Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

WHMCSServices (WHMCS Module Provider) Hacked - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCSServices (WHMCS Module Provider) Hacked

2»

Comments

  • TrKTrK Member
    edited December 2023

    @host_c said:

    @TrK said: Well, this manner of guiding is new to me, and believe me I didn't like it a bit.

    I do not see any threat in the above, you might have understood something else, but we are derailing the thread by this, have something to say, write me.

    this what felt awkward,

    @host_c said: you have public IP on the nodes ? Wait for a proxmox exploit, that will be fun fun fun.

    and it was already derailed on 17th December.

  • host_chost_c Member, Patron Provider

    And that is all 100% true. that is not best practice. hypervisor should never be on public address, if someone hacks it, it can delete all VM's running on that. Me and Calin had a talk about this, and he said he will redo the setup at some point.

    If bigger companies can get hacked, and they do from time to time, as some have nothing better to do with their skills, imagine a hypervisor node, protected by a password only, free on the net, how exposed is that?

    Even better, let me give you a better example, I am amazed that no one stated this before:

    Posting invoice numbers/order numbers on a sales thread, as that is the trend now, it is a bad idea in my point of view, regarding security and anonymity.
    At some point the provider might get hacked ( let's just presume this can actually happen ). The intruder now has "declared names in the billing platform" + order and invoice numbers on forums ( not just LET ) where the members posted on the sales thread.

    So with a simple excel sheet and some formulas ( not even using AI-GPT ), he can expose a ton of shit.

    Now stating the obvious, makes me what?

    And again, we are departing the sole purpose of this thread, and that is something I do not wish to do.

    Thanked by 1totally_not_banned
  • AdvinAdvin Member, Patron Provider
    edited December 2023

    @host_c said:
    And that is all 100% true. that is not best practice. hypervisor should never be on public address, if someone hacks it, it can delete all VM's running on that. Me and Calin had a talk about this, and he said he will redo the setup at some point.

    If bigger companies can get hacked, and they do from time to time, as some have nothing better to do with their skills, imagine a hypervisor node, protected by a password only, free on the net, how exposed is that?

    Even better, let me give you a better example, I am amazed that no one stated this before:

    Posting invoice numbers/order numbers on a sales thread, as that is the trend now, it is a bad idea in my point of view, regarding security and anonymity.
    At some point the provider might get hacked ( let's just presume this can actually happen ). The intruder now has "declared names in the billing platform" + order and invoice numbers on forums ( not just LET ) where the members posted on the sales thread.

    So with a simple excel sheet and some formulas ( not even using AI-GPT ), he can expose a ton of shit.

    Now stating the obvious, makes me what?

    And again, we are departing the sole purpose of this thread, and that is something I do not wish to do.

    If you want a quick and dirty solution to the problem of exposing instances publicly, just install Fail2ban and have it ban after 1-2 attempts. It supports Proxmox.

    https://pve.proxmox.com/wiki/Fail2ban

    I assume the reason Calin exposes his instances publicly is to allow users to have access to it (i.e. through a restricted PVE user).

    Thanked by 2host_c adly
  • host_chost_c Member, Patron Provider

    @Advin said: If you want a quick and dirty solution to the problem of exposing instances publicly, just install Fail2ban and have it ban after 1-2 attempts. It supports Proxmox.

    Yes, let's complicate something that can be fixed with having them on a management vlan, simple as hell, and 1 single firewall rule on the router/firewall that says:

    anything from public addresses to internal management addresses action DROP.

    Most effective solutions are the simplest, in any domain/filed. But yes, you can implement fail2ban definitely, and burn expensive IPV4 public addresses rather the using them for your customers, whatever works.

  • TrKTrK Member

    The simplest and most secure way I can think of it is corporate VPN access only. EOL

  • totally_not_bannedtotally_not_banned Member

    @host_c said:
    Even better, let me give you a better example, I am amazed that no one stated this before:

    Posting invoice numbers/order numbers on a sales thread, as that is the trend now, it is a bad idea in my point of view, regarding security and anonymity.
    At some point the provider might get hacked ( let's just presume this can actually happen ). The intruder now has "declared names in the billing platform" + order and invoice numbers on forums ( not just LET ) where the members posted on the sales thread.

    That's pretty clever. I didn't think of this either and probably even less those people dumping their order numbers everywhere. Getting the billing DB of some spammy host might make it easily possible to dox a whole lot of forum accounts.

    Thanked by 1host_c
  • host_chost_c Member, Patron Provider

    @totally_not_banned

    Thank you :smile:

Sign In or Register to comment.