New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Received the same Christmas gift from hostsolutions
Yeah, pretty much this.
Virtual CCs for every provider (Privacy.com, ONE Finance, similar banks that use legit cards that are still isolated)
Bitwarden, generate a new password for EVERY SERVICE, EVEN LOCAL ONES (self-hosted)
Just, please don't reuse passwords for this exact reason.
EDIT: Side note, as a Privacy advocate I don't necessarily trust Privacy.com with my information as they delete nothing but it does its job well for situations like this.
as we already know, cociu transferred (part?) of his customers database to Terrahost (do you think it was send by super secure protected channel... or maybe just plain insecure e-mail?)
we already know, that Terrahost was acquired by Epik
we know, that Epik experienced data breach
or maybe he just sold last valuable asset (customer base) or maybe it is another issue with some infamous malicious closed source pseudo benchmark which allegedly was used on his storage infrastructure soon before the great involucration drama
Next year, you'll get an email with your bitwarden passwords.
Paper or nothing!
@Calin could you maybe reach out to cociu and see what he has to say about this?
If they gain access to my self-hosted bitwarden vault I'm in far more trouble than passwords.
Paper gives all your passwords to anyone who enters your home.
self-hosted on own on-premise or on HS/Terrahost/Epik cloud?
On premise. Server is within reach.
EDIT: Also ridiculous overkill but full disk encryption and a killswitch that cuts the power in case of an emergency. i.e. a break-in
I prefer using a UV sensitive fluid on the wall for an additional layer of security.
I sat on a mall santa's lap to ask just for cociu's resurrection. I don't think we'll be let down.
What's the verdict on those who haven't received an email? The hacker is still crafting a personal message? Or blocked at the mail provider level?
https://www.ndchost.com/wiki/software/whmcs/client-password-hash
Only people who signed up ages ago wouldn't be able to check, but I signed up recently. My password was in bcrypt. I think you must be confused with the encrypt/decrypt functions on older versions of WHMCS?
I personally got two emails, one from "Received: from mo4-p07-ob.smtp.rzone.de (mo4-p07-ob.smtp.rzone.de [85.215.255.115])" as "[email protected]" and then two from "[email protected]"
I know the cPanel module's password is hashed based on the salt in the file, would seem odd that the main software wouldn't use the salt while the base software provides a salt for passwords that it stores for a module.
Suppose it could have changed but an odd change.
The Hacker trying to black mail Cociu? Finding water in the desert?
For anyone interested in an uncensored one: https://paste.mxrouteapps.com/?b734a81585cc6f87#FXqnmoGewUyhGtfpPGCb5MczRQyqF7s91nofTStNEdqu
Don't know what the password is, I know it's not important to me. Didn't reuse passwords then, I was under pretty constant attack during those days. Nothing of value in the WHMCS account but one or two invoices for an idled server, certain of that
"Jarland from LET" lol old school
@default
Update: I've just received and seen the email too, and can confirm that they got real data.
I do the same thing so I know it's definitely from them too, checked my password manager as well. Here's my password by the way for the billing panel if anyone wants it:
DZayiXB2fGt1dJpln5a8
shows about how much I care since I use unique passwords for most things. I'm having trouble remembering what services I've even bought from them frankly lmao.They send me email too, have my real name & address + password.
I can confirm the email address, password, IP, and some personal details are correct.
My email was from [email protected]. Tracing through the headers I see:
Received: from banana.whitelabelwebserver.com (banana.whitelabelwebserver.com [178.63.22.27])
and
Received: from [185.225.28.153] (port=16333 helo=DESKTOP-P4817UJ.localdomain) by banana.whitelabelwebserver.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <[email protected]>)
As I'm sure y'all have checked, 178.63.22.27 is a Hetzner IP, 185.225.28.153 is Mullvad (probably a VPN?). whitelabelwebserver.com and protechinfinity.com's registrar is www.publicdomainregistry.com. Obviously the second received from header line could be forged, but the first is from my server and should be correct.
edit: I used https://bcrypt-generator.com/ to verify the hash matched my password.
This will be gone soon. Everything will be fixed on Monday... right? Right?
Support and hope that hackers can make public backups
Because, I want to get back my vps data
(lol
The so-called data leak was in November. By that time, much of data was gone as lots of hardware was already sold anyway. I don't think hackers have access to data at the point, because there is no data to access.
As @jsg mentioned, the theory of selling the database makes more sense, considering the downfall of business and the recent legal debts. The timing is very convenient too, considering this database was about the only thing left, while Norway data is already given to Epik.
Now he can sit back, blame some hackers, and close the business, without any care for remaining credits. Christmas timing also gives the perfect opportunity to not answer any calls or emails, and then close it all.
I just got the email too. Luckily I didn’t use my CC to pay. What the hell…
I had those fields in WHMCS. I used stripe. The fields were not populated as a result of using the stripe module. Unless he used the old school way of storing cards and his own merchant account, should be a safe bet that no one had a CC leak.
Just got mine as well.
That timing thou, sending these on Christmas day. Perhaps this is my lovely Christmas gift...
Humanity would suck less if people spent their time watching anime instead of doing evil stuff.
Love the smiley face by the way.
Refrain from revealing too much information that the perpetrator could use to match a LowEndTalk forum name with the names in the HostSolutions database. Some might be downright obvious but some aren't. Who ever is doing this is evidently not foreign to this community and could potentially use the additional information to commit further immoral acts.
Value is in the negatives now