GVH Password Reset?

Bella

@hellogoodbye said:
For what it's worth I'm a former customer (canceled early last month) and I haven't received any emails about my password being reset. I did however receive the one they sent informing people that they were investigating the issue.

From everything that I've read in this thread so far, I believe that it is only people with ACTIVE SERVICES that are receiving the password resets.

Bella

@darknyan said:
Then that narrows it down to HostUs.us. Note that this includes any accounts that you previously cancelled services with. I don't use the same email at GVH and ChicagoVPS.

I have services with almost every provider posted on LET, but not HostUS/ChicagoVPS. I do have UGVPS though. UGVPS is technically ChicagoVPS I guess.

hellogoodbye

@Bella said:
I believe that it is only people with ACTIVE SERVICES that are receiving the password resets.

Hmm, I just saw this post at another forum by a member who said he received an email despite not even being a customer (past or present) of theirs:

https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/#entry60638

black

@Ian_ said:
So how about that whmcs automation cronjob? I guess that cron job is stuck in a infinite loop. But thanks for the chuckle on blaming the software! So when is the vp of ops or director of ops going actually man up and tell the TRUTH!

Was that their official announcement?

hellogoodbye

@black said:
Was that their official announcement?

They haven't made an official announcement yet, though Jon did mention they will be making an official statement soon (this was about 6 hours ago). The cronjob explanation originated from one of their employees:

http://lowendtalk.com/discussion/comment/550307/#Comment_550307
http://lowendtalk.com/discussion/comment/550324/#Comment_550324

Toadyus

I think it's safe to assume that since the admin panel is "now" disabled on whmcs you can put 1+2 together and safely "assume" someone had admin access and was causing the problem.


What is the extent of the breach, hopefully just passwords reset, but your guess is as good as mine.

Ian_

Just as good as official, the person who made the statements is the vp of operations. Ole jon said it wasn't a security breach either but we know thats just a bunch of horse poop.

wych

@IceCream said:
wtf gvhtalk.com really exists. omg

Yuhuh.

Toadyus

@ksubedi said:
Just an update, as of now we have no evidence of a "hack" it looks more like a bug in WHMCS as the password resets were sent in line with the Cronjob, we will escalate to WHMCS to see if they have a better insight

Here is cron from whmcs 5.2.10 decoded but still the code is similar to latest one ones like 5.3.*: Link to decoded cron.php <---- Not mine found link on another forum.

After analyzing the cron.php code I would like to say that there is nothing that could make a password reset at all.

Ian_

lol

lukesUbuntu

so many password resets this issue has freaked me out a lil....

wych

@lukesUbuntu said:
so many password resets this issue has freaked me out a lil....

You could try to ask them for info on the real issue.

or...

Source - Amazon IP's Probe Green Value Host

ePAN

Wow..looks like GVH is not operated by professional, just curious, are they one man show host?

Added to my "stay away" list now.

MannDude

wych said: You could try to ask them for info on the real issue.

or...

This image has been resized to fit in the page. Click to enlarge.

Source

Or you could link to the real source, where a detailed thread exists highlighting how severe this issue is: https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/

wych

@MannDude said:

There is a source link there, just saying.

Pwner

@wych said:
Source - Amazon IP's Probe Green Value Host

So based on GVHTalk, an Amazon based IP had attacked them.

I'm no rocket scientist or a genius, but I'll take a guess. Someone who has a larger obsession against GVH than the rest of LET combined went to AWS and used one of their servers to launch this attack on GVH.

wych

@Pwner said:
I'm no rocket scientist or a genius, but I'll take a guess. Someone who has a larger obsession against GVH than the rest of LET combined went to AWS and used one of their servers to launch this attack on GVH.

http://gvhtalk.com/discussion/comment/6#Comment_6

Shows its linked to https://www.runscope.com/ which I assume was someone using their services that are hosted within amazon.

Pwner

@wych said:
Shows its linked to https://www.runscope.com/ which I assume was someone using their services that are hosted within amazon.

Long story short, someone has too much time/grudges on their hands.

Ruriko

now I'm being spammed with password reset emails and now gmail marks it spam lol

wych

@Ruriko said:
now I'm being spammed with password reset emails and now gmail marks it spam lol

Still?

Ruriko

@wych said:
Still?

nah it stopped a few hours ago

darkshire

hmm so where is the offical statment from the CEO and DIRECTOR of OPERATIONS ?

Pwner

@darkshire said:
hmm so where is the offical statment from the CEO and DIRECTOR of OPERATIONS ?

Funniest part out of this entire thing is that I went and read all 4 pages of this thread and not once did @GreenValueHost comment. Only another representative that promotes a different company in his signature did.

Oh the irony...

StevenN

@Pwner said:
Oh the irony...

GreenValueHost
Username GreenValueHost Joined November 2012 Visits 1,550 Last Active 1:57AM Roles Member Points 3 Thanked 110

He's active.

MannDude

Jon posted a statement on vpsBoard earlier today. He simply said,

"No it was not a security breach. Client data is completely safe and has not been leaked. We will have a final statement sent out regarding this issue soon. "

Of course, all the information that followed his response seems to prove otherwise.

Pwner

@MannDude said:
Jon posted a statement on vpsBoard earlier today. He simply said,

"No it was not a security breach. Client data is completely safe and has not been leaked. We will have a final statement sent out regarding this issue soon. "

Of course, all the information that followed his response seems to prove otherwise.

He says it's not a security breach, but on gvhtalk.com (GVH Forums) it was posted that the cause of the repeated resets was coming from an Amazon IP. Someone is obviously using AWS (either through Amazon or a reseller) and attacking them through it. Unless they mean to tell us that they were fully aware and in control of the Amazon IP that caused this.

MannDude

Pwner said: He says it's not a security breach, but on gvhtalk.com (GVH Forums) it was posted that the cause of the repeated resets was coming from an Amazon IP. Someone is obviously using AWS (either through Amazon or a reseller) and attacking them through it. Unless they mean to tell us that they were fully aware and in control of the Amazon IP that caused this.

Check the source of GVHTalk's information... He's just x-posting from "that other forum" =]

Granted, I guess technically it could mean that no personal information was leaked but I'm unsure if I would trust any statement from them just yet. Time will tell I suppose.

jnguyen

We have identified the root cause and will be releasing a public explanation statement shortly.

Pwner

@MannDude said:

https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/page-6#entry60798

So now that we've confirmed it was Amazon IPs that originated from the password change, we must ask ourselves. "Was GVH aware of this Amazon based server and in charge of this mass password change?" or "Did GVH get hacked?".

Toadyus

@GreenValueHost said:
We have identified the root cause and will be releasing a public explanation statement shortly.

Yeah the root cause of this mess is your.....