# HostNun Abbey Violated by WHMCS Insecurity



## drmike (Dec 24, 2013)

It appears tail end of October that HostNun was another, ehh victim of WHMCS insecurity.  Prayer probably isn't going to make things better in this instance.

1:HN-Matt:[email protected]:0d12d19d25f7a455a7f91166d365ca
2:HN-Laura:[email protected]:12a4e0bb36c4b9ae82a28f09b7572d
4:HN-Yekaterina:[email protected]:15d40d77ebff4eb9a9712d410b3174

NOTED:  [email protected] in the data....  Ho hum.

Edited:  last long value is actual hash..


----------



## Tux (Dec 24, 2013)

That HN-Yekaterina entry looks mighty suspicious.


----------



## SrsX (Dec 24, 2013)

Now, a prayer for our friends at HostNun.


----------



## drmike (Dec 24, 2013)

Tux said:


> That HN-Yekaterina entry looks mighty suspicious.


Oh do share with the vpsBoard community why


----------



## DomainBop (Dec 24, 2013)

drmike said:


> > That HN-Yekaterina entry looks mighty suspicious.
> 
> 
> Oh do share with the vpsBoard community why


Duh, Yekatarina Samutsevich.  This whole HostNun charade was the blasphemous work of PussyRiot. 



> another, ehh victim of WHMCS insecurity



If proper notification procedures weren't followed then the customers were the real victims.


----------



## drmike (Dec 24, 2013)

DomainBop said:


> Duh, Yekatarina Samutsevich.  This whole HostNun charade was the blasphemous work of PussyRiot.
> 
> If proper notification procedures weren't followed then the customers were the real victims.


Yekatarina is a ~ Russian name with some popularity.  Thought we knew someone in the low end world with such a handle/name...

As for customers, unsure if in this mass compromise (there were tons more companies involved) if anything further was seen/borrowed/copied.  A pastebin'ing of the info included just the admin info.


----------



## DomainBop (Dec 24, 2013)

> (there were tons more companies involved) if anything further was seen/borrowed/copied.  A pastebin'ing of the info


Found it by searching   The humorous thing is the hacker added the Alexa rankings of all the sites he hacked to his paste.  I didn't realize that Alexa rankings were the new source of epenis power in the hacker community. _("ooh, look at me, I just hit a site ranked xxx,xxx.  You jealous?")_  

Other low end sites on that paste: PremiumVM.com, ProvisionHost.com


----------



## drmike (Dec 24, 2013)

Other sites on that paste: ServerHub.com

PremiumVM.com keeps getting banged up.   Dom's old folded company...  Ho hum.

Alexa ranking  Nearly entirely flawed crap rank, unless they are mass buying/pilfering DNS lookups and other stuff to make it worthwhile.  Alexa toolbar installation base has to be dwindling.


----------



## XFS_Duke (Dec 24, 2013)

Heh, if you see any of my sites on there, let me know... I'm sure they aren't though... lol


----------



## SPINIKR-RO (Dec 24, 2013)

Why is GVH listed there?


----------



## vRozenSch00n (Dec 25, 2013)

Found it through Google. It's quite a long list of lost souls.   I hope they will find a good place in the cloud


----------



## drmike (Dec 25, 2013)

SPINIKR-RO said:


> Why is GVH listed there?


Cause clearly what happens in Buffalo, stays in Buffalo. 

Land of leaks up there with providers.

Now I will say HostNun did bail/move from HVH.  After doing such there was conversation on LET where GVH said they'd welcome HostNun back anytime.  Some other provider chimed in and said about the HostNun owner/operator and alluded to massive problems his company had with such and said  BEWARE.

I would hope that GVH isn't in current database and I doubt 'Nuns current provider is up in the admin like that.


----------



## Virtovo (Dec 25, 2013)

So many hosts hit by the the WHMCS exploitathon.  I wonder how many hosts have not disclosed their breaches or are even aware customer data was stolen.  I know honest companies that disclosed their breaches were hurt financially.  The industry is the wrong way round.


----------



## drmike (Dec 25, 2013)

Word has it other Buffalo hosts may be working with the FBI.  Couple of folks have had FBI come knocking about one of the companies hacked.

Nice to see Bufftards use government bully muscle while ignoring the laws about cleaning up and reporting the hacks to other government agencies.

Frankly, if providers had their heads on straight they'd class-action sue WHMCS and SolusVM for being moderately sloppy and ignoring practice and having regular audits.  

I fully expect to see many more hacks in 2014 involving both pieces of software.


----------



## vRozenSch00n (Dec 25, 2013)

Virtovo said:


> So many hosts hit by the the WHMCS exploitathon.  I wonder how many hosts have not disclosed their breaches or are even aware customer data was stolen.  I know honest companies that disclosed their breaches were hurt financially.  The industry is the wrong way round.


There is a saying in my country "If a lamb was stolen from you, don't report it to the authority. Otherwise you will lose another cow"


----------



## SrsX (Dec 25, 2013)

drmike said:


> Word has it other Buffalo hosts may be working with the FBI.  Couple of folks have had FBI come knocking about one of the companies hacked.
> 
> Nice to see Bufftards use government bully muscle while ignoring the laws about cleaning up and reporting the hacks to other government agencies.
> 
> ...


That would be Blacklotus -- Blacklotus was breached by Vypor aka Taylor Hayden Smyth - a 16 year old kid, he proceeded to compromised more then 15 hosts and "dox" the hosting company owners and staff(release all their detaisl).

Blacklotus requested he removed the database backup, he told them to, and I quote _fuck off_ - therefore Blacklotus took it in to their hands to contact the FBI. In addition there was over $20k in fake orders processed before Blacklotus knew they were compromised.


----------



## HostUS-Alexander (Dec 25, 2013)

Its sad to see this happen to web hosts.

- Alexander


----------



## drmike (Dec 27, 2013)

&nbsp;



SrsX said:


> That would be Blacklotus -- Blacklotus was breached by Vypor aka Taylor Hayden Smyth - a 16 year old kid, he proceeded to compromised more then 15 hosts and "dox" the hosting company owners and staff(release all their detaisl).
> 
> 
> &nbsp;
> ...



Interesting story. I won't comment on the above Smyth. He showed up elsewhere and keeps doing such. I have my doubts/questions.


I know CC for a fact is FBI involved and had active field agents bothering people. Part of the stupidity involved the CVPS hacks. Seems like someone up there doesn't mind wasting federal resources and wrongly bothering people. Shame. False accusations, lack of proof, etc.


Clearly the FBI has found the lack of proof too. Hopefully Buffalo contacts get burned for misuse like they have.


----------



## SrsX (Dec 27, 2013)

drmike said:


> &nbsp;
> 
> 
> Interesting story. I won't comment on the above Smyth. He showed up elsewhere and keeps doing such. I have my doubts/questions.
> ...


Well it's ironic - he got raided by the FBI in co-operation with Homeland Security.


----------



## GVH-Jon (Dec 29, 2013)

In case anyone is wondering, "eus" stands for End User Support. We offer End User Support to our resellers free of charge.


----------



## GVH-Jon (Dec 29, 2013)

So to clear things up even further:

It was made clear in the previous HN thread that they were one of our resellers. The [email protected] email is the email that we give to resellers for them to register us an account on their helpdesk for us to reply to their clients' tickets as a part of our free end user support service.


----------



## drmike (Dec 29, 2013)

So does GreenValue provider free ticketing then for resellers or just in limited cases or?


----------



## GVH-Jon (Dec 29, 2013)

drmike said:


> So does GreenValue provider free ticketing then for resellers or just in limited cases or?


If they have a helpdesk they can create a support operator account for us on their helpdesk and set email notifications to [email protected] When we get notifications that one of their clients opened a tech support ticket, we log into their helpdesk ASAP and give our best effort to help them out in their tech support dept. We don't do sales, billing, management, none of those things for our resellers and we don't snoop around their data and such.

End user support is provided upon request only

Nothing abnormal there.


----------



## Jack (Dec 29, 2013)

SrsX said:


> That would be Blacklotus -- Blacklotus was breached by Vypor aka Taylor Hayden Smyth - a 16 year old kid, he proceeded to compromised more then 15 hosts and "dox" the hosting company owners and staff(release all their detaisl).
> 
> Blacklotus requested he removed the database backup, he told them to, and I quote _fuck off_ - therefore Blacklotus took it in to their hands to contact the FBI. In addition there was over $20k in fake orders processed before Blacklotus knew they were compromised.


When did Blacklotus get hacked? Did they inform clients?


----------



## Virtovo (Dec 29, 2013)

Jack said:


> When did Blacklotus get hacked? Did they inform clients?


Being a client, I can safely say no.


----------



## vRozenSch00n (Jan 6, 2014)

HN-Matt said:


> <snip>. I discovered that Jon was/is still in high school on LET </snip>


Really? Care to share the link?

I have nothing against youngsters starting a business at an early age, as long as they embrace the facts that they are entering a world where responsibility and mature attitude really counts, so they are transparent in doing their business. 

*Just to be clear, the following paragraphs has nothing to do with HostNun or GreenValueHost:*

* *

It is unfortunate that I encountered some youngster providers who stated in their offer that they are experts that have years of experience, then in another thread they ask the forum of how to set up OpenVZ containers or IP provisioning. :angry:

Other problem with some of them is they started shilling and spam the forum. 

example: http://lowendtalk.com/discussion/19657/welovevps-com

Edit: clarification and example line added.


----------



## drmike (Jan 6, 2014)

HN-Matt said:


> We used to have our WHMCS with GVH. We bought a reseller plan with them in the summer of 2013 because the price was right, not knowing that they were run by a teenager at the time. We no longer have our WHMCS with them. They offered 'end user support' at the time time, hence 'Yekaterina' (lol...). However, not once did their EUS ever respond to a support ticket. I discovered that Jon was/is still in high school on LET a few weeks ago, which explains a lot about the way he communicates w/ people, but not necessarily the quality of his hosting.
> 
> 
> 
> ...


I haven't much time this morning, I have to go brave the arctic weather again.

*"We bought a reseller plan with them in the summer of 2013 because the price was right, not knowing that they were run by a teenager at the time."*

Oh come on Jon and his buddy - well one of them is done with high school.    So much for due diligence.  Lured by those crazy prices.  

I've known Jon's approximate age since he started making offers quite a while back.  That said, age is just a number.  Not a reason to disqualify someone.  Ageism.

*"Obsessed with Hostnun?" * Nah, not quite.   Just on my naughty/cautious list.  You really operate this religious slander as a brand?

*Compromising your stuff to get dirt? * No, I use this thing called a search engine.  You happen to be found on a list of hosts who were compromised to some extent.    The day I stoop to compromising your stuff or anyone else's is probably the same week you/them would be put out of business forever.


----------



## SrsX (Jan 6, 2014)

Jack said:


> When did Blacklotus get hacked? Did they inform clients?


Probably not... However, ou can search a few sites to find it.





Wondering whom "ZMS" is? That's none other than Zeekill - a finland kid, who thinks hes a FBI agent... or something like that.

If you want to rage at him on skype: ihateblackpeople12345


----------



## drmike (Jan 6, 2014)

That Vypor chap outing DOX on BlackLotus is a perplexing mess ---> http://pastebin.com/TLrPJA0F

Attacks BlackLotus for filtering for: niggermania.net and godhatesfags.com.

Then goes on to attack the owner(s) of BL as faggots a whopping three times.   

What a waste of talent/skills on Vypor's part.


----------



## SrsX (Jan 6, 2014)

drmike said:


> That Vypor chap outing DOX on BlackLotus is a perplexing mess ---> http://pastebin.com/TLrPJA0F
> 
> Attacks BlackLotus for filtering for: niggermania.net and godhatesfags.com.
> 
> ...


You'd love to speak to ZMS (zeekill) if you want to talk about Vypor. They're butt buddies, if you want some real dirt on Vypor (Taylor Hayden Smyth), ask Intangir.


----------



## drmike (Jan 7, 2014)

I wish these folks would use their skills for something good instead of shear mess making.   

Black Lotus protecting free speech = good.  Liberal mentality exhibited by el hacker of intolerance of language against their pet causes is perplexing.  Considering both blacks and gays have benefited and exploited both free speech and additional "special" speech.  Good when it's benefits them, bad when the opposition embarks on the same.   

I remember when free speech was a bastion of liberalness.  So was privacy and general anti big brother state.  Now, often a 180 degree turn.  That's why liberal causes have lost me as a supporter.

Plenty of real docs to unearth and they aren't utility / phone / BW bills on private citizens.  Rather, they are the big corporations, military and government and the people that run such.

Of course, these modern hackers won't dare do that since the nature of a swatting their way might included missiles and instant death.  Glad I grew up when hackers (some) used their skills for real good instead of political hot potato games.


----------



## HN-Matt (Jan 7, 2014)

drmike said:


> It appears tail end of October that HostNun was another, ehh victim of WHMCS insecurity.  Prayer probably isn't going to make things better in this instance.
> 
> 1:HN-Matt:[email protected]:0d12d19d25f7a455a7f91166d365ca
> 
> ...


We used to have our WHMCS with GVH. We bought a reseller plan with them in the summer of 2013 because the price was right, not knowing that they were run by a teenager at the time. We no longer have our WHMCS with them. They offered 'end user support' at the time time, hence 'Yekaterina' (lol...). However, not once did their EUS ever respond to a support ticket. I discovered that Jon was/is still in high school on LET a few weeks ago, which explains a lot about the way he communicates w/ people, but not necessarily the quality of his hosting.

 

Congrats on your ten gallon junior NSA fedora, drmike, but I think the real question here is why are you obsessed with Host Nun? This is the second thread you've started about us.

 

Are you literally admitting to 'compromising our WHMCS' in order to 'get the dirt on GVH' or something? Because lmfao...

Also, why is this in 'Industry News'? Host Nun has nothing to do with 'VPS Industry News' lol.


----------



## HN-Matt (Jan 7, 2014)

In drmike's first creepy internet detective thread fraught with inaccuracies and stupid garbage, I asked if he was a pomeranian or a shih tzu and the thread was immediately locked for unknown reasons, so the question still stands.

Speculations are now leaning toward http://www.onechihuahua.com/heres-the-thing-i-am-a-chihuahua/


----------



## HN-Matt (Jan 7, 2014)

Tux said:


> That HN-Yekaterina entry looks mighty suspicious.


"Huuurrrrr, no biggie that some weirdo compromised their WHMCS, I'll act like a cop and call the compromised data 'suspicious' instead of pointing out the fact that some creep posted it to begin with."


----------



## HN-Matt (Jan 7, 2014)

DomainBop said:


> Duh, Yekatarina Samutsevich.  This whole HostNun charade was the blasphemous work of PussyRiot.
> 
> If proper notification procedures weren't followed then the customers were the real victims.


We have always updated our WHMCS immediately. What becomes most interesting in this thread is the materiality of the fedoras of those who nevertheless decided to come in through the back door.


----------



## HN-Matt (Jan 7, 2014)

The stats on drmike: http://www.onechihuahua.com/stats/


----------



## HN-Matt (Jan 7, 2014)

SrsX said:


> Now, a prayer for our friends at HostNun.


http://hostnun.net/drmike.png


----------



## HN-Matt (Jan 7, 2014)

drmike said:


> The day I stoop to compromising your stuff or anyone else's is probably the same week you/them would be put out of business forever.


& once your megalomania is finished putting the helpless nuns out of business forever, what's next, pal? Karma? What About, Like, Schopenhauer's Veil Of Maya? It Has A Veil Too, Bro. These Are The Days Of Are Lifes...

 

Okay, drmike. I'm not angry at you for doing what you do, and I agree with a lot of what you're saying, but as a true supernoob, I find some of your methods bizarre. If you would kindly stop mistaking The Bad Internet Nuns Who Should Be Out Of Business for a fire hydrant the next time you start growling at GVH and giving them the yappy 'tude, we would be thankful. That and I'd have appreciated it if you had contacted us directly about the WHMCS exploit rather than doing an 'arf arf! doggy pastebin fetch!' with a singled out list of names. Like, what kind of 10 gallon fedora will compliment my next unwitting self parody of a blowhard internet detective weirdo? How can I best become an admirable lap dog sat atop the contemporary trash heap of NSA peeping-tomism?


----------

