# Hostrail / BUDGETGEEK TELECOMS LIMITED allegedly hacked



## drmike (Feb 18, 2015)

Ongoing Lowendtalk.com thread worth noting:

http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info

It involves mtwiscool (who is banned from there and vpsBoard) and issues involving his company.

Alleged his WHMCS database has been dumped.

Heads up since usually when this happens indicates a vulnerability in open floating around. 

Keep extra eyes and efforts on securing your WHMCS installations.


----------



## PortCTL (Feb 18, 2015)

drmike said:


> Ongoing Lowendtalk.com thread worth noting:
> 
> http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info
> 
> ...


Well, the WHMCS he was using was outdated...


----------



## Jasson.Pass (Feb 19, 2015)

drmike said:


> Ongoing Lowendtalk.com thread worth noting:
> 
> http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info
> 
> ...


That would be scary if there is a new 0day in wild


----------



## drmike (Feb 19, 2015)

Jasson.Pass said:


> That would be scary if there is a new 0day in wild


Yeah it would.  To think someone sent me a blog style post about upcoming WHMCS release prior to this hack-a-roo.   My math has known vuln floating.  Only way I'll see it is from data dumped.

Those dumping things, send your friend drmike a copy for his analysis.


----------



## MannDude (Feb 19, 2015)

Jasson.Pass said:


> That would be scary if there is a new 0day in wild


While true, it's more likely that he was probably using a nulled/cracked version of WHMCS to begin with that was exploited.

If there was a new 0day in the wild I do not imagine Hostrail is a target worth using it on. I mean... seriously, how many people could have really been dumb enough to board that train given the history of the original brand, and the history of the person who is now using that name for a different brand? What is the number of people who may be impacted by using it on them? <100?

Anyone want to come work for me? My new company is called _ENRON_..


----------



## DomainBop (Feb 19, 2015)

MannDude said:


> While true, it's more likely that he was probably using a nulled/cracked version of WHMCS to begin with that was exploited.


According to a post on LET and an email he sent out advising users to reset their passwords , it has do to him doing the same thing that a majority of low end providers and 1-man shops do: giving a poorly vetted contractor admin access.

email:

_"You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."_



> Heads up since usually when this happens indicates a vulnerability in open floating around.


Since we're talking about a low end provider, I'm going to disagree.  The main reasons for data breaches in that sector (and with many higher priced 1-man shops) are probably 1. poorly vetted contractors the owner met on IRC/Skype/forums being given the keys to the palace (think Jonny and GVH) , 2.  people who don't know their ass from a hole in the ground when it comes to security (think Harzem and FraudRecord), closely followed by 3. people not applying security fixes in a timely manner (sometimes weeks, months later).


----------



## mikho (Feb 19, 2015)

A post over at LET had images of a teamviewer session showing how someone with admin access to WHMCS let the other part of named session download a database dump.


I have reasons to believe who the two "gentlemen" are and I have adviced Matthew to report this breach to the police and have it investigated.


It was not a vulnerbility used to get the database dump n


----------



## Munzy (Feb 19, 2015)

mikho said:


> A post over at LET had images of a teamviewer session showing how someone with admin access to WHMCS let the other part of named session download a database dump.
> 
> 
> I have reasons to believe who the two "gentlemen" are and I have adviced Matthew to report this breach to the police and have it investigated.
> ...



Who you thinking done it?


----------



## mikho (Feb 19, 2015)

Munzy said:


> Who you thinking done it?


 The person already confessed in another thread on LET so I guess I can post a screenshot of the message.


----------



## Munzy (Feb 19, 2015)

I really don't like that guy honestly, he has posted a few things clearly showing he has a lack of understanding of full computer networks and how they intermix, yet runs a hosting company.


----------



## drmike (Feb 19, 2015)

I find it surprising that kcaj is being implicated.  I always found him to be alright and above board.

I have to go give my eyeball time to Lowendtalk to get caught up.   Riveting man opera.

@DomainBop, you just have to stop it.  I give you thanks every day    Right about access doled out and bad practices. That last part about not being patched, not exclusive to sLowEnders.  Way too common.

@mikho  these Teamviewer or other related software - was it clear who is being implicated as culprit?


----------



## Lee (Feb 19, 2015)

drmike said:


> I find it surprising that kcaj is being implicated.  I always found him to be alright and above board.


He was, and was the one that posted up the screenshots, hence why they are both suspended.  All things aside and like I have said before, for me as a mod at LET that kind of shit has to go.  

Ok, Matthew is hardly a role model for hosting services and he is hard work but has he ever stolen, ran away, tried to scam people.  No, or not that I am aware of.  Misguided at worst and too trusting of some people.  And it's that trust that led to this.  Which is not fair on any provider to have their systems exposed like that and LET is no longer the place to do it.

In addition that FR report he made about Tom for doing this has been removed after I asked that he rise above this and delete it.

https://www.fraudrecord.com/api/?showreport=5a97456bc264f109


----------



## bm11 (Feb 19, 2015)

DomainBop said:


> _"You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."_


Mother of god.

If I ever got an email like this from a provider I'd run away as fast as I could.

Left screenshare on? Dude...


----------



## mikho (Feb 19, 2015)

bm11 said:


> Mother of god.
> 
> If I ever got an email like this from a provider I'd run away as fast as I could.
> 
> Left screenshare on? Dude...


That wasn't mtwiscool who left screenshare on.... so don't get your panties in a twist


----------



## drmike (Feb 19, 2015)

bm11 said:


> Mother of god.
> 
> If I ever got an email like this from a provider I'd run away as fast as I could.
> 
> Left screenshare on? Dude...


Tis the life of those afflicted with autism.

"_"You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."_

[SIZE=13.63636302948px] I need my English accent announcer to read this to me with the worst possible hard core British accent possible.  Perhaps then I'll understand.[/SIZE]

[SIZE=13.63636302948px]But kindly and for education purposes,  the public, the customers, even the dorks do not care about screenshare.   They rightly believe you are some deviant who like to cam with his pants off when you go to "screensharing". [/SIZE]

[SIZE=13.63636302948px]The md5 salted, the public hafn't ate dos nuts eva.   They prefer peanuts.[/SIZE]

[SIZE=13.63636302948px]Prosseed is an interesting one. It was headed towards prostrate then seed came in and interrupted that bottom up inspection.[/SIZE]

[SIZE=13.63636302948px]Now for all that kickballing of mtwiscool's nervousness, gift, autism, lack of literacy perhaps, what can I say - the kid emailed his customers to try to convey he was victimized and customer data was involved.  Well he sort of did.  Really![/SIZE]

[SIZE=13.63636302948px]I can think of a long list of companies that didn't when they public shared and instead practiced chirping like crickets in the corner.[/SIZE]

[SIZE=13.63636302948px]mtwiscool isn't that bad all said.  Whoever dinged him like this should be ahh ashamed.  But the lad allegedly who did is 14, probably similarly gifted. Kcaj though I think got implicated indirectly by rapping to both parties.[/SIZE]

[SIZE=13.63636302948px]Do I condone bans? Meh. It's LET, let them have at it over there. Poor Lee.... [/SIZE]

I'm relieved as is there isn't a zero day but a zero class.


----------



## Lee (Feb 19, 2015)

drmike said:


> [SIZE=13.63636302948px]Do I condone bans? Meh. It's LET, let them have at it over there. Poor Lee.... [/SIZE]


It's not a ban for either, a suspension.  Unfortuantely Vanilla only does a ban.

But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out


----------



## DomainBop (Feb 19, 2015)

~Lee~ said:


> But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out


VPSBoard already sent you as a gift of gratitude for your generosity. 



> I have adviced Matthew to report this breach to the police and have it investigated.


Hopefully he follows through and takes your advice since the two people in question are also in the UK.


----------



## drmike (Feb 19, 2015)

~Lee~ said:


> It's not a ban for either, a suspension.  Unfortuantely Vanilla only does a ban.
> 
> But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out


Oh no, we don't do skids and teenagers around here, at least knowingly.  Hell I even slap folks pimping them as staff, unless the "owners" are their same aged peer group.  We are alright with the grown a bit borderline researcher / academic pursuer.  Straight up screen sharing open terminals and such, meh,  dumb and no, keep those folks please.  

We are thankful, kind of you to share the joy, reddit perhaps is the more suitable place to direct them.   Hackforums definitely is proper. Sure other folks can make a parting list for directing the folks, ehh deflecting them.

Seriously, why the change of face and audience attempt at LET?   Sounds like corporate ownership is getting butt tight.  But I seriously endorse the move, knowing some people are going to get hard whacked and rolled down a hill. INVEST NOW IN POPCORN FUTURES and toothpicks.


----------



## Lee (Feb 20, 2015)

drmike said:


> Seriously, why the change of face and audience attempt at LET?   Sounds like corporate ownership is getting butt tight.  But I seriously endorse the move, knowing some people are going to get hard whacked and rolled down a hill. INVEST NOW IN POPCORN FUTURES and toothpicks.


It's not so much a change of face or even audience.  It's more about changing perceptions.  LET has always been seen as the easiest place to cause drama and this episode demonstrates that.

Drama is one thing, malicious intent is another.  And as people run around claiming there is some agenda behind my actions on LET I can assure you that the *facts* I have and the stories being told do not match.  I am not someone who bans/suspends without being able to evidence why.

Take your malicious or just for the lulz to cause shit with someone elsewhere, for everything else it remains business as usual at LET.  

To be honest I really don't think I have changed much in this respect, if anything I am just probably a bit more vocal than other mods/admins have been when something like this happens.  Which in turn attracts attention.


----------



## HalfEatenPie (Feb 20, 2015)

~Lee~ said:


> It's not a ban for either, a suspension. Unfortuantely Vanilla only does a ban.
> 
> 
> But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard. No need to thank me, just trying to help you out


Hehe.... how about a pass on that? Lets leave that for hackforums.


----------



## joepie91 (Feb 21, 2015)

drmike said:


> Tis the life of those afflicted with autism.


Nonsense.


----------



## RLT (Feb 21, 2015)

Considering that my brother is autistic have to agree. It must be noted that autism as well as bipolar have became a dumping diagnosis for non cookie cutter personality abnormalities.


----------



## drmike (Feb 21, 2015)

RLT said:


> Considering that my brother is autistic have to agree. It must be noted that autism as well as bipolar have became a dumping diagnosis for non cookie cutter personality abnormalities.


I am very understanding of the diagnosis.   Like many illnesses and mental health conditions, it's either being mass over applied or the human race is rapidly devolving.  Perhaps both are occurring....

It has become quite fashionable to justify little whoever's bad behavior on autism spectrum. Not a new technique either.


----------



## RLT (Feb 21, 2015)

They are either autistic or adhd when ever they don't mind.


Reading a few psych textbooks will forever ruin a persons opinion about psychs.


Working as a psychiatric nurse really demolishes it. Give me a cranky computer any day of the week. Those years were a nightmare.


----------



## drmike (Feb 21, 2015)

@RLT, I know those folks but I don't try to resemble them, willingly 

Psych nurse.... I can't think of a worse job on this planet. Definitely has to be on a top list. You poor person you. All those things you can't unsee or forget.

Bet it would seem inappropriate back then for someone else, friend to ask if you had a crazy day at work...


----------



## RLT (Feb 21, 2015)

The bad part was the docs were worse then the patients.


----------



## kcaj (Feb 22, 2015)

~Lee~ said:


> Drama is one thing, malicious intent is another.  And as people run around claiming there is some agenda behind my actions on LET I can assure you that the *facts* I have and the stories being told do not match.  I am not someone who bans/suspends without being able to evidence why.
> 
> Take your malicious or just for the lulz to cause shit with someone elsewhere, for everything else it remains business as usual at LET.


Malicious intent or just for the lulz to cause shit? Not the screenshots I posted. My original post (with the images removed) is still available for anybody who wants to see.

Phrasing of "database has been obtained" on my part was a bad decision, it would have been better phrased as "a copy of the database has been passed to me". I reiterate that I didn't have access to the end screen at anytime, it was only ever a session whereby I had viewing capabilites only. That's just for the record, I'm not trying to detract from anything.

Malicious intent though, really? I posted a subtle warning for others on the end of a thread that had already ran it's course. Do you not think that had I'd been out to act maliciously I'd have opened a new thread for maximum impact? One of the screenshots posted contained Matthew's own profile in WHMCS, containing email address/address/phone number, all of which are blanked out and unusable in the images. If I had been out to act maliciously, I'd of posted the images uncensored. The copy of the database I was passed is long-gone, deleted. I know of others that were also passed a copy of the database, but I haven't shared the database with anybody. Again, had I been out to act maliciously, one would think the database would have been made available for general download.

Your implied remarks above that my actions were malicious are unfounded and complete slander. Anybody who wants to see this for themselves are welcome to contact me via private channels.


----------



## Lee (Feb 22, 2015)

kcaj said:


> I reiterate that I didn't have access to the end screen at anytime, it was only ever a session whereby I had viewing capabilites only. That's just for the record, I'm not trying to detract from anything.


That is definitely not how Tom explained his side of it.



kcaj said:


> Do you not think that had I'd been out to act maliciously I'd have opened a new thread for maximum impact?


Not really no.



kcaj said:


> Your implied remarks above that my actions were malicious are unfounded and complete slander. Anybody who wants to see this for themselves are welcome to contact me via private channels.


If you really feel slander is appropriate get your parents to contact the appropriate authorities.  Or even get them to contact me and I will discuss it with them.

But always remember this, your friends/associates on the internet are often your enemy and more than happy to quickly start offering up all sorts of information when they think you are wounded.


----------



## kcaj (Feb 22, 2015)

~Lee~ said:


> That is definitely not how Tom explained his side of it.
> 
> Not really no.
> 
> ...


Then you'll do good to learn that making moderating decisions based on here-say from a 14 year old gets you almost nowhere. My version of events are above for all to read, anybody interested in viewing the original screenshots which will support my argument are welcome to contact me.

"Not really no." A very closed minded response. You've said you can evidence your thoughts and reasons behind your decisions to suspend me, perhaps you can expand on that a lot further?

I'm not looking to find any legal recognition of your comments being slander here, it's my word against yours. However should I wish to contact any authorities regarding your comments, it would be done completely of my own accord. I'm above the age of that where I'd need an adult to act in my interests. The whole "get your parents to contact me" thing anyway, very mature of you Lee. I think that kind of attitude demonstrates the kind of hot-head moderation that is in place over at LET.


----------



## Lee (Feb 22, 2015)

kcaj said:


> . You've said you can evidence your thoughts and reasons behind your decisions to suspend me, perhaps you can expand on that a lot further?


I have no intention to engage with you on a public forum any further on this topic, I have full confidence that the decision was the right one based on your actions and the information that was provided from several people.  If you remain unhappy with that decision you have the option to take the matter up with one of the Administrators.


----------



## drmike (Feb 22, 2015)

~Lee~ said:


> I have no intention to engage with you on a public forum any further on this topic, I have full confidence that the decision was the right one based on your actions and the information that was provided from several people.  If you remain unhappy with that decision you have the option to take the matter up with one of the Administrators.


All fair and good.  I might agree to disagree and be it bird doo in my eye in the process.

How long is @kcaj on timeout over there?   (I *wish* there was a  points or clear timeout system for such o'er there so people felt like they were being treated uniformly --- just a friendly bump).


----------



## kcaj (Feb 22, 2015)

drmike said:


> All fair and good.  I might agree to disagree and be it bird doo in my eye in the process.
> 
> How long is @kcaj on timeout over there?   (I *wish* there was a  points or clear timeout system for such o'er there so people felt like they were being treated uniformly --- just a friendly bump).


It's only for a week. Though for someone who seemed so confident that they had the facts and were able to evidence them, it's disappointing Lee can't put his money where his mouth is.


----------



## Munzy (Feb 22, 2015)

@kcaj I was banned for a week because I told an admin that he should grow some balls. You may see it as harsh, but your punishment doesn't seem too harsh. Take it as a badge of honor and a vacation time. See you soon.


----------



## MartinD (Feb 23, 2015)

So, I'll just say I'm watching this with interest and laughing, quite a lot, at some of the comments/remarks being made from certain individuals.


----------



## Lee (Feb 23, 2015)

MartinD said:


> So, I'll just say I'm watching this with interest and laughing, quite a lot, at some of the comments/remarks being made from certain individuals.


I can't help myself


----------



## MartinD (Feb 23, 2015)

~Lee~ said:


> I can't help myself


It's not even you.. for once


----------

