IPXCORE security issue notification - passwords changed

wlanboy

My actions:

• changed all passwords of all whmcs and solus accounts (not a good idea to keep the emailed passwords)
• enable login email notification on all solus accounts
• breathe deeply

@Damian thank you for your fast and clear communication. Getting things sorted by receiving a email is easier than guessing what might had happen and what I might have to do.

@next_provider
You now know what you have to do if such things happen.

soluslabs

@wlanboy said: enable login email notification on all solus accounts

We get so much stick about these. Nobody seems to like them but in cases like this they can be useful.

support123

@soluslabs said: We get so much stick about these. Nobody seems to like them but in cases like this they can be useful.

is not it enabled by default?

Damian

@bdtech said: Were the new system assigned (default) passwords not randomized with some complexity? Brute force on predictable pw's?

They were randomized, but I don't know about complexity, as that's either a WHMCS or Solus function; I don't know where the Solus login password gets generated.

@u4ia said: Now, am I understanding this correctly that passwords that were changed from the initially generated one were not compromised?

It would appear so, but changing your password is requested anyway.

@ftpit said: is not it enabled by default?

It is, but I think that people can turn them off if they want to.

soluslabs

@ftpit said: is not it enabled by default?

It is and it's important to leave it on. At least you will know if someone logs in to your account. Even if the intruder turns it off you will still get the initial login alert.

wlanboy

And you are able to change the email address for this notification. I have switched all solus accounts to a new email address. There might be a lot emails but you can sort them by sender and then can delete them after checking the number of logins per day/ip address.
It is all about email filters :-)

bdtech

For existing accounts, The best route is to whitelist at login. Fire off a new IP confirmation email to the account email then allow the user to now login plus the option to whitelist the ip for a year. This is the perfect combo of security and convenience.

eastonch

@bdtech apart from those unlucky folks who own a dynamic IP in the UK?

Or perhaps you could use a VPS as a OpenVPN connection and just tunnel, but then you have the problem of 'what if that VM goes down?' -- Having a third measure to reset the IP would have to be implemented, lots of work, and heck, it's a VM panel, honestly, I'd just change the password t o something pathetically hard to guess like SL*£YOI"£!*(YSDJFBUBXCN$!"$ set it as that, then just reset whenever I need to login to the panel.

Bogdacutuu

@eastonch said: SL*£YOI"£!*(YSDJFBUBXCN$!"$

how did you guess my password?

bdtech

@eastonch it's better than getting an email for every single login. And also most dynamic ip's at home are held for weeks or months. I believe linode also uses the whitelist once method for login.

24khost

@Bogdacutuu russian swear words everytime.

eastonch

@bdtech not really... lots of them release after 72 hours. Why do you need to login to your solusVM panel every day? Once it's setup, there's no need, the client area generally has all BW statistics on it anyway, and you get API key get the rest.

@24khost Russian to Polish to Base64 to Binary, works. every. time. throw a bit of welsh in there, super fun encryption

24khost

@eastonch I'll buy that for a dollar!

eastonch

@24khost incoming PHP with google API translation...

mpkossen

@soluslabs said: It is and it's important to leave it on. At least you will know if someone logs in to your account. Even if the intruder turns it off you will still get the initial login alert.

Exactly. As annoying I found it at first, it's actually a really powerful feature.