New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Ya?
F-n XMAS beauty I watchin cociu appeared on the LET again
@Calin is a long story will do a full description after the new year.
@cociu You are real or hacker hijack your LET account?
you are looking in the wrong direction, see here:
https://www.lowendtalk.com/discussion/comment/3354277/#Comment_3354277
I hope this too , the guy is with the company registered : MAN Hosting GMB Srl , this guy had some relations with us in the summer and was stole this data . BUt like i told i will publish a full report about this lather.
UPDATE : our whmcs is down and will stay down until we reinstall from zero and import all clients again .
Your breach happened through adminer and not whmcs. Many people told you this before. Are you stupid or what?
Then how do you explain this?
How long have you known about this breach? Why were your customers not informed the moment you discovered something was amiss? (allegedly all backups were deleted so you must have known)
To be fair, the right answer IS to turn off everything and rebuild and security check each piece from the ground up including going through WHMCS. One of the first things I would do after accessing something I shouldn't is leave multiple little nuggets that help me get back access down the road should I need it.
Not that I think any due diligence is a tually being performed here
Not that I'm in any position to comment having nothing to do with any of this drama, but from following along this thread I believe brueggus was referring to the last login date and when cociu said it only impacted old clients they were referring to the original sign-up date which are two different things.
we have been informed last night about this
I still have my NVMe seedbox works smoothly with ExoticaZ linux isos, so cociu can have publik adminer as long as it has
affected in all this is our whmcs and 2 nodes nothing more , THis 2 nodes is down right now and our whmcs also until we will be sure all this backrounds is removed and secured.
How did you not realize that all backups were deleted?
From the mail:
if a scamer is try to make money is acuse anything to get money .... all our backups is local and not have acces to external network so ...
Come one, no one should believe a single thing.
But "MAN Hosting GMB Srl" is not a @Calin company? because they use that name in the IP as organization
https://www.shodan.io/host/185.150.18.2
yes ... is him ... lather will explain , working with Adrian to put the out nodes back online and reinstall our whmcs from zero.
the company is also stated in the footer of ihostart.com website
lmao what it took you a data breach of 11k customers to come back
a monday?
yes, those crybabys making drama cuz their vps are offline HE HE XD
I also received this letter in the morning, but flew into spam. I just noticed that it came in the morning. In general, do not care, and so different passwords. I have public data, full name, address, etc.
Someone is lying here.
I remember there being a message saying "A critical error has been detected" or something along those lines on the WHMCS page before it went down completely. I was trying to check the status of a ticket that I have been waiting for an answer on (lol). Soon after I saw this error the website was completely taken offline. Who took secure.hostsolutions.ro offline? Why weren't customers informed of a possible breach? Is it a normal occurrence for your entire system to be rm -rf'ed by random people due to you using the same root password for everything?
Not to mention, I signed up a few months ago, so the data is from the live database. My last login date was a mere few weeks ago in the line from the database.
From here, it looks like someone knew at least 4 days ago.
https://terrahoststatus.com/issue/a2fc0efe-1cb7-4d63-ab55-19605b6cc3ae
"A full node operating system crash is the cause of this downtime."
How was this concluded?
i am not lie nothing , i just tell the breach is true , we are still investigate what is affected here , for this for the moment we have not send any email to any clients , personally i have multiple account screated in hostsolutions.ro with different emails and i have receive only from one the same email ... so what is sure the hacker dont have the full data base (at least personally i suspect have the old data not the new one) .
I would trust the hacker for all the technical related details. Not cociu.
Not before they know how much damage or loss they're looking at. If the hacker was foreign to this community and had he not come here to share his story, all of this could have been swept under the rug.
When you have enemies, yes. Clearly they're not a match made in heaven.
This breach is recent. I can only guess it probably happened some time mid year.
It may be true that the data belongs to customers who registered a year ago or so because I initially registered with some random generated details at first and a spare email address I had then later on I updated to a disposable email and as far as it seems I got the same email on the first address which I've only set a forwarding on have rarely been using.
My question is, does WHMCS only stores sign up data or does it update its database with most recent changes the customer adds to the account panel? Asking because I should've normally received the email to the disposable address but instead it has been forwarded from the inactive address. If the updated data automatically changes in the WHMCS database then this means the hacker got an older version of their database and that looks like it's coming from a backup probably.
Good thing I always stayed away from topping up my account there and used some dummy information. Hopefully the hacker keeps his promise and deletes the data for the customers with exposed personal information.
I recall reading some people confirming that the email showed their recent login history.
And there's also this
What do you mean by changing the database exactly?
Just noticed the signature, nice one
how you think its cociu, please. The writing style is 99% different.
Yep, @cociu LET account has been hacked as well.
I love the " I dont answer my tickets!" signature.