Hostrail / BUDGETGEEK TELECOMS LIMITED allegedly hacked

drmike

100% Tier-1 Gogent
Ongoing Lowendtalk.com thread worth noting:

http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info

It involves mtwiscool (who is banned from there and vpsBoard) and issues involving his company.

Alleged his WHMCS database has been dumped.

Heads up since usually when this happens indicates a vulnerability in open floating around. 

Keep extra eyes and efforts on securing your WHMCS installations.
 

PortCTL

New Member
Ongoing Lowendtalk.com thread worth noting:

http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info

It involves mtwiscool (who is banned from there and vpsBoard) and issues involving his company.

Alleged his WHMCS database has been dumped.

Heads up since usually when this happens indicates a vulnerability in open floating around. 

Keep extra eyes and efforts on securing your WHMCS installations.
Well, the WHMCS he was using was outdated...
 

Jasson.Pass

New Member
Ongoing Lowendtalk.com thread worth noting:

http://lowendtalk.com/discussion/42912/hostrail-budgetgeek-info

It involves mtwiscool (who is banned from there and vpsBoard) and issues involving his company.

Alleged his WHMCS database has been dumped.

Heads up since usually when this happens indicates a vulnerability in open floating around. 

Keep extra eyes and efforts on securing your WHMCS installations.
That would be scary if there is a new 0day in wild
 

drmike

100% Tier-1 Gogent
That would be scary if there is a new 0day in wild
Yeah it would.  To think someone sent me a blog style post about upcoming WHMCS release prior to this hack-a-roo.   My math has known vuln floating.  Only way I'll see it is from data dumped.

Those dumping things, send your friend drmike a copy for his analysis.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
That would be scary if there is a new 0day in wild
While true, it's more likely that he was probably using a nulled/cracked version of WHMCS to begin with that was exploited.

If there was a new 0day in the wild I do not imagine Hostrail is a target worth using it on. I mean... seriously, how many people could have really been dumb enough to board that train given the history of the original brand, and the history of the person who is now using that name for a different brand? What is the number of people who may be impacted by using it on them? <100?

Anyone want to come work for me? My new company is called ENRON..
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
While true, it's more likely that he was probably using a nulled/cracked version of WHMCS to begin with that was exploited.
According to a post on LET and an email he sent out advising users to reset their passwords , it has do to him doing the same thing that a majority of low end providers and 1-man shops do: giving a poorly vetted contractor admin access.

email:

"You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."

Heads up since usually when this happens indicates a vulnerability in open floating around.
Since we're talking about a low end provider, I'm going to disagree.  The main reasons for data breaches in that sector (and with many higher priced 1-man shops) are probably 1. poorly vetted contractors the owner met on IRC/Skype/forums being given the keys to the palace (think Jonny and GVH) , 2.  people who don't know their ass from a hole in the ground when it comes to security (think Harzem and FraudRecord), closely followed by 3. people not applying security fixes in a timely manner (sometimes weeks, months later).
 
Last edited by a moderator:

mikho

Not to be taken seriously, ever!
A post over at LET had images of a teamviewer session showing how someone with admin access to WHMCS let the other part of named session download a database dump.


I have reasons to believe who the two "gentlemen" are and I have adviced Matthew to report this breach to the police and have it investigated.


It was not a vulnerbility used to get the database dump n
 

Munzy

Active Member
A post over at LET had images of a teamviewer session showing how someone with admin access to WHMCS let the other part of named session download a database dump.


I have reasons to believe who the two "gentlemen" are and I have adviced Matthew to report this breach to the police and have it investigated.


It was not a vulnerbility used to get the database dump n
Who you thinking done it?
 

Munzy

Active Member
I really don't like that guy honestly, he has posted a few things clearly showing he has a lack of understanding of full computer networks and how they intermix, yet runs a hosting company.
 

drmike

100% Tier-1 Gogent
I find it surprising that kcaj is being implicated.  I always found him to be alright and above board.

I have to go give my eyeball time to Lowendtalk to get caught up.   Riveting man opera.

@DomainBop, you just have to stop it.  I give you thanks every day :)   Right about access doled out and bad practices. That last part about not being patched, not exclusive to sLowEnders.  Way too common.

@mikho  these Teamviewer or other related software - was it clear who is being implicated as culprit?
 

Lee

Retired Staff
Verified Provider
Retired Staff
I find it surprising that kcaj is being implicated.  I always found him to be alright and above board.
He was, and was the one that posted up the screenshots, hence why they are both suspended.  All things aside and like I have said before, for me as a mod at LET that kind of shit has to go.  

Ok, Matthew is hardly a role model for hosting services and he is hard work but has he ever stolen, ran away, tried to scam people.  No, or not that I am aware of.  Misguided at worst and too trusting of some people.  And it's that trust that led to this.  Which is not fair on any provider to have their systems exposed like that and LET is no longer the place to do it.

In addition that FR report he made about Tom for doing this has been removed after I asked that he rise above this and delete it.

https://www.fraudrecord.com/api/?showreport=5a97456bc264f109
 

bm11

New Member
"You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."
Mother of god.

If I ever got an email like this from a provider I'd run away as fast as I could.

Left screenshare on? Dude...
 
Last edited by a moderator:

mikho

Not to be taken seriously, ever!
Mother of god.

If I ever got an email like this from a provider I'd run away as fast as I could.

Left screenshare on? Dude...
That wasn't mtwiscool who left screenshare on.... so don't get your panties in a twist :)
 
  • Like
Reactions: Lee

drmike

100% Tier-1 Gogent
Mother of god.

If I ever got an email like this from a provider I'd run away as fast as I could.

Left screenshare on? Dude...
Tis the life of those afflicted with autism.

""You need to click forgot my password to login to your accounts due to a admin given details out(left screenshare on). All passwords are md5(salted) and we have locked the admin out. They is no payment details prosseed by the website so thoes can not be leaked."

[SIZE=13.63636302948px] I need my English accent announcer to read this to me with the worst possible hard core British accent possible.  Perhaps then I'll understand.[/SIZE]

[SIZE=13.63636302948px]But kindly and for education purposes,  the public, the customers, even the dorks do not care about screenshare.   They rightly believe you are some deviant who like to cam with his pants off when you go to "screensharing". [/SIZE]

[SIZE=13.63636302948px]The md5 salted, the public hafn't ate dos nuts eva.   They prefer peanuts.[/SIZE]

[SIZE=13.63636302948px]Prosseed is an interesting one. It was headed towards prostrate then seed came in and interrupted that bottom up inspection.[/SIZE]

[SIZE=13.63636302948px]Now for all that kickballing of mtwiscool's nervousness, gift, autism, lack of literacy perhaps, what can I say - the kid emailed his customers to try to convey he was victimized and customer data was involved.  Well he sort of did.  Really![/SIZE]

[SIZE=13.63636302948px]I can think of a long list of companies that didn't when they public shared and instead practiced chirping like crickets in the corner.[/SIZE]

[SIZE=13.63636302948px]mtwiscool isn't that bad all said.  Whoever dinged him like this should be ahh ashamed.  But the lad allegedly who did is 14, probably similarly gifted. Kcaj though I think got implicated indirectly by rapping to both parties.[/SIZE]

[SIZE=13.63636302948px]Do I condone bans? Meh. It's LET, let them have at it over there. Poor Lee.... [/SIZE]

I'm relieved as is there isn't a zero day but a zero class. ;)  
 
  • Like
Reactions: Lee

Lee

Retired Staff
Verified Provider
Retired Staff
 


[SIZE=13.63636302948px]Do I condone bans? Meh. It's LET, let them have at it over there. Poor Lee.... [/SIZE]
It's not a ban for either, a suspension.  Unfortuantely Vanilla only does a ban.

But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out :p
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
 



But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out :p
VPSBoard already sent you as a gift of gratitude for your generosity. :p

I have adviced Matthew to report this breach to the police and have it investigated.
Hopefully he follows through and takes your advice since the two people in question are also in the UK.
 

drmike

100% Tier-1 Gogent
 



It's not a ban for either, a suspension.  Unfortuantely Vanilla only does a ban.

But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard.  No need to thank me, just trying to help you out :p
Oh no, we don't do skids and teenagers around here, at least knowingly.  Hell I even slap folks pimping them as staff, unless the "owners" are their same aged peer group.  We are alright with the grown a bit borderline researcher / academic pursuer.  Straight up screen sharing open terminals and such, meh,  dumb and no, keep those folks please.  :)

We are thankful, kind of you to share the joy, reddit perhaps is the more suitable place to direct them. :)  Hackforums definitely is proper. Sure other folks can make a parting list for directing the folks, ehh deflecting them.

Seriously, why the change of face and audience attempt at LET?   Sounds like corporate ownership is getting butt tight.  But I seriously endorse the move, knowing some people are going to get hard whacked and rolled down a hill. INVEST NOW IN POPCORN FUTURES and toothpicks.
 

Lee

Retired Staff
Verified Provider
Retired Staff
Seriously, why the change of face and audience attempt at LET?   Sounds like corporate ownership is getting butt tight.  But I seriously endorse the move, knowing some people are going to get hard whacked and rolled down a hill. INVEST NOW IN POPCORN FUTURES and toothpicks.
It's not so much a change of face or even audience.  It's more about changing perceptions.  LET has always been seen as the easiest place to cause drama and this episode demonstrates that.

Drama is one thing, malicious intent is another.  And as people run around claiming there is some agenda behind my actions on LET I can assure you that the facts I have and the stories being told do not match.  I am not someone who bans/suspends without being able to evidence why.

Take your malicious or just for the lulz to cause shit with someone elsewhere, for everything else it remains business as usual at LET.  

To be honest I really don't think I have changed much in this respect, if anything I am just probably a bit more vocal than other mods/admins have been when something like this happens.  Which in turn attracts attention.
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
It's not a ban for either, a suspension. Unfortuantely Vanilla only does a ban.


But don't feel sorry for me, LET is trying to change, I am going to do my best to move all this kind of shit over to VPSBoard. No need to thank me, just trying to help you out :p
Hehe.... how about a pass on that? Lets leave that for hackforums.
 
Top