Results 1 to 25 of 33
Thread: SimplexWebs Hacked
-
04-26-2010, 05:20 PM #1Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 48
SimplexWebs Hacked
Not sure if this is the right section but:
https://www.simplexwebs.com/
Keep refreshing the page, they try to stop the hacker but he changes page back to hacked page, he has all client data etc..
-
04-26-2010, 07:22 PM #2Disabled
- Join Date
- Jan 2010
- Location
- mkdir /stash; cd /stash
- Posts
- 362
http://uploadir.com/u/cd260b5a
http://uploadir.com/u/7ea7e832
Some prints as its back now. Still not secure though.
-
04-26-2010, 09:42 PM #3Web Hosting Master
- Join Date
- Jun 2009
- Location
- UK: Oxford
- Posts
- 1,259
Oh dear =/
█ Garbott Ltd - Exceptional web development, hosting & consultancy services
-
04-26-2010, 09:47 PM #4Web Hosting Master
- Join Date
- Feb 2010
- Location
- Jakarta
- Posts
- 1,098
What a nightmare -.-'
Anyway their site is back up again now. Hope they fixed the problem or the site will be backed again.Web Hosting Business Guide Book - Getting & Managing Your First 1,000 Clients in Web Hosting
Enter Your cPanel Login & We'll Back It Up, Every Day! - SiteAutoBackup.Com
Got WHM instead? Enter your WHM login and we'll backup everything, everyday. It's simple.
-
04-27-2010, 03:03 AM #5Web Hosting Master
- Join Date
- Nov 2009
- Location
- Vista, CA
- Posts
- 1,060
WebIntellects - Fully Managed Dedicated and Virtual Private Servers since1999.
WebhostGIANT - LOW Cost Hosting
-
04-27-2010, 04:53 AM #6Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
Their *entire* site is WHMCS powered which leaves me wondering if perhaps they were running an older version that was vulnerable to something. Generally ultra-customized deployments of software don't get updated as often as they should just due to how much work it is to upgrade... Also it doesn't help that WHMCS never releases security information and simply releases new versions with "New Features and Updates"... I have personally known of several major SQL injection issues that WHMCS has patched over without letting anybody know...
Ultimately I doubt we'll ever find the root cause, but if we do - I'm curious if it's due to an outdated WHMCS.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-27-2010, 05:10 AM #7Web Hosting Master
- Join Date
- May 2008
- Location
- Melbourne, Australia
- Posts
- 10,629
Their business has not been that active:- Registration 2009-06-28
Even thought this has nothing to do with their "Time in Activeness" it might determine their knowledge here, why would a hacker target simplexwebs?
Wonders, thought Mike does have a valid point on vulnerabilities.██ l Dedigeeks • Shared • Wordpress • Dedicated • Established 2006
██ l Leading AUSTRALIAN Hosting Provider • Sydney & Melbourne Datacentres
██ l cPanel/WHM • R1Soft Backups • 24/7/365 Support • SMS Hosting Alerts*
██ l www.dedigeeks.com • Managing Director • Service Superstars
-
04-27-2010, 05:22 AM #8Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
The domain is licensed for WHMCS so they would have to be running at least 3.6.1+ which aren't affected by this: http://packetstormsecurity.org/1004-.../whmcs-sql.txt
There could be any number of things from the attacker gaining access via a leaked password, keylogger, sniffing FTP passwords over network, who knows what. It could even be a disgruntled employee or somebody who had access at the server at one time or another to do some work.
It's really hard to guess without being on the inside.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-27-2010, 07:10 AM #9Web Hosting Master
- Join Date
- May 2008
- Location
- Melbourne, Australia
- Posts
- 10,629
There could be any number of things from the attacker gaining access via a leaked password, keylogger, sniffing FTP passwords over network, who knows what. It could even be a disgruntled employee or somebody who had access at the server at one time or another to do some work.██ l Dedigeeks • Shared • Wordpress • Dedicated • Established 2006
██ l Leading AUSTRALIAN Hosting Provider • Sydney & Melbourne Datacentres
██ l cPanel/WHM • R1Soft Backups • 24/7/365 Support • SMS Hosting Alerts*
██ l www.dedigeeks.com • Managing Director • Service Superstars
-
04-27-2010, 08:05 AM #10New Member
- Join Date
- Apr 2010
- Posts
- 3
Is it recovered on your website?
-
04-27-2010, 08:11 AM #11Web Hosting Master
- Join Date
- May 2008
- Location
- Melbourne, Australia
- Posts
- 10,629
Is it recovered on your website?██ l Dedigeeks • Shared • Wordpress • Dedicated • Established 2006
██ l Leading AUSTRALIAN Hosting Provider • Sydney & Melbourne Datacentres
██ l cPanel/WHM • R1Soft Backups • 24/7/365 Support • SMS Hosting Alerts*
██ l www.dedigeeks.com • Managing Director • Service Superstars
-
04-27-2010, 08:26 AM #12Reseller Hosting Specialist
- Join Date
- Jun 2005
- Location
- New York
- Posts
- 2,883
█ XeHost.net - Hosting websites since 1999!
█ Shared Hosting, Cloud Hosting, Reseller Hosting, VPS Hosting, and Dedicated Servers
█ End-User Support, WHMCS, and WHMReseller Available on Reseller Plans!
█ Follow us on Twitter - new special every Sunday! @XeHost
-
04-27-2010, 08:43 AM #13Disabled
- Join Date
- Apr 2010
- Posts
- 24
All i am thinking right now is that it is really scary that this type of thing can happen
It just goes to show how carefull we need to be, and how hard we have to work to make sure that high levels of security are maintained...
-
04-27-2010, 10:26 AM #14Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
Depending on what data was stored - the attacker having any client data is definitely not a good prospect either way. They would have your hosting account details (cPanel username+password unless you've changed it inside cPanel without updating the support system), mailing address, phone number, email address, etc...
The unfortunate thing is that no matter how well you protect yourself and no matter the size of the company this can and will eventually happen at some time or another. As with anything in life it's always a gamble.
In my honest opinion any provider claiming to be "hack proof" or "hacker safe" is just begging for somebody to prove them wrong. I'm not sure that the site did say either but from the message that was posted on the site while it was defaced ... I would say somebody felt that Simplex needed sent a strong message... Why? I don't know.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-27-2010, 10:38 AM #15Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 48
On various forums that they post on they about how secure they are and how good their techies are.
By doing so I believe it made them a target straight away.
-
04-27-2010, 11:54 AM #16Web Hosting Master
- Join Date
- Nov 2009
- Location
- Cincinnati
- Posts
- 1,585
Like Mike had mentioned it looks like they built their entire site off the WHMCS framework, perhaps they left a security issue for SQL injection.
'Ripcord'ing is the only way!
-
04-27-2010, 01:26 PM #17Marketing Maestro
- Join Date
- Dec 2007
- Location
- Isle of Man
- Posts
- 3,068
-
04-28-2010, 04:42 AM #18Disabled
- Join Date
- Jan 2010
- Location
- mkdir /stash; cd /stash
- Posts
- 362
https://www.simplexwebs.com/pdf/27-april-incident.pdf Thats the pdf release.
They were hacked for a reason, that reason i heard was due to boasting, putting others down, and using threats to get other companies.
Yet also they have no root access to any boxes. nor know what the hell there actually doing!!
-
04-28-2010, 12:46 PM #19Marketing Maestro
- Join Date
- Dec 2007
- Location
- Isle of Man
- Posts
- 3,068
-
04-28-2010, 09:37 PM #20Disabled
- Join Date
- Jan 2010
- Location
- mkdir /stash; cd /stash
- Posts
- 362
We were not hacked, but correct some of this has caught up with us which we are no longer going to be caught up in.
Whatever did go on was due to some reason which we will not ever fully know, but lets hope they continue to provide such good service as they did.
-
04-29-2010, 02:57 AM #21Junior Guru Wannabe
- Join Date
- Aug 2009
- Location
- Riverside, CA
- Posts
- 35
Scary stuff man. Just goes to show that diligence is the key to security. You have to actually care, lol.
Webcave Hosting - Today's Gateway to Perfect Hosting!
*Non-Oversold Shared hosting *Dedicated Servers *Web Design *Domain Names
24/7/365 LIVE Technical Support/Sales via phone, live chat, email and ticketing system.
30-Day Money back guarantee, 99.99% uptime SLA. - WebCaveHosting.com
-
04-29-2010, 03:35 AM #22Disabled
- Join Date
- Dec 2007
- Posts
- 3,597
-
04-29-2010, 11:35 AM #23Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 69
Hi all,
This was indeed a very big inconvenience for ourselves and customers, we're deeply sorry for any problems caused. This should have never happened in the first place - but we now know who caused this, how it happened and what damage was done. It was caused by a 'hidden' shell (hidden meaning we simply didn't come across it during audits - yes, that was a terrible thing to happen on our part) - the attacker then grabbed the WHMCS database details using this shell and was able to access the database using this shell.
We created a PDF statement for all customers and any parties interested, you can read it here - http://www.simplexwebs.com/pdf/27-april-incident.pdf.
Furthermore, we've taken drastic measures to improve the overall security of our systems and servers and we're very sure that what happened here will not happen again.
Customers data will not be leaked and I can confirm this.
Thanks.Last edited by TimC; 04-29-2010 at 11:45 AM.
-
04-29-2010, 09:19 PM #24Disabled
- Join Date
- Apr 2010
- Location
- North Carolina
- Posts
- 68
Originally Posted by TimC
-
04-30-2010, 01:22 PM #25Newbie
- Join Date
- Apr 2010
- Posts
- 11
Similar Threads
-
Simplexwebs.com Ripped from x12Host.com??
By Discreditable in forum Web HostingReplies: 16Last Post: 12-09-2009, 12:35 PM -
Inlabz.com total rip of simplexwebs.com
By TimC in forum Web HostingReplies: 4Last Post: 09-30-2009, 02:47 PM -
Simplexwebs.com - Buy one month of shared or reseller hosting, get one free!
By TimC in forum Shared Hosting OffersReplies: 0Last Post: 08-28-2009, 10:41 AM