New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GVH Password Reset?
This discussion has been closed.
Comments
From everything that I've read in this thread so far, I believe that it is only people with ACTIVE SERVICES that are receiving the password resets.
I have services with almost every provider posted on LET, but not HostUS/ChicagoVPS. I do have UGVPS though. UGVPS is technically ChicagoVPS I guess.
Hmm, I just saw this post at another forum by a member who said he received an email despite not even being a customer (past or present) of theirs:
https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/#entry60638
Was that their official announcement?
They haven't made an official announcement yet, though Jon did mention they will be making an official statement soon (this was about 6 hours ago). The cronjob explanation originated from one of their employees:
http://lowendtalk.com/discussion/comment/550307/#Comment_550307
http://lowendtalk.com/discussion/comment/550324/#Comment_550324
I think it's safe to assume that since the admin panel is "now" disabled on whmcs you can put 1+2 together and safely "assume" someone had admin access and was causing the problem.
What is the extent of the breach, hopefully just passwords reset, but your guess is as good as mine.
Just as good as official, the person who made the statements is the vp of operations. Ole jon said it wasn't a security breach either but we know thats just a bunch of horse poop.
Yuhuh.
Here is cron from whmcs 5.2.10 decoded but still the code is similar to latest one ones like 5.3.*: Link to decoded cron.php <---- Not mine found link on another forum.
After analyzing the cron.php code I would like to say that there is nothing that could make a password reset at all.
lol
so many password resets this issue has freaked me out a lil....
You could try to ask them for info on the real issue.
or...
Source - Amazon IP's Probe Green Value Host
Wow..looks like GVH is not operated by professional, just curious, are they one man show host?
Added to my "stay away" list now.
Or you could link to the real source, where a detailed thread exists highlighting how severe this issue is: https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/
There is a source link there, just saying.
So based on GVHTalk, an Amazon based IP had attacked them.
I'm no rocket scientist or a genius, but I'll take a guess. Someone who has a larger obsession against GVH than the rest of LET combined went to AWS and used one of their servers to launch this attack on GVH.
http://gvhtalk.com/discussion/comment/6#Comment_6
Shows its linked to https://www.runscope.com/ which I assume was someone using their services that are hosted within amazon.
Long story short, someone has too much time/grudges on their hands.
now I'm being spammed with password reset emails and now gmail marks it spam lol
Still?
nah it stopped a few hours ago
hmm so where is the offical statment from the CEO and DIRECTOR of OPERATIONS ?
Funniest part out of this entire thing is that I went and read all 4 pages of this thread and not once did @GreenValueHost comment. Only another representative that promotes a different company in his signature did.
Oh the irony...
GreenValueHost
Username GreenValueHost Joined November 2012 Visits 1,550 Last Active 1:57AM Roles Member Points 3 Thanked 110
He's active.
Jon posted a statement on vpsBoard earlier today. He simply said,
"No it was not a security breach. Client data is completely safe and has not been leaked. We will have a final statement sent out regarding this issue soon. "
Of course, all the information that followed his response seems to prove otherwise.
He says it's not a security breach, but on gvhtalk.com (GVH Forums) it was posted that the cause of the repeated resets was coming from an Amazon IP. Someone is obviously using AWS (either through Amazon or a reseller) and attacking them through it. Unless they mean to tell us that they were fully aware and in control of the Amazon IP that caused this.
Check the source of GVHTalk's information... He's just x-posting from "that other forum" =]
Granted, I guess technically it could mean that no personal information was leaked but I'm unsure if I would trust any statement from them just yet. Time will tell I suppose.
We have identified the root cause and will be releasing a public explanation statement shortly.
https://vpsboard.com/topic/4150-greenvaluehost-forced-password-reset-security-breach/page-6#entry60798
So now that we've confirmed it was Amazon IPs that originated from the password change, we must ask ourselves. "Was GVH aware of this Amazon based server and in charge of this mass password change?" or "Did GVH get hacked?".
Yeah the root cause of this mess is your.....