HostNun Abbey Violated by WHMCS Insecurity

[drmike]

It appears tail end of October that HostNun was another, ehh victim of WHMCS insecurity.  Prayer probably isn't going to make things better in this instance.

1:HN-Matt:[email protected]:0d12d19d25f7a455a7f91166d365ca
2:HN-Laura:[email protected]:12a4e0bb36c4b9ae82a28f09b7572d
4:HN-Yekaterina:[email protected]:15d40d77ebff4eb9a9712d410b3174

NOTED:  [email protected] in the data....  Ho hum.

Edited:  last long value is actual hash..

 

[Tux]

That HN-Yekaterina entry looks mighty suspicious.

 

[SrsX]

Now, a prayer for our friends at HostNun.

 

[drmike]

That HN-Yekaterina entry looks mighty suspicious.

Oh do share with the vpsBoard community why  

 

[DomainBop]

That HN-Yekaterina entry looks mighty suspicious.

Oh do share with the vpsBoard community why

Duh, Yekatarina Samutsevich.  This whole HostNun charade was the blasphemous work of PussyRiot.

another, ehh victim of WHMCS insecurity

If proper notification procedures weren't followed then the customers were the real victims.

 

[drmike]

Duh, Yekatarina Samutsevich.  This whole HostNun charade was the blasphemous work of PussyRiot.

If proper notification procedures weren't followed then the customers were the real victims.

Yekatarina is a ~ Russian name with some popularity.  Thought we knew someone in the low end world with such a handle/name...

As for customers, unsure if in this mass compromise (there were tons more companies involved) if anything further was seen/borrowed/copied.  A pastebin'ing of the info included just the admin info.

 

[DomainBop]

(there were tons more companies involved) if anything further was seen/borrowed/copied.  A pastebin'ing of the info

Found it by searching   The humorous thing is the hacker added the Alexa rankings of all the sites he hacked to his paste.  I didn't realize that Alexa rankings were the new source of epenis power in the hacker community. ("ooh, look at me, I just hit a site ranked xxx,xxx.  You jealous?") 

Other low end sites on that paste: PremiumVM.com, ProvisionHost.com

 

[drmike]

Other sites on that paste: ServerHub.com

PremiumVM.com keeps getting banged up.   Dom's old folded company...  Ho hum.

Alexa ranking Nearly entirely flawed crap rank, unless they are mass buying/pilfering DNS lookups and other stuff to make it worthwhile.  Alexa toolbar installation base has to be dwindling.

 

[XFS_Duke]

Heh, if you see any of my sites on there, let me know... I'm sure they aren't though... lol

 

[SPINIKR-RO]

Why is GVH listed there?

 

[vRozenSch00n]

Found it through Google. It's quite a long list of lost souls.  I hope they will find a good place in the cloud 

 

[drmike]

Why is GVH listed there?

Cause clearly what happens in Buffalo, stays in Buffalo.

Land of leaks up there with providers.

Now I will say HostNun did bail/move from HVH.  After doing such there was conversation on LET where GVH said they'd welcome HostNun back anytime.  Some other provider chimed in and said about the HostNun owner/operator and alluded to massive problems his company had with such and said  BEWARE.

I would hope that GVH isn't in current database and I doubt 'Nuns current provider is up in the admin like that.

 

[Virtovo]

So many hosts hit by the the WHMCS exploitathon.  I wonder how many hosts have not disclosed their breaches or are even aware customer data was stolen.  I know honest companies that disclosed their breaches were hurt financially.  The industry is the wrong way round.

 

[drmike]

Word has it other Buffalo hosts may be working with the FBI.  Couple of folks have had FBI come knocking about one of the companies hacked.

Nice to see Bufftards use government bully muscle while ignoring the laws about cleaning up and reporting the hacks to other government agencies.

Frankly, if providers had their heads on straight they'd class-action sue WHMCS and SolusVM for being moderately sloppy and ignoring practice and having regular audits.  

I fully expect to see many more hacks in 2014 involving both pieces of software.

 

[vRozenSch00n]

So many hosts hit by the the WHMCS exploitathon.  I wonder how many hosts have not disclosed their breaches or are even aware customer data was stolen.  I know honest companies that disclosed their breaches were hurt financially.  The industry is the wrong way round.

There is a saying in my country "If a lamb was stolen from you, don't report it to the authority. Otherwise you will lose another cow"

 

[SrsX]

Word has it other Buffalo hosts may be working with the FBI.  Couple of folks have had FBI come knocking about one of the companies hacked.

Nice to see Bufftards use government bully muscle while ignoring the laws about cleaning up and reporting the hacks to other government agencies.

Frankly, if providers had their heads on straight they'd class-action sue WHMCS and SolusVM for being moderately sloppy and ignoring practice and having regular audits.  

I fully expect to see many more hacks in 2014 involving both pieces of software.

That would be Blacklotus -- Blacklotus was breached by Vypor aka Taylor Hayden Smyth - a 16 year old kid, he proceeded to compromised more then 15 hosts and "dox" the hosting company owners and staff(release all their detaisl).

Blacklotus requested he removed the database backup, he told them to, and I quote fuck off - therefore Blacklotus took it in to their hands to contact the FBI. In addition there was over $20k in fake orders processed before Blacklotus knew they were compromised.

 

[HostUS-Alexander]

Its sad to see this happen to web hosts.

- Alexander

 

[drmike]

 

That would be Blacklotus -- Blacklotus was breached by Vypor aka Taylor Hayden Smyth - a 16 year old kid, he proceeded to compromised more then 15 hosts and "dox" the hosting company owners and staff(release all their detaisl).


 


Blacklotus requested he removed the database backup, he told them to, and I quote fuck off - therefore Blacklotus took it in to their hands to contact the FBI. In addition there was over $20k in fake orders processed before Blacklotus knew they were compromised.

Interesting story. I won't comment on the above Smyth. He showed up elsewhere and keeps doing such. I have my doubts/questions.


I know CC for a fact is FBI involved and had active field agents bothering people. Part of the stupidity involved the CVPS hacks. Seems like someone up there doesn't mind wasting federal resources and wrongly bothering people. Shame. False accusations, lack of proof, etc.


Clearly the FBI has found the lack of proof too. Hopefully Buffalo contacts get burned for misuse like they have.

 

[SrsX]

 


Interesting story. I won't comment on the above Smyth. He showed up elsewhere and keeps doing such. I have my doubts/questions.


I know CC for a fact is FBI involved and had active field agents bothering people. Part of the stupidity involved the CVPS hacks. Seems like someone up there doesn't mind wasting federal resources and wrongly bothering people. Shame. False accusations, lack of proof, etc.


Clearly the FBI has found the lack of proof too. Hopefully Buffalo contacts get burned for misuse like they have.

Well it's ironic - he got raided by the FBI in co-operation with Homeland Security.

 

[GVH-Jon]

In case anyone is wondering, "eus" stands for End User Support. We offer End User Support to our resellers free of charge.