Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VSys.host database breached?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VSys.host database breached?

sandozsandoz Veteran
edited September 2022 in General

Hi,

Today I received this email from vsys.host which is hosting many tv and movies websites in their network, is database compromised?

The email I received today from VSYS.Host:

I know some people who are running their websites in their machines. Well..

Thanked by 1JasonM

Comments

  • i'm getting following chrome error when visiting vsys.host

    This site can’t be reached

  • @JasonM said:
    i'm getting following chrome error when visiting vsys.host

    This site can’t be reached

    Working here. I tested right now. Maybe DNS issues?

  • Also got this email.

  • HostSlickHostSlick Member, Patron Provider
    edited September 2022

    Not much Info.

    Is there any current WHMCS vuln?

  • Thanked by 1BingoBongo
  • @HostSlick said:
    Not much Info.

    Is there any current WHMCS vuln?

    I see many WHMCS being hacked in past months... and cPanel.

    @inland said:

    Anyone have any other screenshot of the "hacking" logos?

  • ralfralf Member
    edited September 2022

    Putting aside everything else, the message implies that all the authentication is done in the forward proxy and no authentication is done by the back-end. That seems a somewhat strange design choice.

    Either that or they'd hacked it and were logging authentication tokens long enough to get an one with high-level access that they could use going forward.

  • @ralf said:
    Putting aside everything else, the message implies that all the authentication is done in the forward proxy and no authentication is done by the back-end. That seems a somewhat strange design choice.

    Either that or they'd hacked it and were logging authentication tokens long enough to get an one with high-level access that they could use going forward.

    It seems they got access to the VM running the reverse proxy (I don't know why he called it a forward proxy, it's a reverse proxy) and pilfered his admin session as I guess he's doing layer 7 proxying and therefore it was possible to see decrypted traffic.

    In the future he should look at only doing layer 4 proxying so that way it's just TLS traffic coming in and out. It's also a little disconcerting that his box got hacked because the provider was hacked so he should look into disk encryption and things like 2FA for SSH etc.

  • vsys_hostvsys_host Member, Patron Provider

    @sandoz said:
    Hi,

    Today I received this email from vsys.host which is hosting many tv and movies websites in their network, is database compromised?

    The email I received today from VSYS.Host:

    I know some people who are running their websites in their machines. Well..

    Hello, @sandoz

    None of our customers personally informed us about the database was compromisation.

    And it is not the fact that hackers have found a gap before us :) The message was a precautionary measure - we couldn't avoid informing our customers about it.

Sign In or Register to comment.