Aldryic C'boas
The Pony
They banned me, finally. Pretty much made my day when I heard about it.
GreenValueHost becoming ColoCrossing, dumping providers, etc.
- Thread starter drmike
- Start date
What'd you do? -_-
Aldryic C'boas
The Pony
At least, I'm assuming it's the above. That's been my only post there in hell, probably over a year. Maybe they're just feeling especially insecure *shrug*.
Last edited by a moderator:
drmike
100% Tier-1 Gogent
Well I don't have a laundry list of the bans (wish they'd have a list in one place for offenders
)GVH Jonny received 30 days minimum jet cooling ban.
Aldryic received a ??? ban for telling Jonny to be a success in his death ventures.
Jack was in an administrator log posted yesterday by that Russian I do belive it was. It was a list of people who did various things in admin capacity.
This morning roughly LET had a blow out with some info from GVH's wiped servers that showed Jack's server access a URL that did a database dump. GVH Jonny had contacted Jack something like 30 minutes at least prior to that....
I outreached to Jonny and asked about the Jack situation and posted a chat excerpt to clear the air.
At least, I'm assuming it's the above. That's been my only post there in hell, probably over a year. Maybe they're just feeling especially insecure *shrug*.
If that is the reason, they were covering their a** for any liability.
There was some case of a kid who committed suicide live on a forum (similar to this situation) and I believe the lawyers went hard after everyone involved including the forum owners.
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
I'd be shocked if the majority of customer data hasn't been compromised/disclosed and probably more than once this year.
.
Let's see:
1. multiple hacks this year, GVRetards were unaware of the Dec/Jan hack until admin tables were posted yesterday
2.GVRetards didn't bother to take basic security precautions when they installed WHMCS and only hardened the install after the April hack,
3.yesterday's hacker partially rm -rf'd /var/log and then the full on total fucktard GVRetards apparently rebooted before completing a security audit so it is really impossible to know the full extent of the damage/compromise.
They should have hired a professional security team after this hack instead of relying on the same cast of clown college dropouts who "audited" the April hack.
I think NickA had the best advice for Jonny on WHT today:
drmike
100% Tier-1 Gogent
Yeah, probably what was up with the ban.... Now mind you, all the shit scams the owners of LET sit behind and count dineros from... They had the ability to let GVH drown last time he left the nest... They brought him and liability back into their nest. Like I've told someone over there, enablers. They are the pusher, servers are the drug.
No CC = no GVH. No CC = no LET = no GVH.
This one time, I woudn't mind seeing some lawyers put on their little outfits with the cock aimed nooses and their slick watches and do their best cash hunting scheme. Dead kid though, nah, I am not down with that. Shouldn't take that for lawyers and government to take notice... People need to send more kites, the good people, to authorities, like we did last night to check on GVH Jonny. Whole bunch of other agencies need a heads up and data.
drmike
100% Tier-1 Gogent
There was a customer email earlier that went out to GVH customers:
Code:
Dear Valued Client,
It with our greatest remorse that we are sending you this email today to
inform you regarding a breach of security that has occurred on
GreenValueHost systems, resulting in a possible release of customer
information and the rollback of data stored on our WHMCS client area
and SolusVM VPS Control Panel.
This breach occurred yesterday (June 23) around 7:00 PM CST (Central Time).
Our technicians immediately began working on the issue at hand and was able
to salvage data from recent backups to bring ourselves back online and
running.
Our WHMCS client area has been restored from a backup that was taken
10 minutes BEFORE the breach. As far as we are aware, there is NO client
sensitive data from our billing/support system being distributed. Our
WHMCS database was 'dumped' into a publicly accessible domain under secure.
banned-url, however after after further investigation we've gotten to
these conclusions regarding the sql dump:
1. The dump was created and brought offline DURING THE SAME MINUTE.
One of our ex-staff members Jack has managed to coincidentally
(as verified by evidence) discover the dump URL, passed it onto Jon,
which promptly resulted in the server being immedaitely shut down.
A few hours later, the server was turned back on and the sql dump was
immediately removed.
2. After scanning logs, it appears that Jack and Jon were the only two
people (the hacker, apparently, did not yet test the sql dump) that
accessed the URL. Therefore it is concluded that client data from our
billing/support system is SAFE.
Our SolusVM VPS control panel/administrative area has been restored
from a backup taken 10 hours BEFORE the breach occured.
(New login URL: https://104.131.252.131:5656)
There is a flurr of rumors out in public that a copy of our admin table
database has been leaked to a public pastebin URL. At this time we
cannot confirm that the admin table that was leaked is authentic,
however it looks to be forged as the table is not completely accurate
and is missing some information that should be there. From the
information we were able to gather from the SolusVM server, we have
concluded that the hacker whom compromised the server spent little
time in this server as well and performed commands such as rm -rf
to delete crucial folders.
Although we are able to confirm that no data has been stolen/leaked
from our WHMCS billing/support database, we are unsure of whether or
not data has been stolen/leaked from our SolusVM database. It appears
likely not, as what's been "leaked" appears inaccurate/incomplete on
top of the fact that the entire operation of compromising and exploiting
our systems was a "rushjob" -- The hacker knew that he had little time
to do damage and thankfully wasn't able to do much damage at all
(Nodes appear completely untouched from Solus; we are still verifying this)
Despite our doubts that much has been done in the compromise in our
systems, we don't want to take any chances. We care about your security,
your privacy, and your safety. As of this notice, we are enabling the
"Disable MD5 Clients Password" option in WHMCS which will force all
clients to request a password reset before they are able to successfully
log in to the client area. This, as a security precaution, will remain in
place for another 24-48 hours. Clients are also advised to change their
SolusVM VPS control password AS SOON AS POSSIBLE, as we are unaware of
an option to force password resets for SolusVM.
At this time we are still working on restoring SolusVM to full working order.
We are aware that it is not fully usable right now, but we wanted to get
an update out as quickly as possible for the well being of our clients.
We can assure you that all data, although some may be rolled back, CAN be
fully recovered and we have NOT lost control of any of our systems. They are
more secured than ever, with additional heightened security measures still
being put into place as we continue to sort things entire situation out.
If any of your client data has been rolled back or not applied
(such as invoices from automated subscriptions during site downtime, or
SolusVM changes AFTER SolusVM is sorted), please contact us. Again, we are
still working on getting everything sorted and would like to take this
opportunity to let our clients know what has happened, and how we're
proceeding to resolve things. We will be sending ANOTHER email shortly
notifying clients of the completion of SolusVM data restoration, any further
information from our investigation, and how we will be moving on from there.
In the meantime, we are greatly sorry for any inconveniences these events
have/may cause and we appreciate your continued patience, understanding,
and patronage throughout this ideal.
Any questions, comments, or concerns can be addressed to us through our
helpdesk ticket system at https://secure.banned-url/submitticket.php
Thank You,
The GreenValueHost Team
Last edited by a moderator:
drmike
100% Tier-1 Gogent
That's a funny line... It isn't my handiwork / writing.
Unsure what the situation was and why hackerperson didn't do more/worse... Did the fellow know something was up? Well, I did send GVH a PM as soon as the admin dump came out.... and someone at GVH immediately cut backups at that point... so possible they collided and hacker saw someone in the box.... Unsure, but potential is there.
DomainBop
Dormant VPSB Pathogen
Jon Nguyen said in January:
Vice President of Operations $143,000
Vice President $130,000
Director of Operations $105,000
Senior System Administrator $83,000
Linux Systems Administrator $79,000
Server Administrator $65,000
System Administrator $61,000
U.S. Median Income $39,500
Cashier Burger King NYC $26,000
Cashier Buger King $21,000
GreenValueHost System Administrator $19,200
Fast Food Cook $18,900
US Minimum Wage $15,080
Posted on LET today:
Some Perspective (US average salaries):
Vice President of Operations $143,000
Vice President $130,000
Director of Operations $105,000
Senior System Administrator $83,000
Linux Systems Administrator $79,000
Server Administrator $65,000
System Administrator $61,000
U.S. Median Income $39,500
Cashier Burger King NYC $26,000
Cashier Buger King $21,000
GreenValueHost System Administrator $19,200
Fast Food Cook $18,900
US Minimum Wage $15,080
Burger King cashiers make minimum wage as do everyone else. Perhaps you meant shift supervisors?
$8164 is what an average BK employee will make in a year with 20 hrs a week average at $7.85 / hr (or at least in my local franchise it was like that)
The nostalgia of fryers. Definitely don't miss cleaning them lol.
k0nsl
Bad Goy
He he... “[...] our technicians immediately began working on the issue at hand”...wasn't the truth more like, “I desperately sought help with the issues and was contacted by a random forum guy from LET, who then immediately began working on the issue at hand”? Ya, that's more in line with the truth :lol:
drmike
100% Tier-1 Gogent
opcorn: Come one now... We're all capable of remembering when I called him out, about outsourcing... about exploting those Indians (ColoCrossing's Indians no less)... In case you forgot
All hell ensues and well another shut thread....Glad we haven't had the VPSB drinking game but a day.
... and WHT had a fire thread about it also, and tore him a new sphincter over the 100+ years of experience.
Indians you pay them not much and they are rich. Whole teams, 24/7 staffing, meh, $1k a month.
As for the non Indians, what isn't volunteer, people being kind, has been probably youngsters. They live at home, don't know what bills are, etc.
This is what fuels and enables the LowEnd and that outfit in Buffalo
As always, I remind everyone to look at that child labor / exploitation topic we did on here a while ago.. It applies
Aldryic C'boas
The Pony
That's absolutely insane. So now their next DB leak (face it, those jokers aren't going to find the point of compromise) is going to have plaintext passwords.
I hope those of you that did feel pity for this kid's drama antics are regretting it now.
I hope those of you that did feel pity for this kid's drama antics are regretting it now.
Yep, he has no real employee assets. I have been slipping little comments like this for the past few weeks and he never calls me out on being wrong, and seems to stop commenting.
AThomasHowe
New Member
You sound surprised... WHMCS is a pretty big piece of shit. You should be more surprised MD5 is even an option...
Someone find Jon a river to cry in. http://www.webhostingtalk.com/showpost.php?s=787a9dd4dafed4ee4ce5148df5c6f0ca&p=9156943&postcount=51