account suspend

[soumikztoa75]

my account smc33.in suspend

reason of my account suspend is (Storage of login information (including password) in a text file (active. Php), looks like phishing.)

its just to track my merchant order record in a text file. but plz open my suspend account i will delete username and password option from that page. then i thing no prob

 

[Livewire]

Why would a merchant order record need to store the usernames and passwords in a text file?

And why would it be called a "merchant order record" when it asks for a mig33 password? Last I checked, you aren't mig33, so why would you need your users mig33 login names and passwords?


I've been looking into this one for the last 10 minutes; so far I'm having an EXTREMELY difficult time understanding how this isn't phishing or illegal.

Edit 1: At this point I'm leaving it suspended as Phishing after 26 minutes of investigating. I cannot find a legitimate reason to be storing your visitors passwords in a plaintext easy-to-guess-the-filename-of file. I really just can't understand the logic of that, the file is easily findable and completely open to viewing (there is no block on it at all). That's just not secure or smart, and I can't see how it isn't phishing for mig33 passwords. I can honestly not see any legitimate reason that would be in line with our TOS or mig33's for needing a users username and pass.

 

[soumikztoa75]

me have many mig33 web base tool, u can see mmt33.in also. in every where me need mig33 password.. user give us there password personally for buying tools. smc is auto like tool. me need user password to connect to mig33 server. now i think u can understand... i will change merchant.php and dell username and password option from that page.

and at last one more thing i have to mention that if its a fake login page then i can make it same like mig33 page.... now everything depends upon u..:frown:

 

[Livewire]

Bringing up the mig33 tos then:

(e) sell, sublicense, assign, rent, lease, act as a service bureau or grant rights in the Site, mig33 software or mig33 services to any other person except with our prior written consent and/or pursuant to the provisions of Section 5 regarding our Merchant Program;

Do your users have prior written consent from Mig33 to grant you the right to access mig33? Or for that matter do you take measures to obtain that prior written consent? Cause I don't see that on your account.

What I see is users breaking the Mig33 TOS by granting you access under their account in violation of section e under 1.3 of the mig33 TOS. This would also violate section 4.1 regarding the License to the mig33 software being non-transferrable.

As for your "web base tool," if the ones on mmt33.in are any example, they also violate the mig33 TOS, and our AUP for solicitation of illegal acts, as the mig33 TOS doesn't allow tools such as flooding.


As such I'm leaving it as permanent, and closing the ticket. You'll want to rethink your business strategy - flooding isn't legal in the USA, it's considered spamming and actually violates enough of the Mig33 TOS to potentially land you in court. That's not a good thing.