Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Blesta Hacked - Ransom Gang Threatens to Release Customer Details Tomorrow

2»

Comments

  • forestforest Member

    @Ticaga said: would you say anything about people using WHMCS?

    Yes.

  • TicagaTicaga Member, Host Rep
    edited June 28

    @luckypenguin said:

    @Ticaga said: Can I just say WHMCS back in 2013 had a massive zero day exploit because they re-wrote the global PHP function, would you say anything about people using WHMCS? their code is still encoded so you can't see if they've improved their code since then.

    Every software can, and will, have vulnerabilities - no argument about this simple axiom.
    But when it becomes a yearly pattern - this is where the problem starts. Sure, you can try
    and patch it on time, but the question about the quality is still there.

    Agreed, but they're different circumstances this is like the WHMCS Social Engineering attack, when hackers pretended to be Matt to Hostgator, but different. This is the scary part. SolusVM wanted an account to access to fix an issue with SolusVM's software. Most suppliers do this (I've learnt from this and build my software around this issue).

    That temp account was used to access SolusVM and Blesta's VMs. So was it an inside hack from SolusVM Employee or was it an exploit? Was Pauls password and username easy to guess?

    https://www.bitdefender.com/en-us/blog/hotforsecurity/commercial-billing-company-whmcs-attacked-by-hackers

    God! 2012! I feel old my daughter was born then 14 years ago!

  • @Ticaga said: SolusVM wanted an account to access to fix an issue with SolusVM's software.

    SolusVM, Blesta, Fiesta, Virtualizor, Dickbulizor, all the shit that needs access to your
    internal infra - is a big no-no, and piece of shit you will avoid if you are a good admin.

  • @systemfreaks said: strange no email from blesta was received

    @Cam important news, don't miss

    Thanked by 1Cam
  • zmeuzmeu Member

    Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

  • rpqurpqu Member

    @zmeu said:
    Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    Is complete solution (ransom)

    Thanked by 1zmeu
  • MikeAMikeA Member, Patron Provider

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    Thanked by 1totally_not_banned
  • systemfreakssystemfreaks Member, Patron Provider

    @MikeA said:

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    if it was someone from webpros there would be a law suit and a big one , so i rule that out, giving access on their system and not on a staging - dev environment is what puzzles me

  • MikeAMikeA Member, Patron Provider

    @systemfreaks said:

    @MikeA said:

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    if it was someone from webpros there would be a law suit and a big one , so i rule that out, giving access on their system and not on a staging - dev environment is what puzzles me

    "On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request."

    I believe it since this has been standard in the past with other WebPros companies. Just look at WHMCS for example, they ask for access every time pretty much. Sometimes they refuse help without access.

  • zmeuzmeu Member

    There's no way for a lawsuit against em since there's no trace leaved behind to whom did that puppet show.

    How it was in a case of a data breach while they do still works on v6 ?

    Oh, wow! -- Our Cloud software are more safer than others!

    Clowns.

  • systemfreakssystemfreaks Member, Patron Provider
    edited June 28

    @MikeA said:

    @systemfreaks said:

    @MikeA said:

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    if it was someone from webpros there would be a law suit and a big one , so i rule that out, giving access on their system and not on a staging - dev environment is what puzzles me

    "On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request."

    I believe it since this has been standard in the past with other WebPros companies. Just look at WHMCS for example, they ask for access every time pretty much. Sometimes they refuse help without access.

    Why not provide access to a development environment instead of giving access to production?

    Thanked by 1tentor
  • MikeAMikeA Member, Patron Provider

    @systemfreaks said:

    @MikeA said:

    @systemfreaks said:

    @MikeA said:

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    if it was someone from webpros there would be a law suit and a big one , so i rule that out, giving access on their system and not on a staging - dev environment is what puzzles me

    "On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request."

    I believe it since this has been standard in the past with other WebPros companies. Just look at WHMCS for example, they ask for access every time pretty much. Sometimes they refuse help without access.

    Why not provide access to a development environment instead of giving access to production?

    Probably just wanting WebPros to reply to the client directly in a support ticket on the Blesta system to avoid going through three people. It's unnecessary, yea.

    Thanked by 1zmeu
  • TicagaTicaga Member, Host Rep

    That's WHMCS's support agreement, SolusVM doesn't have that agreement nor is it in their terms and conditions: https://www.solusvm.com/terms-of-service/

    Thanked by 1zmeu
  • systemfreakssystemfreaks Member, Patron Provider
    edited June 28

    @MikeA said:

    @systemfreaks said:

    @MikeA said:

    @systemfreaks said:

    @MikeA said:

    @zmeu said: Replace the title from ransom gang to WHMCS, if it wasnt made by an intern then your data is no longer safe with WebPros.

    This.

    Honestly sucks for Blesta but goes to show, never trust the security (or lack of) of other people/companies. If it's all accurate it's crazy that someone with WebPros was given enough access to their system to do this, just to solve a support issue with a client.

    if it was someone from webpros there would be a law suit and a big one , so i rule that out, giving access on their system and not on a staging - dev environment is what puzzles me

    "On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request."

    I believe it since this has been standard in the past with other WebPros companies. Just look at WHMCS for example, they ask for access every time pretty much. Sometimes they refuse help without access.

    Why not provide access to a development environment instead of giving access to production?

    Probably just wanting WebPros to reply to the client directly in a support ticket on the Blesta system to avoid going through three people. It's unnecessary, yea.

    still can’t comprehend why someone would decide to give a third party access to a production system without specific agreements and an NDA, or AT minimum restrict the account to only the sections it needs to access

    This is more serious than a discovered vulnerability.

    Thanked by 3MikeA mustafamw3 tentor
  • UmairUmair Member

    I thought Blesta is probably 2nd or 3rd most used Billing panel after WHMCS in the Hosting industry and is fairly popular. But this thread is giving me a very different vibe.

  • defaultdefault Veteran

  • systemfreakssystemfreaks Member, Patron Provider
    edited June 28

    @Umair said:
    I thought Blesta is probably 2nd or 3rd most used Billing panel after WHMCS in the Hosting industry and is fairly popular. But this thread is giving me a very different vibe.

    I am not sure about the popularity of it, the industry is quite small and biggest share goes to whmcs, lately a lot of other free and paid alternatives have raise, and may decide to vibe code their own solution , which logically results to even smaller market .

  • I summon Mythos to hack it back

  • zmeuzmeu Member

    <3 Blesta

    Thanked by 1Ticaga
  • MivoCloudMivoCloud Member, Host Rep

    @sandoz said:

    @david said:
    Which providers use Blesta?

    IF I'm not wrong:

    @MivoCloud
    @ManishPant aka @kuroit
    Knownhost.com - @ChrisMiller ?

    Hi! In the good news, we don't use Blesta. I'm sorry for those who will suffer from this

  • zmeuzmeu Member
    edited June 30

    @MivoCloud said: Hi! In the good news, we don't use Blesta. I'm sorry for those who will suffer from this

    But you use WHMCS (SolusVM) where that leak comes from.

    Thanked by 1webcraft
  • MivoCloudMivoCloud Member, Host Rep

    @zmeu said:

    @MivoCloud said: Hi! In the good news, we don't use Blesta. I'm sorry for those who will suffer from this

    But you use WHMCS (SolusVM) where that leak comes from.

    Valid point, but there’s a huge difference between using a software and how you manage its access. We don't hand out production root/admin credentials to third-party support on a whim. Everything goes through isolated staging environments, and any temporary access is strictly firewalled and monitored. Lesson learned from others' mistakes long ago.

    Thanked by 1zmeu
Sign In or Register to comment.