LxCenter Forum: Old LxLabs & LxCenter Consortium

HyperVM & Kloxo Support

Forum

Members

Help

Home

Home » Archive » Old LxLabs & LxCenter Consortium » Ticket system hack

Show: Today's Messages :: Show Polls :: Message Navigator

Ticket system hack [message #60859]

Wed, 01 April 2009 20:08

adminmaster

Messages: 102
Registered: July 2005

Valuable Member
Administrator

Unfortunately our ticketing system had the same password that we used for our webhostingtalk.com account, and the hashed username, password of the webhostingtalk.com has been floating on the net for some time.

So somebody accessed our ticketing system and has been posting rude replies on the tickets.

There is no security issue other than this. We really apologize for the inconvenience. If you had posted your server IP and the password, please change it.

Thanks.

[Updated on: Fri, 12 June 2009 16:37] by Moderator

Report message to a moderator

Re: Ticket system hack [message #60875 is a reply to message #60859]

Wed, 01 April 2009 20:44

adminmaster

Messages: 102
Registered: July 2005

Valuable Member
Administrator

There was a small disconnect in our thinking about security.

Our ticket system password wasn't complex. But it wouldn't have been a problem, since normally
password-hacking-bots are run on ssh, and if somebody had run a bot on our ticket system we
would have found it out easily. But after the wht hack, our password got found out without
accessing the system.

So the problem is that two things went wrong and our thinking didn't encompass both of them
together.

But it is our fault still, and we really apologize for the inconvenience.

Thanks.

Report message to a moderator

Re: Ticket system hack [message #60928 is a reply to message #60859]

Thu, 02 April 2009 08:02

markhard

Messages: 288
Registered: May 2007
Location: Netherlands

Senior Member

what is being affected by this hack? other than the tickets is exposed to the hacker?

does the hacker have access to lxlabs/hypervm update server?

HalfDedi • Simplifying Web Hosting
VPS Hosting and Shared Web Hosting Solution
http://www.halfdedi.com

Report message to a moderator

Re: Ticket system hack [message #60929 is a reply to message #60859]

Thu, 02 April 2009 08:09

hanylord

Messages: 19
Registered: December 2008

Member

Thank to god i not post any information but i got new reply i think it's from that hacker

Report message to a moderator

Re: Ticket system hack [message #60931 is a reply to message #60859]

Thu, 02 April 2009 08:55

markhard

Messages: 288
Registered: May 2007
Location: Netherlands

Senior Member

also, does the questions sent to lxhelp@lxlabs.com also compromised?

HalfDedi • Simplifying Web Hosting
VPS Hosting and Shared Web Hosting Solution
http://www.halfdedi.com

Report message to a moderator

Re: Ticket system hack [message #60933 is a reply to message #60931]

Thu, 02 April 2009 09:47

Lxhelp
Messages: 23691
Registered: July 2006

The Champion

No.

Only the ticket admin password was found. Other than that absolutely nothing was compromised.

Our update system is a totally different server.

On Thu, Apr 02, 2009 at 12:55:25PM -0000, MarkHard wrote:
>
>
> also, does the questions sent to mailto:lxhelp@lxlabs.com also compromised?
> --
> HalfDedi • Simplifying Web Hosting
> VPS Hosting and Shared Web Hosting Solution
> http://www.halfdedi.com
>

Report message to a moderator

Re: Ticket system hack [message #60950 is a reply to message #60859]

Thu, 02 April 2009 13:35

impactgc

Messages: 456
Registered: July 2007
Location: Meriden, CT USA

Master
Developer

Quote:

I hope you don't put the same thinking in your product.

End of last year I login to my control panel and come to find a VPS missing. IT was deleted.. I added a support ticket and was told that someone got my password and logged in. My password was not simple nor was it given to anyone.. Only one other person who knows the password- -- just incase I get by a bus Smile

I am wondering now..

Adam

Thanks,
Adam
Impact Global Communications, LLC
Adam@igchosting.com

Report message to a moderator

Re: Ticket system hack [message #60957 is a reply to message #60950]

Thu, 02 April 2009 14:03

Lxhelp
Messages: 23691
Registered: July 2006

The Champion

Quote:

On Thu, Apr 02, 2009 at 05:35:45PM -0000, Adam wrote:
>

> I hope you don't put the same thinking in your product.
>
> End of last year I login to my control panel and come to find a VPS missing. IT was deleted.. I added a support ticket and was told that someone got my password and logged in. My password was not simple nor was it given to anyone.. Only one other person who knows the password- -- just incase I get by a bus :)
>
> I am wondering now..

If hyperVM had an issue, it would be public. We are very particular about making everything public. We are even ready to pay for vulnerabilities, which the person can then make public.

thanks.

Report message to a moderator

Previous Topic:	Lxadmin promotion $3 for unlimited domains
Next Topic:	no support for paid customers?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed May 22 01:29:25 EDT 2013

Total time taken to generate the page: 0.01166 seconds

.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !