New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Was @cociu also hacked maybe hackers destroyed 400 HDD buy frying them
Yes, and that hack also affected Clouvider, like in a domino effect.
Now please elaborate on the connection between the two, since you brought it up in a completely different thread, unrelated with the Hostsolutions issue.
changing the post to delete please
I have a couple VM's with @Clouvider
I am not really worried but the fact @Hotmarer has suggested that a vulnerability was found in Github with access tokens is concerning.
I will await the official response from Clouvider themselves.
Maybe hackers also sold them on olx after(might be before)?
@Katyusha someday, when you've touched a pussy|penis for the first time, you'll realize what a piece of shit you were and there were much better things to do with your time.
So, does one need to ask for an embargo or hide a post instead of a delete if they've found to post private or sensitive info?
Or just a blanket, "edit your content away but don't ask mod to delete a thread"?
@Clouvider do we have an official statement as of yet or are you still unsure how this happened?
So a great provider on LET was hacked. So much professionalism. Drama continues.> @TimboJones said:
Actually, you should state that about Clouvider, not securing their fking servers properly, having security as their job! It is their time which is paid for, by clients!
@Hotmarer - Even though I am just a a member, please accept my regrets for your warning. This is not something which should have happened regardingg you having doubts related to an esteemed provider of LET being actually hacked. To help you in your doubts next time, simply post some screenshot too, containing the address bar of your browser.
Next time I will not publish the post immediately, but first I will try to write to the hacked provider. In this case, I just thought that the .net domain was their main domain and looked for some kind of contact with them. Although even if I wrote message to them via the contact form on the .com domain, I'm still waiting for contact
I also didn't want too many people to find out about that hack because they could find the bug I found.
good intentions aside the edit simply could have been phrased better than just 'delete me' - which was obviously exact the one thing not appreciated by the rules... ;-) ;-)
the warning will go away and not hurt anybody anyway.
No, please do post immediately. Sometimes a provider may put the website down and try to get out of it without a proper notice. Not all providers take responsibility for their own actions, or communicate with clients.
Please post such hacks here too, with a screenshot to prove your words, and we will have proper debates and discussions, so these hacks may be avoided in future.
Let's not also forget that some providers use the same configs, so if a vulnerability arises, LET may develop a quick patching script, through other providers to share.
You have to publish it as soon as you see it.
Other members have services with providers, they also share the same third party software and by not making it public you are most likely preventing other providers/members from knowing of the issue.
My assumption is that this was not a third party or vulnerability. @Clouvider most probably overlooked an issue or used some sort of insecure password on older infrastructure/code and it was found out.
@Hotmarer where was the Github code that you mention?
Is it now removed?
@default How about they:
1. Save the info.
2. Notify the provider privately to deal with the issue. Give enough time to fix.
3. They release the info here.
That's a generally accepted practice for security issues.
Good idea to check for leaks:
https://github.com/zricethezav/gitleaks
https://github.com/awslabs/git-secrets
Yes, everything is now protected, i think.
@Hotmarer Great!
I expect @Clouvider to let us know what actually happened.
If you keep WP updated and use few plugins (update those as well) then it's a pretty safe environment. It's basically running LAMP.
Good Evening,
The following is a complete statement following our now concluded investigations into the website defacement and then subsequently reported access token being publicly available.
At approximately 20:30 on the 27th Aug 2021 (UK/London Time), we were made aware that one of our websites had been defaced on the domain clouvider.net, clouvider does not actually have a website on the clouvider.net domain, the clouvider.net domain would usually just redirect to clouvider.com our main website which was in no way impacted and is completely separated.
The malicious website seen on clouvider.net was placed on what is essentially a skeleton account created on a cPanel/WHM server used for internal projects and properties only and has been migrated as we have upgraded the backend infrastructure since 2014.
Unfortunately due to its only function being to redirect a number of domain extensions to the main website not a great deal of attention was paid to keeping it updated which unfortunately left it open to a malware attack and allowed the malicious files to be uploaded to the public_html directory.
The server is running CageFS and this incident was isolated from all other internal properties on the server.
Subsequently, after our initial statement was made it was pointed out that our speed test server at as62240.net had a .git/config file publicly available could allow an attacker to download the locally stored git files which contain source code of the as62240.net website
The source code contained a token that allowed the gathering of information from our Libre setup, the only function of this Libre setup was to feed data to the wethermap on our as62240.net website, no Customer information is held on this server.
Following this we have updated the as62240.net website, removed the .git files and folders, and have updated all access tokens, again to reiterate this token was only used for displaying information on our as62240.net, to begin with.
The whole team has spent a number of sleepless nights working to complete a full audit of all possible impact points and to make sure we did not make any mistakes marking our own homework we employed the services of Rack911 to conduct an external audit, all advice as extra steps given has been carried out.
Finally, we would like to re-confirm again that no Customer information was available on any of the impacted services and no access to any other parts of our infrastructure containing Customer information could have been gained.
We have taken steps internally to learn and will continue to learn from this to avoid any further future issues.
Huh? He blanked his thread and changed the title and content to Deleted. This is specifically called out in the rules. He was warned.
Will you also be apologizing for slavery, mistreatment of Native Americans, the Pontic genocide, the Roman rape of Gaul, and Spanish misdeeds in Paraguay?
Hi . How are these guys? I am always worried about double check everything regarding security.
expensive but good albeit not as good since the founder passed
This came as a shock to me. I didn't know that Steven has passed away. He was an amazing guy.
No one should question the commitment, that response contained more than necessary for something not connected to customer data. Sounds like entirely unimportant assets trying to assert their importance. Pesky little things they can be.
@Clouvider 10/10 for that postmortem