Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Blesta Hacked - Ransom Gang Threatens to Release Customer Details Tomorrow

raindog308raindog308 Administrator, Veteran

https://lowendbox.com/blog/blesta-hacked-ransom-gang-threatens-to-leak-customer-details-tomorrow/

Possible it's just Blesta's email servers and not their entire environment.

«1

Comments

  • rpqurpqu Member

    First

  • zedzed Member

    was it the canadians again

  • MrRadicMrRadic Host Rep, Veteran

    Blesta released a statement, I highly recommend including that in your panic blog / post.

    Thanked by 2tentor sandoz
  • sandozsandoz Veteran

    This is going to become commonplace. If cPanel had serious vulnerabilities, just imagine DirectAdmin and Blesta, it’s only a matter of time before they’re exploited. I wouldn’t be at all surprised if many of them had critical vulnerabilities that were never patched. With artificial intelligence on the rise and AI-driven attacks becoming more common, it’s only a matter of time, it won’t be long before chaos sets in.

    Even if nothing has been “compromised” yet, things are moving in that direction.

    @MrRadic said:
    Blesta released a statement, I highly recommend including that in your panic blog / post.

    Where? I’ve already had a look on their website and can’t see anything on the blog...

    Thanked by 1Mainfrezzer
  • MrRadicMrRadic Host Rep, Veteran

    Dear Customer,

    We are writing to inform you of a security incident affecting portions of our internal infrastructure.

    On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request. We have since determined that an unauthorized party gained access using those credentials before the account password was changed that evening. The incident is currently under active investigation.

    The unauthorized individual used that access to send an email through our customer portal to a limited number of customers claiming that our systems had been compromised and threatening to publish customer data unless a ransom was paid. That email was unauthorized and was not an official communication from Blesta.

    Upon discovering the unauthorized activity, we immediately disabled the affected account, secured impacted systems, revoked unauthorized access, preserved forensic evidence, and began a comprehensive forensic investigation into the scope of the incident.

    Our investigation remains ongoing. We are reviewing system logs, server images, and other forensic evidence to determine what systems and information may have been accessed. Many people are asking if their Blesta installations are safe. At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.

    We understand that this incident is concerning, and we sincerely apologize for the uncertainty it has caused. We are committed to keeping our customers informed throughout the investigation and will provide additional updates as verified information becomes available. If we determine that any customer-specific action is necessary, we will contact affected customers directly.

    If you have any questions, please contact our support team.

    Thank you,

    The Blesta Team

    Thanked by 1mustafamw3
  • davidedavide Member

    GLWS

  • daviddavid Member

    Which providers use Blesta?

  • sandozsandoz Veteran

    @david said:
    Which providers use Blesta?

    IF I'm not wrong:

    @MivoCloud
    @ManishPant aka @kuroit
    Knownhost.com - @ChrisMiller ?

    Thanked by 2ManishPant david
  • ManishPantManishPant Member, Host Rep

    @sandoz said:

    @david said:
    Which providers use Blesta?

    IF I'm not wrong:

    @MivoCloud
    @ManishPant aka @kuroit
    Knownhost.com - @ChrisMiller ?

    Naah buddy we use WHMCS :#

    Hostbrr, HostCram @Shakib , @systemfreaks they use Blesta

    Thanked by 1Shakib
  • zedzed Member

    @MrRadic said: The Blesta Team

    THATS EXACTLY WHAT THEYD SAY INNIT

    Thanked by 1Mainfrezzer
  • Blesta Fiesta. Who uses those shit panels today just deserve to be pwned.

    Thanked by 1Andreix
  • edited June 27

    @sandoz said:
    it won’t be long before chaos sets in.

    Define chaos. A bunch of stuff will get rooted causing a bunch of sad faces. For a while the rate increases and after that it falls off again. Exploitable bugs are a finite resource. Being able to locate more doesn't change that. Even factoring in that new ones would be added regularly (which might or might not be the case depending on the specific project) there isn't enough supply to keep any kind of scary pace.

  • ShakibShakib Member, Patron Provider

    I don't have any meaningful data with blesta.com to begin with.

    My license was brought from a reseller and later moved to blesta.com directly. They just have my public contact information and the IPv4 address where our Client Portal is hosted.

    I change cards every month.

  • systemfreakssystemfreaks Member, Patron Provider

    @ManishPant said:

    @sandoz said:

    @david said:
    Which providers use Blesta?

    IF I'm not wrong:

    @MivoCloud
    @ManishPant aka @kuroit
    Knownhost.com - @ChrisMiller ?

    Naah buddy we use WHMCS :#

    Hostbrr, HostCram @Shakib , @systemfreaks they use Blesta

    We actually use both Blesta and WHMCS , and our own control panel, strange no email from blesta was received

  • @sandoz said:

    @david said:
    Which providers use Blesta?

    IF I'm not wrong:

    >

    Knownhost.com - @ChrisMiller ?

    I haven't worked for KH in just over 7 years. I've been at WebPros for the last few.

    But I passed this on.

  • forestforest Member

    I'm sure the people who signed up using their real details are not very happy right now.

    Thanked by 1JasonM
  • Tony40Tony40 Member

    FOSSBilling is free and open-source!

    Empower your hosting business with FOSSBilling, the free and open-source solution for efficient billing and client management.

    https://github.com/FOSSBilling/FOSSBilling

  • I didn't received any email from Blesta as well so seems like it was very small ammount of accounts

  • just don't do AI vibe coding and you will be ok

  • Looks like a bad actor at webpro's took advantage of being in Blesta's internal system.

    Thanked by 1Ticaga
  • JasonMJasonM Member

    @MrRadic said: At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.

    hmmm. safe.

  • forestforest Member

    @JasonM said:

    @MrRadic said: At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.

    hmmm. safe.

    Absence of evidence is not evidence of absence.

  • @forest said:

    @JasonM said:

    @MrRadic said: At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.

    hmmm. safe.

    Absence of evidence is not evidence of absence.

    I think it is very fair to say we run most stuff on the basis of absence of evidence.

    Notable exceptions are of course some core math (crypto) stuff where there is proper formal proof but that still requires implementation details needing scrutiny.

  • forestforest Member
    edited June 28

    @nullnothere said: I think it is very fair to say we run most stuff on the basis of absence of evidence.

    Sure, but in this circumstance, we're talking about an agent which benefits from downplaying the severity of what happened, so whatever they say should probably be taken in the most pessimistic light possible. After all, if they have no clue what happened and are still investigating, the statement that they have no evidence that their software was compromised is true.

    Unless they found the actual attack vector (and they probably would have stated that if they had) or have done an extremely comprehensive audit of their code (which is highly unlikely), then their statement is of little value.

  • vpsGODvpsGOD Member, Host Rep

    I lost lifetime license over a year, despite showing them proof of payment and initial email blesta staff claim it's others license and refused to communicate. Hope some insider active too long

    Let's see does my email and details in list. Waiting 🫢

  • HostlovinHostlovin Member, Host Rep

    As someone who has a blesta account i did not get the spam mail, just their response mail. But I haven't bought/paid for anything from them since 4 years + ago

  • TicagaTicaga Member, Host Rep
    edited June 28

    The thing is it's not Blesta itself.

    What happened is Paul needed help with an issue with SolusVM, they wanted access, Paul made a SolusVM account for them to access and that account was used to blackmail Blesta. The question is was it a SolusVM (WebPro) employee or an exploit with SolusVM.

    It's all confusing as until we find out how.

  • TicagaTicaga Member, Host Rep

    @luckypenguin said:
    Blesta Fiesta. Who uses those shit panels today just deserve to be pwned.

    Can I just say WHMCS back in 2013 had a massive zero day exploit because they re-wrote the global PHP function, would you say anything about people using WHMCS? their code is still encoded so you can't see if they've improved their code since then. WHMCS, SolusVM, cPanel are all owned by WebPros.

  • TicagaTicaga Member, Host Rep

    @Hostlovin said:
    As someone who has a blesta account i did not get the spam mail, just their response mail. But I haven't bought/paid for anything from them since 4 years + ago

    Paul on discord said this:
    "The one I sent went to more people, the unauthorized one went to about 600"

    "They tried to send to all but it failed part way through"

    I'm assuming they hit the MailGun limits.

  • @Ticaga said: Can I just say WHMCS back in 2013 had a massive zero day exploit because they re-wrote the global PHP function, would you say anything about people using WHMCS? their code is still encoded so you can't see if they've improved their code since then.

    Every software can, and will, have vulnerabilities - no argument about this simple axiom.
    But when it becomes a yearly pattern - this is where the problem starts. Sure, you can try
    and patch it on time, but the question about the quality is still there.

Sign In or Register to comment.