ChicagoVPS global password reset? Hacked again?

[MannDude]

Following a lead in IRC, I browse over to LET and see this thread: http://lowendtalk.com/discussion/15185/global-chicagovps-password-reset

Anyone else get this? Curious if it was 'precautionary' or if they were victim of the new WHMCS exploit?

EDIT: Actually, it sounds like they were indeed hacked again. Can't really blame them this time, and at least they reset passwords instead of leaving customers hanging.... But yeah.


[7:52:34 PM] they were displaying empty DB tables when I learned about the exploit
[7:53:26 PM] when you visited their billing it listed the names of the tables in whmcs sql
[7:53:37 PM] then it was down less then 5 minutes later
[7:55:02 PM] So yes they got hacked

Curious to see what CVPS has to say.

 

[Amitz]

Damn. I just lost a bet. I was sure that drmike would open this thread right after I saw the discussion on LET...

 

[texteditor]

I don't think it is out of the realm of possibility that ChicagoVPS could be a victim of an unpatched exploit

 

[MannDude]

Even doctors have to sleep from time to time.

 

[Lee]

I never got anything, but I am not an active customer, so perhaps it was only sent to those that are.

 

[MannDude]

I never got anything, but I am not an active customer, so perhaps it was only sent to those that are.

To be fair, in IRC someone said they're not a CVPS customer and haven't been one in a while... yet they still got a password reset. Your email may be in queue.

Someone said that when you visited their billing it listed the names of the WHMCS tables and then 5 minutes later was offline... So, yes, it sounds like they got hacked again.

At least they reset the passwords this time.

 

[Amitz]

Even doctors have to sleep from time to time.

Jaja... Dr. Jekyll and Mr. Manndude... Now I know why drmike uses that "we" so often when it should be an "I". You are the same person!

 

[MannDude]

Jaja... Dr. Jekyll and Mr. Manndude... Now I know why drmike uses that "we" so often when it should be an "I". You are the same person!

Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s

Sarcasm = purple, btw.

 

[SkylarM]

Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s

Sarcasm = purple, btw.

I'm colorblind so none of this was sarcasm! Mwahahahah(notethiswasajoke)

 

[GIANT_CRAB]

Not hacked but script kiddie'd by someone who downloaded that script.

 

[MannDude]

Not hacked but script kiddie'd by someone who downloaded that script.

True, true. Unless the owner of localhost.re tests his exploits in real world environments before releasing them... Or maybe someone kid just got to it before they locked it down?

WHMCS really needs to start implementing notices in their admin panel.

 

[WebSearchingPro]

Caught me/us! I sporadically type to myself between my laptop and desktop and respond to threads that way too!  /s

Sarcasm = purple, btw.

Thats more of a fuchsia

Edit: I lied, the exact color is "Dark Magenta"

 

[DalComp]

I have 2 account with them, 1 active and 1 inactive. Both passwords are not reset, I can login with the usual password.

 

[wlanboy]

I have 2 account with them, 1 active and 1 inactive. Both passwords are not reset, I can login with the usual password.

Maybe the reset is on queue too.

 

[drmike]

MannDude is a different person than I am.  I guarantee that.

I was enjoying some shut eye (sleep).  Been a tad under the weather for past few days.  That happens with weeks on end of mass stress and lack of sleep.  No worries, I'll be back up to spec in a few days

As for CVPS, ahhh, NOT AGAIN!  Anyone sticking with them deserves whatever befalls you as a customer.  I'll ride the high road on this... CVPS is a big VPS provider  with an even bigger mouth in charge.  So attacking them like this is a popularity type thing (high value target).  It is just going to keep happening unless they fail or invest properly.

CVPS needs to stop being ran like a cheapskate in charge self siphoning money for personal goodies and expand properly --- hire real staff, hire someone qualified for hardening, auditing and similar.    No company with 9k containers+ should be ran by 2-4 people with questionable backgrounds/knowledge.   Just not enough hours in the day to support customers and do what needs to be done.

 

[sv01]

I'm sure they won't comment  about this hack (again)

 

[lifetalk]

The only way I can think of to get notified, right now at least, is to setup alert words on WHT for 'whmcs'. Have an email app on a smartphone that buzzes you and goes haywire whenever you get an email from WHT.

Granted there's going to be more false alarms than there will be actual notices of a new WHMCS exploit... but that's a tradeoff I guess.


OR, just subscribe to local's blog rss.

 

[Lee]

MannDude is a different person than I am.  I guarantee that.

I was enjoying some shut eye (sleep).  Been a tad under the weather for past few days.  That happens with weeks on end of mass stress and lack of sleep.  No worries, I'll be back up to spec in a few days

As for CVPS, ahhh, NOT AGAIN!  Anyone sticking with them deserves whatever befalls you as a customer.  I'll ride the high road on this... CVPS is a big VPS provider  with an even bigger mouth in charge.  So attacking them like this is a popularity type thing (high value target).  It is just going to keep happening unless they fail or invest properly.

CVPS needs to stop being ran like a cheapskate in charge self siphoning money for personal goodies and expand properly --- hire real staff, hire someone qualified for hardening, auditing and similar.    No company with 9k containers+ should be ran by 2-4 people with questionable backgrounds/knowledge.   Just not enough hours in the day to support customers and do what needs to be done.

I still doubt that Chris is actually anything more than a mule, granted not a very useful mule.  A mule that JB can control easily to front another of his operations and keep his mouth shut about what really happens.

The top line income is relatively low and I would be surprised if Chris get's much of a salary hence he still needs to continue working at a department store.

Even giving the benefit of the doubt and saying they average $15 per month on average per customer (9,000) you are not going to have much change left out of that $135,000 once the basics get paid.

 

[MannDude]

Has anyone heard from Fabozzi today? Him and Biloh have been quiet on LET. It's like they went and took a trip or something and noped out.

 

[Aldryic C'boas]

At this point, the only thing surprising is that folks are still surprised when CC gets reamed like this.