New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
he would report a bug and wait forever
I think I should follow in Nekki-chan's footsteps and leave this place for a while.
The amount of drama here is insane. Who thought there could be this much drama surrounding "servers" and "VPS". Where's humanity headed?
I'd rather watch some quality drama anime instead of this.
exploiting it and deleting client's server and then stealing the db and then emailing a lot of the victims boasting about their user data being stolen is better?
I got this email too but as I used a random password and pay by PayPal for most things (and I've got 2fa on paypal) I'm not overly concerned ... they never replied to my ticket about my storage sever being offline some months ago so I think hostsolutions is now "a dead horse"
What if this was abused by someone who is doing it for the purpose of money and really put the dump on data marketplace forums rather than sending out a mass email to everyone to alert them of the situation? Isn't that going to make things worse? I don't support what happened but I wouldn't like my data being posted in a forum like that.
your data will end up on forums anyway when the hackerman needs to flex to their skid friends (if they have any).
this dude stole stuff and now wants an ama on the same thread, i dont understand why this asshole is being treated as a nice guy
As a conflict deescalation measure (although I'm not sure if this is the intention other people have)
@hostingsolutionssux 1 Bitcoin for the whole database
@cociu may have sold the information to you directly if you have provided him 1 BTC in exchange for the information.
Just so you guys are aware, I don't feel sorry for those who find their personal info or even cc info is leaked.
You had to know something like this would eventually happen to cicou's operations. This is what eventually happens when you deal with bottom barrel hosts.
They sell your data. Hacked? Maybe. Who really knows? He may have sold it.
Guess why I don’t care? I have my own business at the address that is at HostSolutions database. Dutch law requires me to publish that address.
So why should it matter if you find my address in a leaked database or just on my website? :-))
And for these cases you have Revolut. They have disposable virtual cards.
No, I don't want to
cancel your credit cards and change your passwords (you should do it regardless of what the skid says about leaking the data) and the worst that will happen is that you'll receive some spam email, and you dont have to appease the dick
Good. @raindog308, slam the banhammer and we’re done.
Just putting some possibilities out there; I'm not affected by it personally.
@hostingsolutionssux how's the handover to HIBP coming up? @cociu needs it at this point, he won't learn a lesson otherwise. (It would also be kinda interesting to see how jsg reacts to the entire situation once it hits Troy's blog.)
The data would be worth nothing after this, can you tell me why I would want to alert all of the customers so badly if I wanted to leak it for use on some forum or to sell it?
It would make no sense for me to go out of my way to try to tell people about the breach. It would ruin the datas value because everyone is now probably changing their passwords and setting themselves up to be more secure online.
I did an AMA partly because I wanted to get peoples input of what they thought of the situation and what I should do. I'm happy to say I'm going to send the data to HIBP and then delete it forever. Never had a use for it.
Will also add it was never my intention to ever publish the data, I said I would hoping that an actual notification would be sent out to people affected, as people who did get my email would complain to hostsolutions.
Troy is on a trip
I will wait for his response and follow up with him, it will take a while though.
I already asked to be banned, stop pestering the admins you silly goose. It's christmas and you care about someone being banned on a forum where people talk about servers. I will be banned soon, as I said I am already waiting.
The hosting business is an international snakehole, wherever in the world you are. This is why I only do maintenance on request and am not in the business myself.
I don't think it is a good idea to public any hacking techniques on a public forum that are full of kids...
The vulnerability has been around for years now and I rather people know about it than don't. It's already probably been exploited everywhere it possibly could be anyways
Calm down; the entire vuln chain and exploit steps aren't given in their comments.
In this case, two systemd directives,
ProtectSystem=full
withReadWritePaths=
set to the temp directories used by WHMCS would have easily protected them."if they try to deny breach again we post database for free online. including backup of customer VPS servers."
A lot of hacks are done just for the sake of hacking, for fun and not for money and I am sure the 11k emails leads of people in the hosting industry wouldn't be useless
You wanted attention and you got it, skid
Already said I was bluffing in the email (you would know this if you knew how to read)
I created an account on here purely so I could try to explain what happened better. Also so I could figure out more as to what I should do.
Have a merry christmas
Ghah. Seems @cociu is not the only one who enjoyed some attention.
>
Yeah ill just take a thief's word when he says he wont sell stolen possessions and voila the thief is a good guy now
Hey man, up to you if you believe me or not, but trust me you'll never see another email again that's due to the breach. I can assure you of that at the very least. I'm not going to leak the data, and it can easily be proven in the future if I indeed do or not. While it probably wouldn't effect me as nobody knows who I really am, I stay truthful to my word and always will.
Again, up to you if you believe me or not, but you will see as time passes no other emails will ever be sent out and none of the data will get used.
Personally im glad that @hostingsolutionssux posted here with full explanation, now that people have their curiousity fulfilled, they suddenly start to request for ban? Trash. Shame on you. Personally im at ease now that I know how it happened and that its just some random with my data, and someone ethical enough to have patience to argue with us rather than just post it to raidforums.
Please post it to HIBP and delete it as you said and you have my full respect.
Still, it would had been better if you never had hacked that data, but at least you are not the worst kind of asshole based on ur responses on this thread.
also @Calin's email reply was priceless
@hostingsolutionssux Is the whole "involucrated" saga a sham?
I vote we don't ban his alternate account. This made for an entertaining morning - and it all could have gone a lot worse. I'm most of us all hacked something at some point.
That aside this isn't their real LET account anyway. And I'd say now it is unarguably proven the data was hacked.
I'd change passwords anyway though because who knows who else obtained the data and stayed quiet. And that doesn't mean @cociu didn't sell the data anyways too