New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
To be far, it is Psychz's responsibility that these kind of emails shouldn't go out.
And it is the end users responsibility not to open every attachment in every single email sent, no matter how "legit" it looks like.
Just how I see things, don't think different opinions are now bad.
There are no coincidences. I called out a bad support reply from a provider who had a compromise and someone tried to turn it on to me soon after. Events like that are noteworthy when observing motives for behavior and connections between anonymous users.
If you can't control the narrative, attack the person sharing useful information. Maybe Psychz bought @alexvolk some red bull.
This post was my attempt at a drama parody today. Thanks, I'm here all night.
Let's all agree on a simple universal fact that JarLard is stupid.
We've sent an email alerting everyone not to open attachments. If your windows systems were up to date the CVE should effectively render the exploit useless.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882
All the best my dude!
Mostly well handled @WilliamProfuse but I do want to toss out a question that I'm not asking you to answer here: how did they get customer emails if all data is safe? Would be good to detail what they did get access to, as it was obviously more than just an SMTP session. That way customers can feel safe that it was all understood and covered.
The workstation was compromised and the user effectively use the portal system to grab the emails. Since the employee was entry level the access is pretty limited on what his portal has access to. We're working with Ubersmith to grab all access obtained in mean time.
Our email servers we were able to track all the emails sent and email those that were notified of the exploited emails. Roughly ~5% of our customers got contacted.
We're re-visiting all workstations policies again. Just get you an idea we already had policies in place of workstation being on ubuntu or self wiped windows machines. Its obvious this employee didn't follow procedures.
I don't like it.
You sound too professional.
For which we thank you!
Yes, the dude probably suited up and put on a tie prior to logging on LET and posting that update.
Piece of work.
From the command Jar ran, he was checking the main log (about mail sending & receiving) of exim, which is not the same as reading his customers' email.
Everyone wants a steak, not everyone likes to watch the cow get slaughtered. I noticed long ago that every choice at every junction in this industry creates a disagreement.
Yeah I think
unixbsd.info
is their whitelabel domain. I've had VPS services with some of their brands (like PhotonVPS and YardVPS) and the SolusVM control panel was on a subdomain of unixbsd.info.delete
Welp, luckily I check and open items on a VM of mine. Was anyway time to update it from Windows Server 2016 to 2019. Wiped and reinstalled, and changed all passwords I have. Thanks for getting me on top of my shit
i receive 6 phishing mail and a spam mail from a week ago, now i know the reason,thx
Pour some out for the former junior tech
Hey, @jar it's actually you who got that red bull from delimiter when they fucked up.
It's not drama - it's your reality that will be with you forever.
Saying that you take a look at your customer emails then oh, sorry, it's just a simple command.
Yeah, after realizing that he fucked up again sharing the command lol.
Makes sense!
We are a customer of Psychz but have not received the phishing emails. Normally all official emails from Psychz are sent via Amazon SES so I think the issue is limited to a hacked staff's machine/account.
I'm gonna need you to add some protein and potassium to this diet. All that salt intake alone is not good for your body.
I think need some Red Bull diet then:
Protein 0.3 g
Potassium 3 mg
I do this. Is it bad?
You can pipe the mail through an antivirus which will strike down the attachments when they are infected. Clam can do that and is free.
Would that mean that the provider reads the mails? I don't think so, the antivirus does and looks for some strings.
FTFY
By the way, Photon is 504'ing for me