GreenValueHost hacked, data stolen

MorningIris

@AnthonySmith sorry if you don't know, better not know.

Nekki

AnthonySmith said: buuuuuuuuuuuuuuuuuuuuurnnnnn!!! wait.... what does that even mean?

I'm presuming it means that I hold items improperly.

MarkTurner

The only things that are KNOWN at this time - I have personally seen the webserver access log:

1. There was a dump called dump.sql placed in the root directory of greenvaluehost.com
2. Two downloads took place, one by Jon and another that OVH IP address posted on the first page

As to who created the dump its unknown.

AnthonySmith

@MorningIris said:
AnthonySmith sorry if you don't know, better not know.

agreed.

Nekki

vpsnerds said: Typical chauvinist pig. You do have mothers that use this site you know.

No, we have children who pretend to be mothers, huge difference.

kyaky

oh, no... although not a customer of them anymore but information still leaked...

mpkossen

@AnthonySmith said:
buuuuuuuuuuuuuuuuuuuuurnnnnn!!! wait.... what does that even mean?

I literally snorted Sprite through my nose when I read that.

vpsnerds

Your disgusting.

@Nekki said:
No, we have children who pretend to be mothers, huge difference.

wych

@Nekki said:
No, we have children who pretend to be mothers, huge difference.

Welcome to England! Jk.

Nekki

vpsnerds said: Your disgusting.

My disgusting what?

mrtz

WebSearchingPro said: From what I see, its two separate incidents, Jack used it as an opportunity to grab a second copy of the database. I recall a DDoS attack around the same time as the dump.

If you notice the Russian postings on VPSB appear to be significantly older based on the epoch date for the last entries. "GMT: Sun, 09 Feb 2014 16:23:35 GMT"

The insinuations of a db floating around were made before the dump.sql modification date (which would be its creation date for that kind of file).

Are people completely ignoring this post, or ... ?

AnthonySmith

@MarkTurner said:
The only things that are KNOWN at this time - I have personally seen the webserver access log:

1. There was a dump called dump.sql placed in the root directory of greenvaluehost.com
2. Two downloads took place, one by Jon and another that OVH IP address posted on the first page

As to who created the dump its unknown.

We also know that the dump was created and then downloaded in under 1 minute and that the rDNS on the IP is sephton.us, so far Jack has not denied that is his server and only 2 downloads were made 1 of them was jon.

We are expected then to believe that in just 60 seconds or less, an sql dump was created, jon found out about the breach, jon contacted Jack, jack logged in to the WHMCS back end and located the sql dump.

little bit of a stretch?

Virtovo

@AnthonySmith said:

Did Jon maybe move the dump he found to public HTML to download/check? Then it was grabbed after the discussion?

badpatrick

Seeing as this topic is about stolen data I just wanted to say that last month I contacted 4-5 hosting companies that I no longer had service with asking if my account and personal information could be deleted.

@SkylarM - Crissic Solutions was the only one who did this for me. I was able to edit information myself in one service account. The others did not allow editing and refused to delete my account and stated they keep it indefinitely for accounting/billing reasons.

There's a dozen or so VPS companies on this site that have my private information. I will be contacting GVH and will be asking for a year of credit monitoring paid by them. I plan to contact my local attorney general's office and will forward my complaint to GVHs local office as well. I'm not sure if anything will come of it but it's time my private information is taken seriously and secured properly.

AnthonySmith

@Virtovo said:

in under 60 seconds?

He found the dump and moved less than 60 seconds AFTER it was created?

I hope Jack did not do it I really honestly do, I hope someone comes up with something that proves this to be complete bollocks and it was hacked last week.

But for the circumstances right now and for the dbdump then attempted deletion of the server I just dont believe all of this is pure coincidence in less than 60 seconds.

raindog308

badpatrick said: Seeing as this topic is about stolen data I just wanted to say that last month I contacted 4-5 hosting companies that I no longer had service with asking if my account and personal information could be deleted.

@SkylarM - Crissic Solutions was the only one who did this for me. I was able to edit information myself in one service account. The others did not allow editing and refused to delete my account and stated they keep it indefinitely for accounting/billing reasons.

There was a long thread about this and the plain facts are that providers have no responsibility to do this. They have many reasons why they may want to keep info on who they've done business with on file.

On the flip side, though, they have a duty to protect that info, so GVH may very well be liable for the exposure.

AnthonySmith

@badpatrick said:

>

There's a dozen or so VPS companies on this site that have my private information. I will be contacting GVH and will be asking for a year of credit monitoring paid by them. I plan to contact my local attorney general's office and will forward my complaint to GVHs local office as well. I'm not sure if anything will come of it but it's time my private information is taken seriously and secured properly.

I have yet to see anyone back this claim of action up with any evidence of doing so, please be the exception.

Virtovo

@AnthonySmith said:
But for the circumstances right now and for the dbdump then attempted deletion of the server I just dont believe all of this is pure coincidence in less than 60 seconds.

Was just a suggestion. I have no idea. Not sure if the 60 seconds is confirmed. Lost track. Are GVH back on track with restoring backups etc?

XxNisseGamerxX

Hmm, site is availble. Anyone know something more?

WebSearchingPro

@XxNisseGamerxX said:
Hmm, site is availble. Anyone know something more?

Slowly working to restore from backups.

Virtovo

@WebSearchingPro said:
Slowly working to restore from backups.

Good of you to assist.

MarkTurner

@AnthonySmith said:
We also know that the dump was created and then downloaded in under 1 minute and that the rDNS on the IP is
sephton.us, so far Jack has not denied that is his server and only 2 downloads were made 1 of them was jon.

We are expected then to believe that in just 60 seconds or less, an sql dump was created, jon found out about
the breach, jon contacted Jack, jack logged in to the WHMCS back end and located the sql dump.

little bit of a stretch?

I agree that the chances of it being created and downloaded within a minute are damning. No question

But in terms of actual evidence, we only know he downloaded.

The problem is that lfd kicked off some alerts but no-one knows where they would go. /etc was removed off the server so no-way to find out and so on....

XxNisseGamerxX

@WebSearchingPro said:
Slowly working to restore from backups.

Okay. I'm waiting on my vps move to Chicago A staff was supposed to make it minutes before hack.

AlexanderM

@XxNisseGamerxX said:

You're seriously keeping your VPS?

XxNisseGamerxX

@AlexanderM said:
You're seriously keeping your VPS?

Got it for free.

definedcode

@XxNisseGamerxX said:
Got it for free.

Then have the decency to at least wait until they've got everything recovered before you pester them to move something they gave you out of their own pocket.

Nekki

@XxNisseGamerxX said:
Got it for free.

'Come for the free VPS, stay for the personal information leaks!'

XxNisseGamerxX

@definedcode said:
Then have the decency to at least wait until they've got everything recovered before you pester them to move something they gave you out of their own pocket.

Hmm

AlexanderM

@XxNisseGamerxX said:
Got it for free.

Won't be free now your personal data from their database is leaked on the www

XxNisseGamerxX

@Nekki said:
'Come for the free VPS, stay for the personal information leaks!'

OK