amuck-landowner

GreenValueHost becoming ColoCrossing, dumping providers, etc.

Aldryic C'boas

The Pony
dontmiss.png


At least, I'm assuming it's the above.  That's been my only post there in hell, probably over a year.  Maybe they're just feeling especially insecure *shrug*.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Haven't been on LET today. Who all is banned? Why?

What's the deal with Jack? Confused.
Well I don't have a laundry list of the bans (wish they'd have a list in one place for offenders :) )

GVH Jonny received 30 days minimum jet cooling ban.

Aldryic received a ??? ban for telling Jonny to be a success in his death ventures.

Jack was in an administrator log posted yesterday by that Russian I do belive it was.  It was a list of people who did various things in admin capacity.

This morning roughly LET had a blow out with some info from GVH's wiped servers that showed Jack's server access a URL that did a database dump.  GVH Jonny had contacted Jack something like 30 minutes at least prior to that....

I outreached to Jonny and asked about the Jack situation and posted a chat excerpt to clear the air.
 

tonyg

New Member
dontmiss.png


At least, I'm assuming it's the above.  That's been my only post there in hell, probably over a year.  Maybe they're just feeling especially insecure *shrug*.

If that is the reason, they were covering their a** for any liability.

There was some case of a kid who committed suicide live on a forum (similar to this situation) and I believe the lawyers went hard after everyone involved including the forum owners.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
FULLY possible others exist.  But for now, in the past 24 hours and disclosure of current customer data, hasn't happened.
I'd be shocked if the majority of customer data hasn't been compromised/disclosed and probably more than once this year.

.

Let's see:

1. multiple hacks this year, GVRetards were unaware of the Dec/Jan hack until admin tables were posted yesterday

2.GVRetards didn't bother to take basic security precautions when they installed WHMCS and only hardened the install after the April hack,

3.yesterday's hacker partially rm -rf'd /var/log and then the full on total fucktard GVRetards apparently rebooted before completing a security audit so it is really impossible to know the full extent of the damage/compromise.

They should have hired a professional security team after this hack instead of relying on the same cast of  clown college dropouts who "audited" the April hack.

I think NickA had the best advice for Jonny on WHT today:

I have no bones to pick with Jon, although I would say he needs to find another line of business (after he grows up).
 

drmike

100% Tier-1 Gogent
If that is the reason, they were covering their a** for any liability.

There was some case of a kid who committed suicide live on a forum (similar to this situation) and I believe the lawyers went hard after everyone involved including the forum owners.
Yeah, probably what was up with the ban.... Now mind you, all the shit scams the owners of LET sit behind and count dineros from...    They had the ability to let GVH drown last time he left the nest... They brought him and liability back into their nest.  Like I've told someone over there, enablers. They are the pusher, servers are the drug.

No CC = no GVH.  No CC = no LET = no GVH.

This one time, I woudn't mind seeing some lawyers put on their little outfits with the cock aimed nooses and their slick watches and do their best cash hunting scheme.   Dead kid though, nah,  I am not down with that.   Shouldn't take that for lawyers and government to take notice...  People need to send more kites, the good people, to authorities, like we did last night to check on GVH Jonny.  Whole bunch of other agencies need a heads up and data.
 

drmike

100% Tier-1 Gogent
There was a customer email earlier that went out to GVH customers:

Code:
Dear Valued Client, 

It with our greatest remorse that we are sending you this email today to 
inform you regarding a breach of security that has occurred on 
GreenValueHost systems, resulting in a possible release of customer 
information and the rollback of data stored on our WHMCS client area 
and SolusVM VPS Control Panel. 

This breach occurred yesterday (June 23) around 7:00 PM CST (Central Time). 
Our technicians immediately began working on the issue at hand and was able 
to salvage data from recent backups to bring ourselves back online and 
running. 

Our WHMCS client area has been restored from a backup that was taken 
10 minutes BEFORE the breach. As far as we are aware, there is NO client
sensitive data from our billing/support system being distributed. Our 
WHMCS database was 'dumped' into a publicly accessible domain under secure.
banned-url, however after after further investigation we've gotten to 
these conclusions regarding the sql dump: 

1. The dump was created and brought offline DURING THE SAME MINUTE. 
One of our ex-staff members Jack has managed to coincidentally 
(as verified by evidence) discover the dump URL, passed it onto Jon, 
which promptly resulted in the server being immedaitely shut down. 
A few hours later, the server was turned back on and the sql dump was 
immediately removed. 

2. After scanning logs, it appears that Jack and Jon were the only two 
people (the hacker, apparently, did not yet test the sql dump) that 
accessed the URL. Therefore it is concluded that client data from our 
billing/support system is SAFE. 

Our SolusVM VPS control panel/administrative area has been restored 
from a backup taken 10 hours BEFORE the breach occured. 
(New login URL: https://104.131.252.131:5656) 

There is a flurr of rumors out in public that a copy of our admin table 
database has been leaked to a public pastebin URL. At this time we 
cannot confirm that the admin table that was leaked is authentic, 
however it looks to be forged as the table is not completely accurate 
and is missing some information that should be there. From the 
information we were able to gather from the SolusVM server, we have 
concluded that the hacker whom compromised the server spent little 
time in this server as well and performed commands such as rm -rf 
to delete crucial folders. 

Although we are able to confirm that no data has been stolen/leaked 
from our WHMCS billing/support database, we are unsure of whether or
not data has been stolen/leaked from our SolusVM database. It appears 
likely not, as what's been "leaked" appears inaccurate/incomplete on 
top of the fact that the entire operation of compromising and exploiting 
our systems was a "rushjob" -- The hacker knew that he had little time 
to do damage and thankfully wasn't able to do much damage at all 
(Nodes appear completely untouched from Solus; we are still verifying this) 

Despite our doubts that much has been done in the compromise in our 
systems, we don't want to take any chances. We care about your security, 
your privacy, and your safety. As of this notice, we are enabling the 
"Disable MD5 Clients Password" option in WHMCS which will force all 
clients to request a password reset before they are able to successfully 
log in to the client area. This, as a security precaution, will remain in 
place for another 24-48 hours. Clients are also advised to change their 
SolusVM VPS control password AS SOON AS POSSIBLE, as we are unaware of 
an option to force password resets for SolusVM. 

At this time we are still working on restoring SolusVM to full working order. 
We are aware that it is not fully usable right now, but we wanted to get 
an update out as quickly as possible for the well being of our clients.
We can assure you that all data, although some may be rolled back, CAN be 
fully recovered and we have NOT lost control of any of our systems. They are 
more secured than ever, with additional heightened security measures still
being put into place as we continue to sort things entire situation out. 

If any of your client data has been rolled back or not applied 
(such as invoices from automated subscriptions during site downtime, or 
SolusVM changes AFTER SolusVM is sorted), please contact us. Again, we are 
still working on getting everything sorted and would like to take this 
opportunity to let our clients know what has happened, and how we're 
proceeding to resolve things. We will be sending ANOTHER email shortly 
notifying clients of the completion of SolusVM data restoration, any further 
information from our investigation, and how we will be moving on from there. 

In the meantime, we are greatly sorry for any inconveniences these events
have/may cause and we appreciate your continued patience, understanding, 
and patronage throughout this ideal. 

Any questions, comments, or concerns can be addressed to us through our
helpdesk ticket system at https://secure.banned-url/submitticket.php 

Thank You,

The GreenValueHost Team
 
Last edited by a moderator:

sv01

Slow but sure
As far as we are aware, there is NO client sensitive data from our billing/support system being distributed
Our WHMCS database was 'dumped' into a publicly accessible domain under secure.banned-url
joke of the day.


The hacker knew that he had little time to do damage and thankfully wasn't able to do much damage at all
f
 

drmike

100% Tier-1 Gogent
joke of the day.


The hacker knew that he had little time to do damage and thankfully wasn't able to do much damage at all
That's a funny line... It isn't my handiwork / writing.

Unsure what the situation was and why hackerperson didn't do more/worse...  Did the fellow know something was up?   Well, I did send GVH a PM as soon as the admin dump came out.... and someone at GVH immediately cut backups at that point... so possible they collided and hacker saw someone in the box....  Unsure, but potential is there.
 

DomainBop

Dormant VPSB Pathogen
Jon Nguyen said in January:

We employ a talented and skilled team of systems administrators that are paid top dollar/expensive wages
Posted on LET today:

Jon said he pays all of his contractors 1600 a month, various levels such as support and system administration.
Some Perspective (US average salaries):

Vice President of Operations $143,000

Vice President $130,000

Director of Operations $105,000

Senior System Administrator $83,000

Linux Systems Administrator $79,000

Server Administrator $65,000

System Administrator $61,000

U.S. Median Income $39,500

Cashier Burger King NYC $26,000

Cashier Buger King $21,000

GreenValueHost System Administrator $19,200

Fast Food Cook $18,900

US Minimum Wage $15,080
 

Coastercraze

Top Thrill
Verified Provider
Jon Nguyen said in January:

Posted on LET today:

Some Perspective (US average salaries):

Vice President of Operations $143,000

Vice President $130,000

Director of Operations $105,000

Senior System Administrator $83,000

Linux Systems Administrator $79,000

Server Administrator $65,000

System Administrator $61,000

U.S. Median Income $39,500

Cashier Burger King NYC $26,000

Cashier Buger King $21,000

GreenValueHost System Administrator $19,200

Fast Food Cook $18,900

US Minimum Wage $15,080
Burger King cashiers make minimum wage as do everyone else. Perhaps you meant shift supervisors?

$8164 is what an average BK employee will make in a year with 20 hrs a week average at $7.85 / hr (or at least in my local franchise it was like that)

The nostalgia of fryers. Definitely don't miss cleaning them lol.
 

k0nsl

Bad Goy
He he... “[...] our technicians immediately began working on the issue at hand”...wasn't the truth more like, “I desperately sought help with the issues and was contacted by a random forum guy from LET, who then immediately began working on the issue at hand”? Ya, that's more in line with the truth  :lol:

There was a customer email earlier that went out to GVH customers:

Code:
Dear Valued Client, 

It with our greatest remorse that we are sending you this email today to 
inform you regarding a breach of security that has occurred on 
GreenValueHost systems, resulting in a possible release of customer 
information and the rollback of data stored on our WHMCS client area 
and SolusVM VPS Control Panel. 

This breach occurred yesterday (June 23) around 7:00 PM CST (Central Time). 
Our technicians immediately began working on the issue at hand and was able 
to salvage data from recent backups to bring ourselves back online and 
running. 

Our WHMCS client area has been restored from a backup that was taken 
10 minutes BEFORE the breach. As far as we are aware, there is NO client
sensitive data from our billing/support system being distributed. Our 
WHMCS database was 'dumped' into a publicly accessible domain under secure.
banned-url, however after after further investigation we've gotten to 
these conclusions regarding the sql dump: 

1. The dump was created and brought offline DURING THE SAME MINUTE. 
One of our ex-staff members Jack has managed to coincidentally 
(as verified by evidence) discover the dump URL, passed it onto Jon, 
which promptly resulted in the server being immedaitely shut down. 
A few hours later, the server was turned back on and the sql dump was 
immediately removed. 

2. After scanning logs, it appears that Jack and Jon were the only two 
people (the hacker, apparently, did not yet test the sql dump) that 
accessed the URL. Therefore it is concluded that client data from our 
billing/support system is SAFE. 

Our SolusVM VPS control panel/administrative area has been restored 
from a backup taken 10 hours BEFORE the breach occured. 
(New login URL: https://104.131.252.131:5656) 

There is a flurr of rumors out in public that a copy of our admin table 
database has been leaked to a public pastebin URL. At this time we 
cannot confirm that the admin table that was leaked is authentic, 
however it looks to be forged as the table is not completely accurate 
and is missing some information that should be there. From the 
information we were able to gather from the SolusVM server, we have 
concluded that the hacker whom compromised the server spent little 
time in this server as well and performed commands such as rm -rf 
to delete crucial folders. 

Although we are able to confirm that no data has been stolen/leaked 
from our WHMCS billing/support database, we are unsure of whether or
not data has been stolen/leaked from our SolusVM database. It appears 
likely not, as what's been "leaked" appears inaccurate/incomplete on 
top of the fact that the entire operation of compromising and exploiting 
our systems was a "rushjob" -- The hacker knew that he had little time 
to do damage and thankfully wasn't able to do much damage at all 
(Nodes appear completely untouched from Solus; we are still verifying this) 

Despite our doubts that much has been done in the compromise in our 
systems, we don't want to take any chances. We care about your security, 
your privacy, and your safety. As of this notice, we are enabling the 
"Disable MD5 Clients Password" option in WHMCS which will force all 
clients to request a password reset before they are able to successfully 
log in to the client area. This, as a security precaution, will remain in 
place for another 24-48 hours. Clients are also advised to change their 
SolusVM VPS control password AS SOON AS POSSIBLE, as we are unaware of 
an option to force password resets for SolusVM. 

At this time we are still working on restoring SolusVM to full working order. 
We are aware that it is not fully usable right now, but we wanted to get 
an update out as quickly as possible for the well being of our clients.
We can assure you that all data, although some may be rolled back, CAN be 
fully recovered and we have NOT lost control of any of our systems. They are 
more secured than ever, with additional heightened security measures still
being put into place as we continue to sort things entire situation out. 

If any of your client data has been rolled back or not applied 
(such as invoices from automated subscriptions during site downtime, or 
SolusVM changes AFTER SolusVM is sorted), please contact us. Again, we are 
still working on getting everything sorted and would like to take this 
opportunity to let our clients know what has happened, and how we're 
proceeding to resolve things. We will be sending ANOTHER email shortly 
notifying clients of the completion of SolusVM data restoration, any further 
information from our investigation, and how we will be moving on from there. 

In the meantime, we are greatly sorry for any inconveniences these events
have/may cause and we appreciate your continued patience, understanding, 
and patronage throughout this ideal. 

Any questions, comments, or concerns can be addressed to us through our
helpdesk ticket system at https://secure.banned-url/submitticket.php 

Thank You,

The GreenValueHost Team
 

drmike

100% Tier-1 Gogent
Jon Nguyen said in January:

Posted on LET today:

Some Perspective (US average salaries):

Vice President of Operations $143,000

Vice President $130,000

Director of Operations $105,000

Senior System Administrator $83,000

Linux Systems Administrator $79,000

Server Administrator $65,000

System Administrator $61,000

U.S. Median Income $39,500

Cashier Burger King NYC $26,000

Cashier Buger King $21,000

GreenValueHost System Administrator $19,200

Fast Food Cook $18,900

US Minimum Wage $15,080
:popcorn: Come one now...  We're all capable of remembering when I called him out, about outsourcing...  about exploting those Indians (ColoCrossing's Indians no less)... 

In case you forgot :)



All hell ensues and well another shut thread....Glad we haven't had the VPSB drinking game but a day. :)

... and WHT had a fire thread about it also, and tore him a new sphincter over the 100+ years of experience.

Indians you pay them not much and they are rich. Whole teams, 24/7 staffing, meh, $1k a month.

As for the non Indians, what isn't volunteer, people being kind, has been probably youngsters.  They live at home, don't know what bills are, etc.

This is what fuels and enables the LowEnd and that outfit in Buffalo

As always, I remind everyone to look at that child labor / exploitation topic we did on here a while ago.. It applies
 

DomainBop

Dormant VPSB Pathogen
We care about your security,your privacy, and your safety. As of this notice, we are enabling the

"Disable MD5 Clients Password" option in WHMCS which will force all


clients to request a password reset before they are able to successfully


log in to the client area. This, as a security precaution, will remain in

place for another 24-48 hours.
Stoopidassmuddafakkas! Valued customers, we care about your security so we're going to give our 1001 poorly paid skid GVH admins the opportunity to view your passwords...

Disable MD5 Clients Password

    For security client area passwords are irreversibly encrypted and cannot be viewed by admins, enabling this option will switch to reversible encryption allowing admins to view the password. When switching from irreversible to reversible clients will all be assigned a new password and will need to use password recovery.
Pay your workers peanuts get a bunch of brain dead baboons steering the ship...
 

Aldryic C'boas

The Pony
That's absolutely insane.  So now their next DB leak (face it, those jokers aren't going to find the point of compromise) is going to have plaintext passwords.

I hope those of you that did feel pity for this kid's drama antics are regretting it now.
 
Top
amuck-landowner