That's not what he said...
GreenValueHost becoming ColoCrossing, dumping providers, etc.
- Thread starter drmike
- Start date
Aldryic C'boas
The Pony
Where exactly am I wishing death on someone? Perhaps I simply have a lower tolerance for bullshit than most, and a practiced skill at spotting patterns. Even if the kid did try, he'd likely screw it up. Or get a couple cm into the first cut before realizing "dammit that really hurts, I'm not man enough to follow through on this".
without looking, I would have to say this one.
AThomasHowe
New Member
Everyone who showed concern was a lost more than 99% sure it was bullshit and posted so... that's not the point though is it?
I guess you didn't wish death upon him but by saying "some lives don't have value" I am sure why you can see I think this is melodramatic - he's not Hitler, he's not one of the Kims of Korea, he's not Assad... he's a web host who got in over his head and acted like a little shit for a few months. Even if you didn't directly mean his life had no value I don't think it really gave the right impression if that's what you think.
Look at his reaction when people mentioned the police - don't you think we could tell he was lying then? I think the police were in the best position to give him a life lesson last night.
Aldryic C'boas
The Pony
And this is at all relevant to me how? I'm not a nice person, and I tend to have logical reactions instead of emotional ones. Why should I fake sympathy for someone I stopped tolerating long ago?
AThomasHowe
New Member
You don't have to it's just kind of sad that you don't.
I think you're over stressing the amount of sympathy people had too but there we go.
drmike
100% Tier-1 Gogent
I am pretty sure the longest thread, by far, would be one involving one of the ChicagoVPS hacks. Similar contender would be the LET outage situation / everyone became an admin thing that outted CC ownership in concrete boots and had most of us bail ship and come over here.
I'll ask Mann if there is a report for such.... Curious myself
Last edited by a moderator:
AThomasHowe
New Member
After a quick sort by most replied in both popular forums the most popular thread is another GVH one:
Then last nights
then this one
this one
and 5th this one
That's from The Pub/General talk... I might' missed a thread, those are all 300+ tho.
Then last nights
then this one
this one
and 5th this one
That's from The Pub/General talk... I might' missed a thread, those are all 300+ tho.
drmike
100% Tier-1 Gogent
Bahaha.... Hey tough love bro.
I don't take this harsh stance, but I fully understand it.
The logic vs. emotion topic is a real good one in the VPS (lowend) segment. You know from the big operator in the space down to the teens on the strings. Makes me wonder if perhaps there hasn't been a bad outcome to some other provider along the way mixed up in this sort of stuff who actually physically hamed (him)self.
I meant what I said months back about the minor labor issue and the exploitation of minors in the segment.
Aldryic C'boas
The Pony
Would be pretty easy to write a query to do this. Anyone have a blank schema for IPB?
drmike
100% Tier-1 Gogent
So here's the on topic, has GVH sent out a message to customers yet? (I'd look, but I'd have to fire more people today and cancel the rest of my day)
AThomasHowe
New Member
No, I haven't got one. He could still send one when he gets up but I am guessing transparency is still not a top priority for Jon.
Imagine you're a client from WHT or word of mouth or something... I bet not all his customers read LET, not even all the LET regulars read the whole thread... how the fk are they meant to know what's going on with their data?
It has been confirmed that all customer VMs are 100% safe. http://www.webhostingtalk.com/showpost.php?p=9155391&postcount=19
drmike
100% Tier-1 Gogent
Yeah forums are not customer support = those in the know who are forum users are such a small percentage, always.... and I doubt the client facing management system over at GVH bears stern warning to customers.
I am reading along on LET... Oy.... Things have gone off track with some revelations, accusations.
Having been there and seen GVH operate, I can say and others surely can attest, when GVH catches a cold, Jonny goes to his rolodex and pleading. Often a problem (like say a hack) would be ran by multiple external people (contractors, smart former involved people, etc.).
It would appear, and I sincerely hope, that's what happened or something close with the person being implicated as downloading the GVH database or invoking a script that did an export - from a public directory (what is said script, why in that location, etc.).
This very same/similar thing happened in the past when GVH was pinched and other folks were contacted and asked to help/look/research. That got someone slapped back then erroneously.
Mind you I could be off base this time. But we had this very same thing happen in GVH recent past (i.e. event when GVH was DDoS'd and hacked)
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
Sending out a timely message to alert customers of the breach so customers could change passwords, etc. would imply that Jon and the Violin player actually gave a fuck about their customers (Jon's role model is Fabozo after all). If / when they do send out a message it will probably be a CVPS style "we're victims, feel sorry for us" message not a "we're sorry, these are the steps you should take..." message.
The LET thread AnthonySmith started is worth a read because a former provider who "secretly" worked/works for GVH downloaded a dump of the DB and there are questions about the timing of his download of the DB...
http://lowendtalk.com/discussion/29847/greenvaluehost-hacked-data-stolen/p1
The "safe" confirmation is bullshit since there is a copy of the database floating around, the hacker (and probably many other people if the DB is available) had access to passwords, usernames, etc.
Since both WHMCS and SolusVM were compromised I think it is pretty safe to say none of the customers data or personal information should be considered "safe" at this point.
Last edited by a moderator:
AThomasHowe
New Member
And next time. How many people has he got helping him this time, publicly at least 2 or 3, maybe 4... I'm not saying anything about the people involved but if you imagine he's also asked for more people for help behind closed doors and that's exactly how this all occurred in the first place.
Especially considering the fact he asked for help from one of the suspects.
Last edited by a moderator:
drmike
100% Tier-1 Gogent
Lots to point out on this one
1. Sending out a timely message to alert customers - no excuses - contingency plans should be in place for such a thing everywhere. Even if you run a daycare center.
2. The LET thread AnthonySmith started - it's curious - but read my just above post. I don't think it's legit/as it seems. Sure wasn't last time and people jumped and slapped wrongly.. Big mess that was. Different people involved on both sides then.
Poor Anthony, he called me a foil hat all this time. Welcome to reality @AnthonySmith.
3. The "safe" confirmation is bullshit since there is a copy of the database floating around, the hacker (and probably many other people if the DB is available) had access to passwords, usernames, etc.
I think, but I am operating on fumes lately (slammed with real work and pace of these events is deafening) - I've said, perhaps not in public:
A. The "Russian" poster - that data from epoch data anaylsis I did 10 hours ago(?) shows that dump appears to be from December to Janauary.
B. There were only 2 admin tables posted, but it was from a MySQL dump and intentionally snipped off. Meaning, there is at least an old database potentially floating.
C. The Russian 2 table dump, that was a SolusVM dump. I am pretty sure, although I haven't bugged anyone in the know, but the current dump/hack/script in stupid place/with stupid permission MAY have been for WHMCS.
D. We have 2 databases known - one excerpted from Dec-Jan and one from ahhh yesterday. The one from yesterday, no one has. 2 IPs accessed it - one was the implicated party over there - the other was Jonny himself after being told about the explot, permission, file issue.
FULLY possible others exist. But for now, in the past 24 hours and disclosure of current customer data, hasn't happened.
Unsure where they back things up to currently, but could be another leaking vector.
4. How many people has he got helping him this time, publicly at least 2 or 3, maybe 4
At least 2, plus any "staff", plus it is wise to assume other contractors and outsourced folks. This would include the Indian helpdesk everyone wants to know about. Which, if you look someone power posted on that LET mega thread about them with other accusations. Not saying they have anything to do with the current drama, but more big question marks...
Of course, Jonny probably contacted another 6-12 people when the event was brand new and had people start looking around. Seems to be part of the pricing arrangment - job assessment - bidding. Which creates ahhh stepped on weird things during "emergency".
Sorry, probably missing something, will review comments and reply.
1. Sending out a timely message to alert customers - no excuses - contingency plans should be in place for such a thing everywhere. Even if you run a daycare center.
2. The LET thread AnthonySmith started - it's curious - but read my just above post. I don't think it's legit/as it seems. Sure wasn't last time and people jumped and slapped wrongly.. Big mess that was. Different people involved on both sides then.
Poor Anthony, he called me a foil hat all this time. Welcome to reality @AnthonySmith.
3. The "safe" confirmation is bullshit since there is a copy of the database floating around, the hacker (and probably many other people if the DB is available) had access to passwords, usernames, etc.
I think, but I am operating on fumes lately (slammed with real work and pace of these events is deafening) - I've said, perhaps not in public:
A. The "Russian" poster - that data from epoch data anaylsis I did 10 hours ago(?) shows that dump appears to be from December to Janauary.
B. There were only 2 admin tables posted, but it was from a MySQL dump and intentionally snipped off. Meaning, there is at least an old database potentially floating.
C. The Russian 2 table dump, that was a SolusVM dump. I am pretty sure, although I haven't bugged anyone in the know, but the current dump/hack/script in stupid place/with stupid permission MAY have been for WHMCS.
D. We have 2 databases known - one excerpted from Dec-Jan and one from ahhh yesterday. The one from yesterday, no one has. 2 IPs accessed it - one was the implicated party over there - the other was Jonny himself after being told about the explot, permission, file issue.
FULLY possible others exist. But for now, in the past 24 hours and disclosure of current customer data, hasn't happened.
Unsure where they back things up to currently, but could be another leaking vector.
4. How many people has he got helping him this time, publicly at least 2 or 3, maybe 4
At least 2, plus any "staff", plus it is wise to assume other contractors and outsourced folks. This would include the Indian helpdesk everyone wants to know about. Which, if you look someone power posted on that LET mega thread about them with other accusations. Not saying they have anything to do with the current drama, but more big question marks...
Of course, Jonny probably contacted another 6-12 people when the event was brand new and had people start looking around. Seems to be part of the pricing arrangment - job assessment - bidding. Which creates ahhh stepped on weird things during "emergency".
Sorry, probably missing something, will review comments and reply.
drmike
100% Tier-1 Gogent
So... I normally don't do these, but in light of what is going on over on LET and some banned accounts there and general momentum, seems appropriate:
[1:35:31 PM] -: so... did you contact Jack prior to his database dumping thing?
[1:35:37 PM] Jonny - GVH: Yes I did
[1:35:40 PM] Jonny - GVH: I thought it was a ddos
[1:35:44 PM] Jonny - GVH: and then Jack saw the stuff on vpsB [--> the 2 admin table dumps
[1:35:46 PM] Jonny - GVH: and was like
[1:35:47 PM] Jonny - GVH: hm
[1:35:51 PM] ---: so reason there for him to be in IP log, right?
[1:35:55 PM] Jonny - GVH: well would ya look at that
[1:36:01 PM] Jonny - GVH: purely coincidental
The Jack poking in GVH stuff was Jonny proactively asking his old admin to help out.
[1:35:31 PM] -: so... did you contact Jack prior to his database dumping thing?
[1:35:37 PM] Jonny - GVH: Yes I did
[1:35:40 PM] Jonny - GVH: I thought it was a ddos
[1:35:44 PM] Jonny - GVH: and then Jack saw the stuff on vpsB [--> the 2 admin table dumps
[1:35:46 PM] Jonny - GVH: and was like
[1:35:47 PM] Jonny - GVH: hm
[1:35:51 PM] ---: so reason there for him to be in IP log, right?
[1:35:55 PM] Jonny - GVH: well would ya look at that
[1:36:01 PM] Jonny - GVH: purely coincidental
The Jack poking in GVH stuff was Jonny proactively asking his old admin to help out.
Haven't been on LET today. Who all is banned? Why?
What's the deal with Jack? Confused.
Last edited by a moderator: