Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


GalaxyHostPlus Suspected Breach of Contact Details
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

GalaxyHostPlus Suspected Breach of Contact Details

On 11 March 2016 at 19:21, billing@darkcloudhosting.co.uk wrote:

Hello there!
Hope you're doing well today!
We would like to announce that Dark Cloud Hosting is going to open at an announced date this month and we hope to catch you inside our small family.
If you have an inquiries about services that'll be offered from our part then contact [email protected] and we will respond within 6 hours!

Best regards,
Dark Cloud Hosting Marketing Team

Spam that arrived along with several hundred CC'ed addresses. A few people have had a back and forth about reporting them to various data protection agencies, and noted that several of the addresses have +galaxyhosplus gmail aliases.

GalaxyHostPlus have had a few offers on LET.

«1

Comments

  • And frankly, I never heard of "Dark Cloud Hosting" before.

  • IshaqIshaq Member

    @DarkCloud

    Joined today.

    Thanked by 1GCat
  • I've heard of GalaxyHostPlus but not of Dark Cloud Hosting are they in business together?

  • SkyriderSkyrider Member
    edited March 2016

    @VyprNetworks said:
    I've heard of GalaxyHostPlus but not of Dark Cloud Hosting are they in business together?

    Not that I know.. I'm trying to ask GHP about it, but their support system cannot make connection with their database.

    Critical Error
    Could not connect to the database.

    Can't find anything on google either (besides this thread).. Kinda worried.

  • Probably because this dark cloud lot are 'new'.

    @Ishaq, maybe they're both one and the same person, just a new company/domain? You'd be in a better position to tell with signup info.

    Either way, private data leaked. bad bad bad. Just putting it 'out there'.

  • Hello.

    We are investigating this we have shutdown our database we will inform once we find out everything. I will keep everything updated on this thread.

    Also if someone can forward this email to me at [email protected]

    At this moment looks like only VPS Clients are affected from Virtualizor Panel so be aware

  • @Skyrider said:

    That defiantly is not a good coincidence..

  • donsrdonsr Member

    i got too from
    [email protected]

  • SkyriderSkyrider Member
    edited March 2016

    I received an email back from Dark Cloud Hosting, needless to say.. person who did this kinda has been suspended. It still makes me wonder if galaxyhostingplus & dark cloud hosting are affiliated.

    Also, whois info is a bit weird on Dark Cloud Hosting:

    Registrant's address:
    12 RUE 1 AV
    OUED ABI RAKRAK
    TETOUAN
    TANGER-TETOUAN
    93000
    Morocco

    Data validation:
    Nominet was not able to match the registrant's name and/or address against a 3rd party source on 26-Jun-2015

    Their entire website is new as well, most things don't work. I assume that's the "soon" all about in the email subject.

    Thanked by 1VyprNetworks
  • Virtualizor is shi*, and so is the security on it.

    Why didn't you switch to SolusVM @GalaxyHostPlus?

  • SkyriderSkyrider Member
    edited March 2016

    @FlamesRunner said:
    Virtualizor is shi*, and so is the security on it.

    Why didn't you switch to SolusVM GalaxyHostPlus?

    Their recent email:

    Due critical issues/bugs reported with Virtualizor we have decided to migrate to SolusVM panel to provide stable service.
    We apologize to current clients who experience bad issues with Virtualizor.
    We hope to to port all our clients due 09/01/2016 we will work on VPS migration which will affect support ticket time as all technical will be busy on migration of 10000+ VMs.

    They were actually already migrating to SolusVM.. just one of the nodes is still in progress.

    Thanked by 1FlamesRunner
  • WHTWHT Member

    Lol now virtualizors fault. How he can be sure on this?

    Thanked by 1VyprNetworks
  • Hello.

    We have confirmed only Virtualizor is affected by this.

    Vir Check All Account Listed on this email

    Solus Check New Accounts not listed on this email

    Whmcs Other Services Accounts not listed on this email

    Virtualizor logs /var/virtualizor/log all empty waiting for Vir on Skype

    /var/log/mysql don't exist

    SSH Connection History Seems clean only whitelisted to our IPs no bad attempts detected or log ins from other IPs.

    Date of DB affect 13th January 2016 Detected by finding similar email reported from other client from mountrix same data was sent today seems it's the same person who owned mountrix.

    Apologize for any damage this may done to our client's. As we have been informed only email are affected seems there is some query to get such details.

    We have removed all migrated account from Virtualizor last pending for migration will be done manually based on MySQL data.

    We recommend change password just in cause.

    Kind Regards
    Janusz C
    Galaxy Digital Networks

  • Received an email from Galaxyhostplus, more or less verbatim of ^

  • And the dark cloud hosting site is down. Giving a 404. Galaxyhostingplus said that they have taken action against them.

  • edited March 2016

    @Skyrider said:
    And the dark cloud hosting site is down. Giving a 404. Galaxyhostingplus said that they have taken action against them.

    We have asked CloudFlare to take it down however seems like one of our client help us with their hosting provider.

    So unlucky this happened before we finished migration to SolusVM.

    Anyone else have similar issue with Virtualizor or we are just unlucky one?

    Update
    Found person who got our email data. I will take actions against him now.

  • edited March 2016

    Dear Client's.

    We have investigated about Data Breach.

    We have good news only Emails address are affected from Virtualizor.

    We can confirm all VPS Servers and data is 100% safe all client's details included private details are safe and are not affected at all.

    Virtualizor Only store email addresses in this case it looks like sql injection were made which shown full list of Emails addresses.

    But don't worry we are porting to SolusVM to new platform which is protected from such attacks. We have removed current imported clients from Virtualizor database.

    VPS Panel is hosted on a separated dedicated server so there is no need to worry about your personal details included billing panel.

    We are sorry that you have go throw all this we hope to continue business as normal. This should not affect any service.

    Also, we want to thank to our client's who reported these emails to us. that help us to take fast actions and protect from bigger damage.

    We have found the person who have taken our data and we have taken legal actions against him.

    There always 1% with every provider this may happen included government websites we are doing our best to secure all client's data to the highest level.

    This included our own backup server hosted at CEO Home to make sure all data is safe and only stored at safe place.

    Apologize for little drama today Everything is safe and hope to you see you again at GalaxyHostPlus.

    Kind Regards
    Janusz Czeropski
    Galaxy Digital Networks

    Thanked by 1FalconsCloud
  • @GalaxyHostPlus said:
    Dear Client's.

    We have investigated about Data Breach.

    We have good news only Emails address are affected from Virtualizor.

    We can confirm all VPS Servers and data is 100% safe all client's details included private details are safe and are not affected at all.

    Virtualizor Only store email addresses in this case it looks like sql injection were made which shown full list of Emails addresses.

    But don't worry we are porting to SolusVM to new platform which is protected from such attacks. We have removed current imported clients from Virtualizor database.

    VPS Panel is hosted on a separated dedicated server so there is no need to worry about your personal details included billing panel.

    We are sorry that you have go throw all this we hope to continue business as normal. This should not affect any service.

    Also, we want to thank to our client's who reported these emails to us. that help us to take fast actions and protect from bigger damage.

    We have found the person who have taken our data and we have taken legal actions against him.

    There always 1% with every provider this may happen included government websites we are doing our best to secure all client's data to the highest level.

    This included our own backup server hosted at CEO Home to make sure all data is safe and only stored at safe place.

    Apologize for little drama today Everything is safe and hope to you see you again at GalaxyHostPlus.

    Kind Regards
    Janusz Czeropski
    Galaxy Digital Networks

    Wait a minute now you was on 2.3.0? virtualizor has long past that version
    my virtualizor panel says it is at: 2.8.3
    the sql injection vulnerability was fixed in 2.3.1
    https://blog.rack911.com/security-advisories/virtualizor-privilege-escalation/
    I am not sure what happened but that should be impossible now if you have updated virtualizor to its latest version.

  • @GalaxyHostPlus said:
    We have found the person who have taken our data and we have taken legal actions against him.

    Name and shame so nobody ever buys from them?

  • @timnboys said:
    I am not sure what happened but that should be impossible now if you have updated virtualizor to its latest version.

    Hello.

    We were running latest version 2.8.3 which is now shutdown to pretend from more attacks like this. I have actually found the person who did included his full details.

  • @hostnoob said:
    Name and shame so nobody ever buys from them?

    I would love to name him (He actually hosted his domain with us before) however this also against the law to put shuch information online specially thiefs are protected by law these years...

  • iKeyZiKeyZ Veteran

    So I presume @virtualizor knows about this vulnerability now? This all seems a bits strange

  • @iKeyZ said:
    So I presume virtualizor knows about this vulnerability now? This all seems a bits strange

    I have message them on Skype but no respond from them.

  • GCatGCat Member

    @GalaxyHostPlus said:
    I would love to name him (He actually hosted his domain with us before) however this also against the law to put shuch information online specially thiefs are protected by law these years...

    Name and shame

  • @GCat said:
    Name and shame

    My drama antenna is tingling

    Thanked by 2GCat cassa
  • shovenoseshovenose Member, Host Rep

    Fuck, so Virtualizor is insecure? Crap, literally just set up multiple servers with it. Time to switch to SolusVM again :'(

  • We are awaiting information from @GalaxyHostPlus as of now.

    Thanked by 1GalaxyHostPlus
  • I am so suspicious of this... why would an attacker just steal email addresses and not go after the individual VPS's? Makes no sense.

    We've looked into a handful of claims about Virtualizor being compromised and it always comes down to baseless facts or an admin/support staff being compromised...

    I'm not going to say any software is 100% secure... but I feel very confident in saying Virtualizor is 99% secure and unless GalaxyHostPlus has any actual proof to offer then to me at least, it sounds like he's covering his own ass.

    Just my two cents, Canadian, which is basically worth nothing in US dollars. :(

  • Dear members,
    E-Mails were sent directly to Janusz address to discover together this breach.
    However we've announced that we're aware of the staff member caused in this security breach and therefor been terminated and permanently restricted from reaching our official contact members and servers.
    We will contact Virtualizor as soon as we can catch them to figure out their issues!
    We regret again on such action and we're deeply sorry for the inconvenience caused!

Sign In or Register to comment.