New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Staminus Offline
Who else has been affected by staminus being offline? Even their front facing website is offline: www.staminus.net
DDoS Protection
@StaminusComm
We are aware of network impacts. We are working on them. No ETA currently.
7:56 AM - 10 Mar 2016
Comments
DDoS'ed?
It's a pitty. I looked them up today, as I needed DDoS protected US provider and their site didn't even load.
Weird,in the morning i saw Incapsula was down,now staminus. Weird stuff
I believe its more of a hardware issue, or announce issues. The ranges that they provided to us went offline, however our own ranges that we have routed with them continued staying online. Its either going to be a provider issue, a fiber cut, or a core router issue. The fact that they havent given much more info besides "we know we are working on it", is a little worrysome. Luckily none of our customers were affected by this, just a few of our internal systems, which were quickly changed over.
Don't get me wrong, Staminus has held themselves up against attacks since we have been a client, however this lack of communication is what is irritating me.
Down for about 10 hours now I think, very odd.
Update on the situation: Staminus has been hacked, all database info including credit card info has been leaked. They used the same password for every box: St4m|nu5
https://leakforums.net/thread-691896
It is confirmed legit, ticket info of all customers is in there
Edit: crap
What drugs are you on?
The people on the LF thread saying it's fake just aren't believers, look at the data yourself and confirm it with actual Staminus/Intreppid customers as I did. You'll see it's all true
I'm no expert in this matter, but will they have to pay any kind of fines since they stored credit card info in plaintext? Someone once mentioned to me that they claimed they were PCI compliant, but I'm not sure if that's true or not
I can't see the leak, but they are telling a very different story on Twitter...
https://twitter.com/StaminusComm/tweets
Still partially down. A surprise to see such a kong downtime from them, RFO should be interesting.
http://i.imgur.com/AIEr2Ji.png
A picture for you
I would doubt if the leak is indeed new, but if you're telling other customers have confirmed it...
Very long downtime anyway, I guess they'll lose some important customers over this.
It has to be fairly recent, because one of their support agents, Bryant Townsend, left the company a few weeks/months ago, and his info doesn't show up on the list of active administrators.
It's not conclusive proof of course, but it's something to consider
Confirmed leak, FOR ANY CUSTOMER OF STAMINUS: Have cards shutoff and CHANGE ALL ROOT PASSWORDS INVOLVED WITH STAMINUS. Information below:
A new group known as "FTA" earlier this week has hacked into two large anti-ddos companies known as Staminus and Intreppid. Both companies are hosts of very large companies that lead into smaller companies and game servers. It was noted that "FTA" has leaked all information regarding Staminus, Intreppid and a few other sites. All of the leaked information exposes thousands of clients including owners of: BuyCraft, RamNode, Spigot, MC-Index, Zenoscape and even the KKK which exposes members of the community. The KKK alone are tagged as a terroist organization. Both Staminus, and Intreppid are completely shot to the ground and thousands of clients are furious. All data from the leak contains personal information, passwords, server logins and so much more.
http://hastebin.com/raw/oweyukamuj
["backup01-s3073-cab38-ocloud-irv1" ssh:72.20.52.37]: SAME BOX AS OTHER
["backup01-s3073-cab38-ocloud-irv1"]ssh:72.20.42.226: SAME BOX AS OTHER
iirc Intreppid is a daughter company of Staminus - they're basically the same thing
In case you guys don't see this in the link I provide:
~[CTRL-H]~ KKK & FRIENDS
This was a real treat and one that completely blindsided our team. After pillaging and generally shitting on
the entirety of Staminus' & co's infrastructure, it was discovered that one of the client box's was housing a real gem.
Yes, that's right, Staminus was hosting the KKK and it's affiliates. An organization legally recognized in some regions
as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is
unforgiveable, and consequently they had to be punished.
Didn't RamNode switch to Black Lotus?
Looks like the turned back to Staminus.
They are not peering with BL anymore and knowledgebase still mentions Staminus.
Correct, we're with Staminus. I'm not aware of any way the leak would directly compromise our customers' information, but we're staying on top of it as much as possible with zero communication from Staminus other than their tweets.
I would be very hesitate and change your passwords for any server because their WHMCS information / Database information is in that leak.
Including the cc_encryption_hash which encrypts your card details.
and all the other passwords, effectively making the DB useless if not converted to the new hash.
Well all they need is the database & the whmcs config and when they've put the encryption hash in all the card information will show up on WHMCS.
"Not that we hold anything against the KKK."
Hackers are so classy.
The irony.
Ive got a full cab customer that uses Staminus - while he was not affected (because anyone that uses their own IP space didnt go offline), I advised him on a cautionary side to change all of his root passwords regardless.
Best to expect the worse, hope for the best. Be safe than sorry guys!
Several things I want to point out here, the hackers responsible made a statement that the following occurred:
-All credit card information for customers was stored in plain text, which is a PCI Compliance Issue. This right here would be the result of a major class action lawsuit.
-All internal servers utilized the same root password, which is a freaking given that should never happen or occur!
-Expose your power units to WAN scans, to shut down your power remotely. Like what the heck are you thinking?
A lot of this is common-sense when it comes to security. If you want to make sure your systems are secure, contact me and I will put you in touch with people who can evaluate your systems. Unfortunately for Staminus, it is going to be extremely difficult to make a comeback for this, as a security company having this magnitude of a breach. They have customers with highly sensitive and validated environments that cost millions to validate and be complaint and now they’re at risk.
This right here is the quickest way to destroy a multi-million dollar company.
https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/
Everything else can be forgotten and forgiven. This thing here, however, will be the end of them. No matter how rich they are, this lawsuit will bankrupt them. Exactly as you said - they have some clients, who are extremely sensitive and in the same time - powerfull.
This is just crazy. Oh god.
Oh god. This is crazy. I assume there will be never-ending lawsuit now.
Looks like servermania is taking this opportunity to advertise to Staminus clients included in the database dump.
Paste w/ headers (Email censored for obvious reasons): https://pste.pw/v/mxJtvsB6VS