New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Well, quiz makers are essential to a VM hoster. Oh wait...
I seriously hope that quiz stuff is a joke.
Right?
Unless he's trolling..
Source thread: https://www.lowendtalk.com/discussion/171427/how-to-stop-all-negative-reviews/p3
He is trolling but I couldn't have made that stuff up...
Many hosts are required to have valid details for their customers.
By providing fake details do be aware you render youself liable to suspension (and this has nothing to do with the host being a dick, we all have to follow the law).
That is correct and you can do that before paying your invoice. I'm pretty sure if the registration data and the invoice data are legit then you're good, considering that in case of a hack they would have the current data that is registered in the msyql table. Then again I would only consider this with less known hosts and not with the big ones such as hetzner, netcup, etc.
All for a $7.60 per year 1GB you get your data leaked. At least I used a generated password.
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
I know some of the biggest companies had data breaches but neither Hetzner or OVH are in that list. My point is, there is a smaller chance for these two companies to experience a data breach than a one year old hosting company or one that uses wordpress and such where I'm paying $20 a year or less for a VPS.
Hetzner and OVH are not big enough to be on that list.
My point is that the chances are similar per person.
1. The bigger the company, the more people after its data and more sophisticated the attacks;
2. When a big company is breached, such as Yahoo, 3 bn accounts and about 1 bn people are affected, presumably, when a summer host is breached, 100 to 1000 people might be affected, there must be 3 million of such companies to affect the same number of accounts and people.
@Hosterlabs, there are some errors that keep popping up when trying to edit account details.
`Oops!
Something went wrong and we couldn't process your request.
Please go back to the previous page and try again.
TypeError: Argument 1 passed to WHMCS\Module\Server\SolusIoVps\SolusAPI\Resources\UserResource::getUserByEmail() must be of the type string, null given, called in /home/hosterlabs.net/public_html/panel/modules/servers/solusiovps/hooks.php on line 83 and defined in /home/hosterlabs.net/public_html/panel/modules/servers/solusiovps/lib/SolusAPI/Resources/UserResource.php:44
Stack trace:
0 /home/hosterlabs.net/public_html/panel/modules/servers/solusiovps/hooks.php(83): WHMCS\Module\Server\SolusIoVps\SolusAPI\Resources\UserResource->getUserByEmail()
1 /home/hosterlabs.net/public_html/panel/vendor/whmcs/whmcs-foundation/lib/Hook/Manager.php(0): WHMCS\Utility\SafeInclude::{closure}()
2 /home/hosterlabs.net/public_html/panel/vendor/whmcs/whmcs-foundation/lib/Hook/Manager.php(0): WHMCS\Hook\Manager->run()
3 /home/hosterlabs.net/public_html/panel/vendor/illuminate/support/Facades/Facade.php(261): WHMCS\Hook\Manager->validate()
4 /home/hosterlabs.net/public_html/panel/includes/functions.php(0): Illuminate\Support\Facades\Facade::__callStatic()
5 /home/hosterlabs.net/public_html/panel/includes/clientfunctions.php(0): run_validate_hook()
6 /home/hosterlabs.net/public_html/panel/clientarea.php(0): checkDetailsareValid()
7 {main}`
display_errors in production, great.
could have been only for a few minutes, this I can understand albeit snapshotting the VM to test separately is my option, sometimes might be impractical, though.
Adding "fun" modules in production, though, especially on something with such a big attack surface already...
Sorry we are testing some modules.
I'd recommend you set up a test environment for that, and for testing the upgrade path doesn't break any of your customisations or modules when you update.
These errors have been present since the breach, so they've been showing for at least two weeks. I didn't really test if they pop-up on other pages but every time one is trying to edit his account details he won't be able to and he will get these errors.
I think they are getting close to deadpooled? An invoice was paid, now it mysteriously is unpaid, then server was suspended, no response to tickets. And ticket that was about the invoice previously has been edited.... sigh
Why isnt this data stored encrypted on the server?
Why does companies store customer data in plain text?
Service back to being restored, little slow on ticket responses, but for now, seems ok.. Hope it stays that way. :-)
I wish we could do that with our software. Whmcs does not allow that and we can not change that because we have no access to the code.
Yes we are making some changes / new designs and new website is still under construction which slows down our responses. We have moved to different servers , added security and we are in the process of hardening everything a lot more. It takes a lot of time and effort to harden all possible entry ways. We discovered that the hack was not from Wordpress, but from cyberpanel. As the way everything was accessed indicates a cyberpanel hack. Not vía Wordpress. Because cyberpanel databases were accessed and deleted as well for ransom. But the way to login/access to those databases is only from cyberpanel.
I have a ticket open with them for a couple of weeks now, the CA server is up and down like a roller coaster ever since and yet no response. I see he didn't visit the forums for nearly a month as well so not sure what's up with @Hosterlabs these days but it definitely doesn't look so good.