8/28 so i e-mailed him from his paypal e-mail address.

As it turns out, the account was correct before the request, and the request was a bogus one.

Unfortunately for some reason my server is down, so i can't correct it yet, but since the member isn't near payout yet, it's not a problem as i will correct it as soon as i can get back into admin.


I just want to warn other webmasters, should they receive mails from members saying they can't log in, and the accounts still exist, to do some research before editing accounts as requested...


There is someone who obviously can't be called a hacker, because they need the webmasters cooperation to get into these accounts, but they are attempting to take members accounts and make them their own.

The e-mail this person used is:

buj@zwallet.com and this is definately not my member............

The fact that i've paid him 8/28 and he thanked me for being so observant replying from his paypal address, proves that this guy who e-mailed me is trying to take over big accounts at various sites.

Last week someone got into another member's account without my help and requested $10 payout to ppprk7@yahoo.com and i was stupid enough to pay it, as i was over worked and over tired..
I paid thru stormpay, and i've contacted stormpay 3 times already about it, and have heard diddly from them, nor have they gotten me my money back so i can pay the rightful person.

So Webmaster's be on the lookout for any requests from buj@zwallet.com or ppprk7@yahoo.com

Members, please make sure your passwords are unique and protect your accounts.

Woah! Thanks for the information. Why do people feel the need to cheat? Do they have no conscience?

I mean, they could just as easily work for the money!

Thanks Carole,

I am a little confused though, I do have a buj@zwallet as a member. He has been a member for several months with no problems. I JUST got an email from him saying that his account was deleted by someone who got his password. I know this has been happening to quite a few people.

I really don't know what to think at this point! I am starting to feel like Mel Gibson in the Conspiracy Theory - paranoid and don't know who to trust!


BTW, buj@zwallet signs his email as the webmaster of money-mailer.com

Hmmm....very interesting.

So he's a webmaster.
Probably looked thru his data base to see who his best members are, and figured he'd take over their accounts on other sites.

The member he tried to get the account for is bjoerm wall, who's been with me at mec-co-op and coppercoins forever....

That's what threw up the red flag, but when he replied with a copy of the confirmation mail (which he could have easily composed himself), i wasn't thinking and i did change the info.

Unfortunately the irony of this is that meccoop is down (server failure)
John's probably out for the day on a well deserved day off...so here i sit, with no access to the site.

It's funny because all the sites at myecom are up and running on the shared server, me on a dedicated server is down...hehe

Anyway, i find it disturbing that this guy's a webmaster.
I doubt he's our hacker, as he did not hack into any account, he contacted me masquerading as bjoerm and asked for his password etc...

stupid me, took his reply with the copy of the confirmation of signup with password info etc and edited the account giving him access.

Fortunately bjoerm isn't near payout, so no harm has been done, and i'll fix it back to the original as soon as i can get into my admin area...

Bjoerm has been told, and he'll log in and change the password again once i fix the account.

I've also e-mailed this other guy telling him that i'm on to him, and that i posted this info here, so if he's got the guts to even show his face here to defend himself, time will tell.

There's really no defense when someone tries to rob people of the money they earned.

This is a perfect example of why we should be wary of webmasters that are unethical.

Personally i'm not a member of his site, but if i were, i'd be the first to cancel my account and inform all my members to do the same.

We certainly don't need to deal with unethical webmasters.

This is very discouraging to me but i've know for a while there are webmasters out there that are responsible for a lot of lost accounts.

All they have to do, is gain access to any account, change the username, e-mail etc. and the webmaster is none the wiser, then the real member, yells scam, because their accounts are gone, and blame the webmaster of the program.

Just be wary.

I sincerley will not be e-mailing any more usernames and passwords, unless the request comes from the same e-mail address i have on record.

That should solve that problem.

We just have to be a bit more cautious.

Uh-Oh ....THis is not good

Now I am starting to get paranoid!!!

Well,he sent this email to all members a couple of days ago
I have been talking with him by email regarding the hacking

The name he gave me is Bjorn Jensen

I don't know what to think anymore! I sent him an email with a link to this forum as well, so who knows, maybe will we hear from him.

Skarpa...Sounds like to me, that this Bjorns account with you has been hcked and the e-mail address has been changed to the cheaters e-mail......

Ya know, I would think that too, however, I have checked all of my backups for the past 2 weeks and they all have the same email address for him. I am going back further to check on it. But I do know that buj@zwallet has been a member for several months because the email address is familiar to me.

Is it time for alcohol yet?

this was what he said
he said even the 1 of the 2 NPA he sent out that day is gone.

btw, he know this forum because I sent him two direct links to the hacker threads I started here.

btw,that happened to the cashem webmaster too.
He sent this email to all members

Carole,I think you know him. His myecom ID is gotoguybo.

I think same person is doing all this. & they might be the same peson who hacked my ptre accounts & goodlife's ptre accounts ( ppprk7@yahoo.com)

First of all, why does this guy need earnings from other sites to pay his members?

Second of all Bjoerm has been a member of both coppercoins and mec-co-op for over a year,

he's been paid in August via paypal to the address i originally had on record before this other guy e-mailed me masquerading as bjoerm.

The e-mail of record originally matched the paypal address that he was paid in August.
It also matches the e-mail address he sent ad requests in with etc.

So i contacted him at the paypal address, and he is not the person who requested the password from the zwallet address, which is this webmaster.

The webmaster has been busted, and he's just too stubborn to admit it.

Here's what he wrote me back.

>Reply-To: "taxlady" <taxlady@waverly.net>
>From: "taxlady" <taxlady@waverly.net>
>To: <buj@zwallet.com>
>Subject: bjoern
>Date: Sat, 18 Jan 2003 08:54:44 -0500
>
hI taxlady
i AM nOTUP TO ANYTHING I wrote you that there was not$5 but $2 and I have not done anything and if you check buj@zwallet.com in by someone who havent deleted the emails I send out is with with this aress as referal.
Bj?rn

He never wrote me anything about $5 or $2 all he did was masquerade as my; member and request the password, then attempted to take over the account, which i will restore as soon as i can get in.

Server's down, and i'm sure Johns out for the day with family on a well deserved day off, so i'll fix the account as soon as it comes back up tonight most likely.

What is the paypal email address ?
I mean the e-mail that was originally there

BTW, what is the signup IP address of the member?

I have to add my two cents on this one. Anyone can send an email and appear to be from that email by changing their email headers. Someone has been impersonating ppprk for some time and now it may be that someone is impersonating Bjoern. One precaution to take is to email the account email if a request like this one is made. Most PTR sites have a mail me my password option........ so another option you have is to just tell them what email they are signed up with and point them in the direction of mail me my password.

It could be the same guy, but i'm sure there's more than one unethical webmaster out there. I'd hate it but unfortunately that's life.

I personally think this guy's name may very well be Bjoerm or maybe not, but the last name is different.
that could be coincidental...but his e-mail to his members saying that if he didn't get his accounts back at other sites, would mean he couldn't pay them, looks suspicious to me to begin with.

There's no reason to require earnings from other sites to pay your obligations from your own site.

I think he's scamming his own members, and trying to scam other webmasters by stealing their members accounts.

The real Bjoern Wall, has confirmed to me that the request for password did not come from him, and im very familiar with that e-mail address, and have paid him in August via paypal...that's more than good enough for me...

My suggestion to all of you, is to not only change your passwords to something different at every site, but those sites that will let you change your username, use a different username on every site, that will protect you completely against these unethical webmasters that use your info to get into your other accounts.

THis one's been busted as far as i'm concerned. Thank God no harm was done like 2 weeks ago when that dummy ppprk7@yahoo.com got $10 from goodlife's account with me, and stupid stormpay still hasn't done diddly about it.

nor have i heard from them (stormpay) i'm very ticked off because stormpay has a $25 min requirement for check and since the amount was only $10 they could have reversed it as i contacted them immediately.

Now it's been over 2 weeks, who knows how many accounts this ppprk7@yahoo.com got that he didn't deserve.


All i can do, is when a member e-mails me for lost password, is make sure the request comes from the e-mail of record, if it doesn't then i don't give out any info.

Hmmmmm...

hosting mishap yesterday huh?

now it makes me wonder. I don't think this guy is our hacker that hacked all the sites with trojan scripts as i dont think he's that smart..., but it does make you wonder, as obviously he hosts with John.....

Could it be possible he knows someone and let them have his admin area and could be indirectly responsible for all the hacks?

Just a thought...

The sign up IP I have for buj@zwallet.com is 80.161.140.146 I have checked all of my back up logs and they all have the same personal info for this member.

When the hacker hacked my accounts,they changed my email address too

so my email address was not in any DB

well i'm sure this is against privacy but i don't think the real bjoern would mind.

But to be on the safe side, i'm pm'ng you with it.

A clarification for my situation:

Bjorn aka buj@zwallet.com did not ask me for his password. He told me his account had been deleted and was asking me simply to reinstate it. He NEVER asked me for his password or any personal info.

Server's down so i can't get into get that info yet.

SHerry, since your site is fairly new, it is possible that he legitimately signed up at your site.

You are probably right. What concerns me is the possibililty that this person is trying to cheat other people out of their hard earned money.

What is up with people?!?

he said he joined on 15 Aug 2002

No, why give them the e-mail info, since it can so easily be disguised.


I requested that he e-mail me back from the e-mail of record (which had it been his account, he should know) especially since it's the same e-mail as the paypal account i paid in August.

When he e-mailed me back, he e-mailed back from zwallet but included a bogus copy of his signup confirmation.

Now since i can't get into admin because the server's down, i have to temporarily give one benefit of the doubt here.


It is possible i had 2 users with the name bjoern


and it sounds feasable that maybe when i searched by the username bjoern, i came up with bjoern W's info
maybe the other bjoern's account was deleted for inactivity.

That is possible, and i may have just given him the wrong account....

If his original account was deleted for inactivity, it's gone, so i'll never know for sure but Bjoern W is going to get his account back.

Now that i think about this, this webmaster says he e-mailed me back that his account had $2 not $5

So for the time being, until i can access my site and my e-mails to confirm this, it is possible the guy is totally innocent and i may have jumped the gun here and just mistakenly given him Bjoern W's account by mistake.

Should that be the case, and i can only assume that is the case, if i do find an e-mail from this other bjoern with a timestamp of early this morning or late last night when i can access my mails...

THat is a possiblility and i will let you all know what i find, when the server goes back up.

Your site is working fine for me

Ok here's an update,

I screwed up royally! and i owe a huge appology to Bjoern Jensen.


I found an e-mail from him (server just went up)

He honestly mailed me when he looked in Bjoern W's account and saw $5 that his account only had $2


Unfortunately with the server being down, i didn't get that mail till a few seconds ago.

So here's what most likely happend.


I had 2 members with first name Bjoern

This guy's account probably went inactive, or someone maliciously hacked it, because his password was very obvious that it could be easly hacked.

I won't know for sure what actually happend to his account, it was either inactive or hacked and deleted out of maliciousness.


So when he e-mailed me asking for his password, and later gave me his signup confirmation, i gave him the only account that came up with bjoern


My mistake, my screwup..

With all the hacking of late, i guess i got paranoid real quick, and with the server being down etc, i couldn't research any further.

Had i gotten his honest e-mail telling me there was too much in the account, i never would have started this post.

I sincerely appologize to all of you but mostly to Bjoern Jensen, who i've told to re-sign up (i've already corrected the other account giving it back to it's rightful owner)

I told bjoern that i will put his $2 in his new account once he signs up again.


He's being real nice about this screwup here.....and it's totally mine, and i'm sitting here with lot's of egg on my face!!!!

I feel terrible about this.
Hope you all understand what most likely happend here.

All coincedence and circumstantial...

still strange
how two people can use same/one ID??

Hi

I have this person also as a member the ip i have is :
194.239.146.218

Maybe it could help you further

Regards
Pascale

no one was username bjoern
other was bjoern@########

not same username, just same first name and it comes up in the search
you can search a partial e-mail address
so when i typed in bjoern it came up bjoern@######

only one account came up because only one existed.

he re-signed up, now when i search bjoern, both come up.

Ip's change with every login
so ip's don't help unless the member has a static ip.
most don't and i can't imagine why anyone would want a static ip as it's easily hacked into.

Well,then there was nothing confusing....

the webmaster bjoern said his ID is bjoern.
The other bjoern's ID is not bjoern
totally different two persons

both accounts you first talked about here,
buj@zwallet.com and ppprk1@...
had been deleted from both of my programs from HACKER, but this 2 members are good members as far i checked it.
I rebuilded both accounts in both programs without changing the passwords and only informed them that the accounts are back.
Both could login themself cuz they knew their old password and then changed it themself.
So why should THEY be the hacker and kill their own accounts to reopen the same accounts themself?

I trust in this 2 people (Bjoern - Bj?rn always respond fast and helped me to find the real Hacker Mandal!

Greetz, heike

my account has been deleted by hacker from your programs?
I didn't know that
I think I have not had any problem with your programs

Yup, we agree and bjoern is being real nice about the whole thing even after i kinda sent him a real nasty e-mail accusing him of trying to take an account that didn't belong to him.

He's re-signed up, i threw $2 into his account even though he said it was $1.97, gave him 10,000 points so he can run an ad, and threw a few referrals his way.

I asked him to send me codes for his banners which ill put in the rotator and on the paid2click page.

I feel like a total jerk, as this was definately my fault.
I just didn't know i had to bjoern's..

Hey i've got over 6500 members to deal with, i can't be expected to know them all personally....
I do know the other bjoern W, because he advertises frequently and i've paid him.

When the search only came up with one account, and he sent me his confirmation, i wasn't thinking that his account was missing and there had been 2 accounts for 2 different bjoern's (first names)

oh well, i learned something, and bjoern did also as his password was so simple it was easily hacked, and that's probably how his account dissapeared in the first place.

He's really a nice guy, never once did he call me names, or accuse me of trying to rob him, etc etc...

Members like him who realize that a webmaster is human and can easily make such mistakes, make my day.

I still feel like a dummy, but he put a smile on my face by being so nice about it.

So who is the jerk that is running around cancelling other ppl(including bjoern,cashem owner) from all these programs??

taxlady

At least you're being honest that you made a mistake and have publicly appologized. I don't think many others would do that. Hats off to you and the members involved for clearing all of this up and for looking into it.