BlueVM's domain name was hijacked

[drmike]

If they have control over their Twitter again, would it be safe to imagine they have control over their domain now too?

Twitter support is non-existent. I've tried contacting those bastards so many times in the past. I can only assume that they got Twitter access again from regaining control of the domain?

We are both assuming the Twitter account was attached to @BlueVM.com email and was actually hijacked   I only see a post made on Twitter and removed, which any account holder can do normally.

Twitter support, yeah, there is none.  Imagine that spinning out of control and losing access...

 

[DomainBop]

All of which means if this happened, as you imply, every customer should FEAR.  Fear their account info is now in public, fear a database dump with your info in public, fear anything you can relate to your BlueVM account and especially where you had common username and password credentials.

They should have already feared this when using any of these shitproviders™ given the businesses' complete lack of due diligence when hiring poorly paid contractors**  and the average shitproviders™ complete ignorance of information security standards.

For shits and giggles, ask one of these shitproviders™ if their business has implemented  ISO/IEC 27001 ISO/IEC 27002 standards and the response you'll get is "IS whaaat?, never heard of it!?

**using the IRS 20-pont checklist of employee vs contractor most of these contractors should probably be classified as employees and the tax cheat businesses should be audited and fined heavily for not paying payroll taxes, etc

 

[Nick_A]

Where is their IRC channel?

 

[WebSearchingPro]

Where is their IRC channel?

irc.obsidianirc.net #bluevm - or http://www.obsidianirc.net/chat.php

 

[MannDude]

I'm changing the title of the thread to, "BlueVM's domain name was hijacked" for sake of being accurate at this time.

I understand at the time this thread was created it was not clear what had happened, but it's clear now.

 

[lbft]

We are both assuming the Twitter account was attached to @BlueVM.com email and was actually hijacked   I only see a post made on Twitter and removed, which any account holder can do normally.

Twitter support, yeah, there is none.  Imagine that spinning out of control and losing access...

The whole account disappeared briefly too.

 

[DomainBop]

A quick glance at google indicates BlueVM security compromise topics are an annual event.

May 2012: http://lowendtalk.com/discussion/2614/bluevm-illinois-server-hacked-data-lost

June 2013: http://www.lowendtalk.com/discussion/11428/potential-bluevm-whmcs-breach

August 2014::

..and this boys and girls is why I prefer to entrust my company's data to servers hosted by real companies with real employees and real security policies (real as in the mention of ISO27K standards doesn't draw a blank stare).

edited to fix a date.

 

[drmike]

000webhost imploding the hosting account
 

CPU Limit Reached
You are seeing this page because website has reached CPU usage limit of the server, and it was temporarily disabled.

and as far as hijack vs. sold, interesting what the BlueVM employee/whatever in IRC had to say...

Somewhere in Buffalo, someone is grinning.

 

[D. Strout]

So WHOIS says the domain is with "eNom" - I figured that probably meant Namecheap. I used the Namecheap forgot password link and fed in the domain "BlueVM.com", and it says "Your account is locked. Please contact support." It seems Namecheap is likely looking in to things to try and get the domain back to its rightful owners.

 

[Magiobiwan]

We're working on it now. Justin is working with Namecheap to get everything fixed up. When everything is put back as it should be and we've finished investigating, we'll be doing a release about this mess.

 

[wlanboy]

A shit - worst case scenario.

Wrong website is one thing, but a malicious MX record is a worst case scenario.

Don't know when all DNS caches will have the correct values.

So even if we see the correct webpage again ... it would still be not save to write emails to BlueVM.

 

[Munzy]

Look as if they are starting to point it at a malicious IP, be careful if you go there:

 

[Munzy]

NM, it is still 000webhost.com, they just are hosted a lot of shit in the past.

 

[sv01]

NM, it is still 000webhost.com, they just are hosted a lot of shit in the past.

still on 000webhost.com


Expires On     May 07, 2017
Registered On     May 07, 2011
Updated On     August 23, 2014
they don't care about their client?

 

[wlanboy]

they don't care about their client?

They don't care about much.

Not about support and not about securing their business domain.

If the bad boys had access to the Namecheap account they had access to the SSL certificates too.

 

[Francisco]

They don't care about much.

Not about support and not about securing their business domain.

If the bad boys had access to the Namecheap account they had access to the SSL certificates too.

Anyone know if bluevm was always using google for their MX records? Reason I ask is that right now it's pointing to google and if it wasn't them that did that.....

Francisco

 

[MannDude]

How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?

 

[mojeda]

How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?

I'm not sure of namecheap's recovery system, but my best guess was social engineering. http://en.wikipedia.org/wiki/Social_engineering_(security)

 

[wlanboy]

How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?

Quite simple.

Activate Two-Factor-Authentification: https://www.namecheap.com/support/knowledgebase/article.aspx/9253/45/how-to-two-factor-authentication

Domains / SSL certs and DNS settings should be worth the hassle.

 

[Schultz]

Oh my, how bad.

I do hope they recover from this attack!