Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Staminus Offline
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Staminus Offline

jonbeardjonbeard Member, Patron Provider

Who else has been affected by staminus being offline? Even their front facing website is offline: www.staminus.net

DDoS Protection
@StaminusComm
We are aware of network impacts. We are working on them. No ETA currently.
7:56 AM - 10 Mar 2016

«1345

Comments

  • DDoS'ed?

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    It's a pitty. I looked them up today, as I needed DDoS protected US provider and their site didn't even load. :(

  • estnocestnoc Member, Patron Provider

    Weird,in the morning i saw Incapsula was down,now staminus. Weird stuff :)

  • jonbeardjonbeard Member, Patron Provider

    I believe its more of a hardware issue, or announce issues. The ranges that they provided to us went offline, however our own ranges that we have routed with them continued staying online. Its either going to be a provider issue, a fiber cut, or a core router issue. The fact that they havent given much more info besides "we know we are working on it", is a little worrysome. Luckily none of our customers were affected by this, just a few of our internal systems, which were quickly changed over.

  • jonbeardjonbeard Member, Patron Provider

    Don't get me wrong, Staminus has held themselves up against attacks since we have been a client, however this lack of communication is what is irritating me.

  • ktkt Member, Host Rep
    edited March 2016

    Down for about 10 hours now I think, very odd.

  • Update on the situation: Staminus has been hacked, all database info including credit card info has been leaked. They used the same password for every box: St4m|nu5

    https://leakforums.net/thread-691896

    It is confirmed legit, ticket info of all customers is in there

  • doghouchdoghouch Member
    edited March 2016

    @dreadiscool said:
    Update on the situation: Staminus has been hacked, all database info including credit card info has been leaked. They used the same password for every box: St4m|nu5

    https://leakforums.net/thread-691896

    It is confirmed legit, ticket info of all customers is in there

    Edit: crap

  • dreadiscooldreadiscool Member
    edited March 2016

    @doghouch said:
    You idiot, read the rest of the post

    What drugs are you on?
    The people on the LF thread saying it's fake just aren't believers, look at the data yourself and confirm it with actual Staminus/Intreppid customers as I did. You'll see it's all true

  • I'm no expert in this matter, but will they have to pay any kind of fines since they stored credit card info in plaintext? Someone once mentioned to me that they claimed they were PCI compliant, but I'm not sure if that's true or not

    Thanked by 1GCat
  • NyrNyr Community Contributor, Veteran

    I can't see the leak, but they are telling a very different story on Twitter...

    https://twitter.com/StaminusComm/tweets

    Still partially down. A surprise to see such a kong downtime from them, RFO should be interesting.

    Thanked by 1GCat
  • @Nyr said:
    I can't see the leak, but they are telling a very different story on Twitter...

    https://twitter.com/StaminusComm/tweets

    Still partially down. A surprise to see such a kong downtime from them, RFO should be interesting.

    http://i.imgur.com/AIEr2Ji.png

    A picture for you

    Thanked by 1Nyr
  • NyrNyr Community Contributor, Veteran

    @dreadiscool said:

    I would doubt if the leak is indeed new, but if you're telling other customers have confirmed it...

    Very long downtime anyway, I guess they'll lose some important customers over this.

  • It has to be fairly recent, because one of their support agents, Bryant Townsend, left the company a few weeks/months ago, and his info doesn't show up on the list of active administrators.

    It's not conclusive proof of course, but it's something to consider

  • jonbeardjonbeard Member, Patron Provider

    Confirmed leak, FOR ANY CUSTOMER OF STAMINUS: Have cards shutoff and CHANGE ALL ROOT PASSWORDS INVOLVED WITH STAMINUS. Information below:

    A new group known as "FTA" earlier this week has hacked into two large anti-ddos companies known as Staminus and Intreppid. Both companies are hosts of very large companies that lead into smaller companies and game servers. It was noted that "FTA" has leaked all information regarding Staminus, Intreppid and a few other sites. All of the leaked information exposes thousands of clients including owners of: BuyCraft, RamNode, Spigot, MC-Index, Zenoscape and even the KKK which exposes members of the community. The KKK alone are tagged as a terroist organization. Both Staminus, and Intreppid are completely shot to the ground and thousands of clients are furious. All data from the leak contains personal information, passwords, server logins and so much more.

    http://hastebin.com/raw/oweyukamuj

    ["backup01-s3073-cab38-ocloud-irv1" ssh:72.20.52.37]: SAME BOX AS OTHER
    ["backup01-s3073-cab38-ocloud-irv1"]ssh:72.20.42.226: SAME BOX AS OTHER

  • @jonbeard said:
    Confirmed leak, FOR ANY CUSTOMER OF STAMINUS: Have cards shutoff and CHANGE ALL ROOT PASSWORDS INVOLVED WITH STAMINUS. Information below:

    A new group known as "FTA" earlier this week has hacked into two large anti-ddos companies known as Staminus and Intreppid.

    iirc Intreppid is a daughter company of Staminus - they're basically the same thing

  • jonbeardjonbeard Member, Patron Provider

    In case you guys don't see this in the link I provide:

    ~[CTRL-H]~ KKK & FRIENDS
    This was a real treat and one that completely blindsided our team. After pillaging and generally shitting on
    the entirety of Staminus' & co's infrastructure, it was discovered that one of the client box's was housing a real gem.
    Yes, that's right, Staminus was hosting the KKK and it's affiliates. An organization legally recognized in some regions
    as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is
    unforgiveable, and consequently they had to be punished.

    :: SNIP ::
        Hello Rachel Pendergraft,
    
        Your server is complete.
    
        Here is your server information:
    
        Administrative IP: 69.197.2.214 (Private Use)
        Protected IP: 69.197.31.193 (Public Use)
        User: root
        Password: TkBNk7TdrSh2Uq42
        Secondary Usable IP's: 69.197.31.193 - 69.197.31.206
    
        Please remember to not give out your Administrative IP [69.197.2.214]. Only use your Protected IP [69.197.31.193] for public serving services.
    
        Your protected IP is protected for 30 Gbps or 12 Million Packet Per Second which ever it reaches first. If your attack goes above either one 
        of those your protected IP will be nullrouted for the duration of the attack. If you wish to upgrade at that time 
        please submit a sales ticket requesting a quote.
    
        Your can reach your cPanel at https://69.197.2.214:2087
    
        If you have any further questions please do not hesitate to ask us.
    
        Thank you
    
    
        ---
        Thank You
        Intreppid Support |
    :: SNIP ::
    
    ( ?° ?? ?°)
    
    :: SNIP ::
        Please set the following rDNS pointers:
    
        69.197.2.214         sv1.harrisonarkansaswebsites.com
        69.197.31.193       kkk.bz
        69.197.31.198       wpmedianetwork.com
        69.197.31.199       kkk.com
        69.197.31.200       kkkradio.com
        69.197.31.201       americanheritagecommittee.com
        69.197.31.205       sotctraininginstitute.com
        69.197.31.206       sotctv.com
    
    
        Thank you
    
  • @jonbeard said:
    Confirmed leak, FOR ANY CUSTOMER OF STAMINUS: Have cards shutoff and CHANGE ALL ROOT PASSWORDS INVOLVED WITH STAMINUS. Information below:

    A new group known as "FTA" earlier this week has hacked into two large anti-ddos companies known as Staminus and Intreppid. Both companies are hosts of very large companies that lead into smaller companies and game servers. It was noted that "FTA" has leaked all information regarding Staminus, Intreppid and a few other sites. All of the leaked information exposes thousands of clients including owners of: BuyCraft, RamNode, Spigot, MC-Index, Zenoscape and even the KKK which exposes members of the community. The KKK alone are tagged as a terroist organization. Both Staminus, and Intreppid are completely shot to the ground and thousands of clients are furious. All data from the leak contains personal information, passwords, server logins and so much more.

    http://hastebin.com/raw/oweyukamuj

    ["SPCHECK" spcheck ssh:104.131.132.49 ]:root:St4m|nu5
    ["VM HOST" cl08-irv1 ssh:72.8.154.8 ]:root:St4m|nu5
    ["MOTHERLOAD" apitest ssh:69.197.35.134 ]:root:St4m|nu5
    ["CHATBOT" chatbot ssh:69.197.35.133 ]:root:St4m|nu5
    ["backup01-s3073-cab38-ocloud-irv1" ssh:69.197.40.229]:root:St4m|nu5
    ["backup01-s3073-cab38-ocloud-irv1" ssh:72.20.52.37]: SAME BOX AS OTHER
    ["backup01-s3073-cab38-ocloud-irv1"]ssh:72.20.42.226: SAME BOX AS OTHER
    ["ams2" ssh:176.56.238.205 ]:root:St4m|nu5
    ["proxweb" ssh:72.8.128.4]:root:St4m|nu5
    ["smb01-irv1" ssh:72.8.128.34]:root:St4m|nu5
    ["kkk" ssh:69.197.31.193]:root:TkBNk7TdrSh2Uq42
    ["puppet-agent" ssh:199.192.78.210]:root:St4m|nu5

    Didn't RamNode switch to Black Lotus?

    Looks like the turned back to Staminus.

    They are not peering with BL anymore and knowledgebase still mentions Staminus.

  • Nick_ANick_A Member, Top Host, Host Rep

    PetaByet said: They are not peering with BL anymore and knowledgebase still mentions Staminus.

    Correct, we're with Staminus. I'm not aware of any way the leak would directly compromise our customers' information, but we're staying on top of it as much as possible with zero communication from Staminus other than their tweets.

  • @Nick_A said:
    Correct, we're with Staminus. I'm not aware of any way the leak would directly compromise our customers' information, but we're staying on top of it as much as possible with zero communication from Staminus other than their tweets.

    I would be very hesitate and change your passwords for any server because their WHMCS information / Database information is in that leak.

    Including the cc_encryption_hash which encrypts your card details.

  • ClouviderClouvider Member, Patron Provider

    Licensecart said: Including the cc_encryption_hash which encrypts your card details.

    and all the other passwords, effectively making the DB useless if not converted to the new hash.

  • @Clouvider said:
    and all the other passwords, effectively making the DB useless if not converted to the new hash.

    Well all they need is the database & the whmcs config and when they've put the encryption hash in all the card information will show up on WHMCS.

  • raindog308raindog308 Administrator, Veteran

    "Not that we hold anything against the KKK."

    Hackers are so classy.

  • jonbeardjonbeard Member, Patron Provider

    Ive got a full cab customer that uses Staminus - while he was not affected (because anyone that uses their own IP space didnt go offline), I advised him on a cautionary side to change all of his root passwords regardless.

    Best to expect the worse, hope for the best. Be safe than sorry guys!

    Several things I want to point out here, the hackers responsible made a statement that the following occurred:

    -All credit card information for customers was stored in plain text, which is a PCI Compliance Issue. This right here would be the result of a major class action lawsuit.

    -All internal servers utilized the same root password, which is a freaking given that should never happen or occur!

    -Expose your power units to WAN scans, to shut down your power remotely. Like what the heck are you thinking?

    A lot of this is common-sense when it comes to security. If you want to make sure your systems are secure, contact me and I will put you in touch with people who can evaluate your systems. Unfortunately for Staminus, it is going to be extremely difficult to make a comeback for this, as a security company having this magnitude of a breach. They have customers with highly sensitive and validated environments that cost millions to validate and be complaint and now they’re at risk.

    This right here is the quickest way to destroy a multi-million dollar company.

    https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    jonbeard said: -All credit card information for customers was stored in plain text, which is a PCI Compliance Issue. This right here would be the result of a major class action lawsuit.

    Everything else can be forgotten and forgiven. This thing here, however, will be the end of them. No matter how rich they are, this lawsuit will bankrupt them. Exactly as you said - they have some clients, who are extremely sensitive and in the same time - powerfull.

  • MikePTMikePT Veteran

    This is just crazy. Oh god.

  • estnocestnoc Member, Patron Provider

    Oh god. This is crazy. I assume there will be never-ending lawsuit now.

  • RhysRhys Member, Host Rep
    edited March 2016

    Looks like servermania is taking this opportunity to advertise to Staminus clients included in the database dump.

    To whom this may concern,
    
    My name is Andrew Horton, Account Manager at ServerMania.com. I’m contracting you today as I’ve heard that you were affected by the Staminus outage and hack that occurred earlier today. We’re a premier Dedicated Server company with services based in New York. We leverage RioRey DDOS Protection appliances on the core of our network with over 200 Gbps of mitigation available covering all 7 layers.
    
    I would like to sit down with you and learn a bit more about your business and how we can service you.
    
    Our company can service your needs in the following ways:
    *Intel-Xeon based dedicated servers
    *Private VLAN, Switches and Racks
    *Standard dedicated 1 Gbps Network for each server
    *North American based with true 24/7 Support via E-Mail, Ticket or Telephone
    *Industry-Leading SLA
    *Dedicated Account Manager
    *Thousands of satisfied clients
    *Protecting some of the largest DDoS services on the market today!
    
    Let's move quick to avoid unnecessary downtime for your business!
    
    I look forward to speaking with you.
    
    -- 
    Andrew Horton, Account Manager, Server Mania
    +1.888.237.6637 | +1.716.745.4678 Ext. 608
    Skype ID: andrew.servermania
    [email protected] | www.servermania.com
    

    Paste w/ headers (Email censored for obvious reasons): https://pste.pw/v/mxJtvsB6VS

Sign In or Register to comment.