New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Excuse the grammatical errors in the post, but a rather full and stressful day, including the last 2 hours
original thread where his competitor from deadpooled HAZi.ro published details of Calins panel vulnerabilities to hurt him:
https://lowendtalk.com/discussion/192081/when-life-takes-revenge-that-you-enjoy-the-evil-of-others-art-host/p1
GDPR law:
Source: https://edpb.europa.eu/system/files/2023-04/edpb_guidelines_202209_personal_data_breach_notification_v2.0_en.pdf
I think the leak was overestimated.
I say this because it was considered database leak the moment when I posted the thread while the error existed only on web, not on DB, some time before (you know better what and when you changed).
Then, database access seemed restricted to localhost, so no one without SSH access to your VM could access your database.
Even adminer or another mysql access tool via the web would have failed (if it exists) because the php interpreter was broken.
I say this because it was considered database leak the moment when I posted the thread while the error existed only on web, not on DB, some time before (you know better what and when you changed).
Then, database access seemed restricted to localhost, so no one without SSH access to your VM could access your database.
>
Big problem here it's more people start downloaded with wget , we start investigate and give coming soon a official answer
I add another sleepless night to my calendar ;(
Regards
No one can use your whmcs license without you giving them a refresh to delete the data already saved on it.
Then, all that data (excluding the path to the admin panel) is useless as long as those who have the configuration file do not have access to the webhost as root/copy of the database.
Focus on what caused this problem to appear without realizing it, the leak itself is not such a big problem from my perspective, from the arguments above.
My thread was not intended to shut you down, but to let those who idolize you see that you still have more to learn, not just me.
A long time ago we made an agreement to see each other for sales, but you violated this for some time when you started to arouse those who hate me for free through my threads.
We can try a second time to see each other, it's up to you to want that.
Good luck with debugging!
@everyone After we investigate more attented this breach we confirmed emails or phones or tickets not exposed , just our password of config.php from WHMCS
AGAIN , as a precautionary measure we recommend you to change the VPS password
At the same time, we plan to migrate from WHMCS to blesta or another billing panel
We don't have for now a ETA when website back online
More Answers/Questions (Q&A)
Question: Data base it's possible accesed outside from VPS network?
Anwser: NO , we usage all on localhost
Question: Any customer from ihostart network possible try to login on web panel to accesed data base?
Answer: NO , we usage separed provider for our main website (ihostart.com / panel.ihostart.com)
@FlorinMarian @Calin
Hope you 2 kids either start to play along, or just ignore DCMA each-other.
Both of you have bigger issue to deal with. Cave king has beside the stability problems of he's network, now a Billing Platform issue, Coder boy is still under DDOS/ISP Fuckup
I think the one to be blamed is Orange ISP as that is the only thing common with you 2
.
PS:
Calin, in the morning I will write you to see what the hack we can do with that WHMCS.
Florin, I have managed to get the tunnel working at 1G, write me if you wish to do another test.
Calin and Florin needs to hug this out.