Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VSys.host database breached?

sandozsandoz Veteran
edited September 2022 in General

Hi,

Today I received this email from vsys.host which is hosting many tv and movies websites in their network, is database compromised?

The email I received today from VSYS.Host:

I know some people who are running their websites in their machines. Well..

Thanked by 1JasonM

Comments

  • JasonMJasonM Member

    i'm getting following chrome error when visiting vsys.host

    This site can’t be reached

  • sandozsandoz Veteran

    @JasonM said:
    i'm getting following chrome error when visiting vsys.host

    This site can’t be reached

    Working here. I tested right now. Maybe DNS issues?

  • gzzgzz Member

    Also got this email.

  • HostSlickHostSlick 🚩 Host Rep Tag Suspended
    edited September 2022

    Not much Info.

    Is there any current WHMCS vuln?

  • inlandinland Member

    Thanked by 1BingoBongo
  • sandozsandoz Veteran

    @HostSlick said:
    Not much Info.

    Is there any current WHMCS vuln?

    I see many WHMCS being hacked in past months... and cPanel.

    @inland said:

    Anyone have any other screenshot of the "hacking" logos?

  • ralfralf Member
    edited September 2022

    Putting aside everything else, the message implies that all the authentication is done in the forward proxy and no authentication is done by the back-end. That seems a somewhat strange design choice.

    Either that or they'd hacked it and were logging authentication tokens long enough to get an one with high-level access that they could use going forward.

  • Chex2Chex2 Member

    @ralf said:
    Putting aside everything else, the message implies that all the authentication is done in the forward proxy and no authentication is done by the back-end. That seems a somewhat strange design choice.

    Either that or they'd hacked it and were logging authentication tokens long enough to get an one with high-level access that they could use going forward.

    It seems they got access to the VM running the reverse proxy (I don't know why he called it a forward proxy, it's a reverse proxy) and pilfered his admin session as I guess he's doing layer 7 proxying and therefore it was possible to see decrypted traffic.

    In the future he should look at only doing layer 4 proxying so that way it's just TLS traffic coming in and out. It's also a little disconcerting that his box got hacked because the provider was hacked so he should look into disk encryption and things like 2FA for SSH etc.

  • vsys_hostvsys_host Member, Patron Provider

    @sandoz said:
    Hi,

    Today I received this email from vsys.host which is hosting many tv and movies websites in their network, is database compromised?

    The email I received today from VSYS.Host:

    I know some people who are running their websites in their machines. Well..

    Hello, @sandoz

    None of our customers personally informed us about the database was compromisation.

    And it is not the fact that hackers have found a gap before us :) The message was a precautionary measure - we couldn't avoid informing our customers about it.

Sign In or Register to comment.