# VPSAce hacked



## RiotSecurity (Nov 12, 2013)

So it appears VPSAce got hacked. They put up a maintenance page but there used to be a deface page up there.

Wanting to hear from the owners right now, waiting.....


----------



## zzrok (Nov 12, 2013)

You sure are good at finding trouble...


----------



## RiotSecurity (Nov 12, 2013)

VPSAce has appeared to of taken their machine offline / the site is offline.


----------



## drmike (Nov 12, 2013)

We need to give Riot a media badge and credentials and have him start interviewing these people.  Non stop fun 

Any idea of the hack nature, what was up on their site when defaced, etc.

VPSACE.... Hehe...

http://vpsboard.com/topic/2250-aim2game-b2-net-servermania-chris-niedojadlo-jerzy-niedojadlo-kevin-blanchard/?view=findpost&p=38091&hl=%2Bvpsace

http://vpsboard.com/topic/963-thread-for-buffalooed-to-investigate/?view=findpost&p=25713&hl=%2Bvpsace

I wonder if their other shell companies were smacked too...


----------



## RiotSecurity (Nov 12, 2013)

Who knows? I'd rofl if they were though.

Their site was a ransom, I think it was $500 otherwise everything gets leaked.


----------



## drmike (Nov 12, 2013)

RiotSecurity said:


> Their site was a ransom, I think it was $500 otherwise everything gets leaked.


Wonder what someone has or if it was just a website defacement.

Gosh, if someone leaked their info, everything I've said would be confirmed plus more


----------



## drmike (Nov 12, 2013)

Website now says:



> We are undergoing routine maintenance, we will be back in 1-2 hours!
> Sorry for any inconvenience!
> ~ The Management



Routine maintenance... WTF does that even mean.  Why do people say that?  It's like, I pooped my pants... Oh never mind, it's just routine waste management.


----------



## RiotSecurity (Nov 12, 2013)

@drmike view source of the file.


----------



## drmike (Nov 12, 2013)

Anyone recognize this data schema?  Is this WHMCS?

INSERT INTO `tblclients`(`id`, `firstname`, `lastname`, `companyname`, `email`, `address1`, `address2`, `city`, `state`, `postcode`, `country`, `phonenumber`, `password`, `authmodule`, `authdata`, `currency`, `defaultgateway`, `credit`, `taxexempt`, `latefeeoveride`, `overideduenotices`, `separateinvoices`, `disableautocc`, `datecreated`, `notes`, `billingcid`, `securityqid`, `securityqans`, `groupid`, `cardtype`, `cardlastfour`, `cardnum`, `startdate`, `expdate`, `issuenumber`, `bankname`, `banktype`, `bankcode`, `bankacct`, `gatewayid`, `lastlogin`, `ip`, `host`, `status`, `language`, `pwresetkey`, `pwresetexpiry`, `emailoptout`, `overrideautoclose`) VALUES ('13', 'Andrew',


----------



## drmike (Nov 12, 2013)

Oh man.... Their source... ahhahaha


```
<html>
<title>Maintenance</title>
<body>
We are undergoing routine maintenance, we will be back in 1-2 hours!<br>
Sorry for any inconvenience!<br>
~ The Management 
<!-- Just kidding we got hacked -->
</body>
</html>
```


----------



## RiotSecurity (Nov 12, 2013)

drmike said:


> Anyone recognize this data schema?  Is this WHMCS?
> 
> INSERT INTO `tblclients`(`id`, `firstname`, `lastname`, `companyname`, `email`, `address1`, `address2`, `city`, `state`, `postcode`, `country`, `phonenumber`, `password`, `authmodule`, `authdata`, `currency`, `defaultgateway`, `credit`, `taxexempt`, `latefeeoveride`, `overideduenotices`, `separateinvoices`, `disableautocc`, `datecreated`, `notes`, `billingcid`, `securityqid`, `securityqans`, `groupid`, `cardtype`, `cardlastfour`, `cardnum`, `startdate`, `expdate`, `issuenumber`, `bankname`, `banktype`, `bankcode`, `bankacct`, `gatewayid`, `lastlogin`, `ip`, `host`, `status`, `language`, `pwresetkey`, `pwresetexpiry`, `emailoptout`, `overrideautoclose`) VALUES ('13', 'Andrew',


Interesting little snippit you got there.


----------



## Cloudrck (Nov 13, 2013)

I believe so. http://docs.whmcs.com/SQL_Helper_Functions#Select_Queries


----------

