Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    Join Date
    Jun 2009
    Posts
    48

    SimplexWebs Hacked

    Not sure if this is the right section but:

    https://www.simplexwebs.com/

    Keep refreshing the page, they try to stop the hacker but he changes page back to hacked page, he has all client data etc..

  2. #2
    Join Date
    Jan 2010
    Location
    mkdir /stash; cd /stash
    Posts
    362
    http://uploadir.com/u/cd260b5a
    http://uploadir.com/u/7ea7e832

    Some prints as its back now. Still not secure though.

  3. #3
    Join Date
    Jun 2009
    Location
    UK: Oxford
    Posts
    1,259
    Oh dear =/
    Garbott Ltd - Exceptional web development, hosting & consultancy services

  4. #4
    Join Date
    Feb 2010
    Location
    Jakarta
    Posts
    1,098
    What a nightmare -.-'
    Anyway their site is back up again now. Hope they fixed the problem or the site will be backed again.
    Web Hosting Business Guide Book - Getting & Managing Your First 1,000 Clients in Web Hosting
    Enter Your cPanel Login & We'll Back It Up, Every Day! - SiteAutoBackup.Com
    Got WHM instead? Enter your WHM login and we'll backup everything, everyday. It's simple.

  5. #5
    Join Date
    Nov 2009
    Location
    Vista, CA
    Posts
    1,060
    Quote Originally Posted by agustan View Post
    What a nightmare -.-'
    Anyway their site is back up again now. Hope they fixed the problem or the site will be backed again.
    It seems he wanted to say that is not good sign so far from the company main web site of which was hacked.
    WebIntellects - Fully Managed Dedicated and Virtual Private Servers since1999.
    WebhostGIANT - LOW Cost Hosting

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Their *entire* site is WHMCS powered which leaves me wondering if perhaps they were running an older version that was vulnerable to something. Generally ultra-customized deployments of software don't get updated as often as they should just due to how much work it is to upgrade... Also it doesn't help that WHMCS never releases security information and simply releases new versions with "New Features and Updates"... I have personally known of several major SQL injection issues that WHMCS has patched over without letting anybody know...

    Ultimately I doubt we'll ever find the root cause, but if we do - I'm curious if it's due to an outdated WHMCS.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  7. #7
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    Their business has not been that active:- Registration 2009-06-28

    Even thought this has nothing to do with their "Time in Activeness" it might determine their knowledge here, why would a hacker target simplexwebs?

    Wonders, thought Mike does have a valid point on vulnerabilities.
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  8. #8
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by ATH-Sean View Post
    Their business has not been that active:- Registration 2009-06-28

    Even thought this has nothing to do with their "Time in Activeness" it might determine their knowledge here, why would a hacker target simplexwebs?

    Wonders, thought Mike does have a valid point on vulnerabilities.
    The domain is licensed for WHMCS so they would have to be running at least 3.6.1+ which aren't affected by this: http://packetstormsecurity.org/1004-.../whmcs-sql.txt

    There could be any number of things from the attacker gaining access via a leaked password, keylogger, sniffing FTP passwords over network, who knows what. It could even be a disgruntled employee or somebody who had access at the server at one time or another to do some work.

    It's really hard to guess without being on the inside.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  9. #9
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    There could be any number of things from the attacker gaining access via a leaked password, keylogger, sniffing FTP passwords over network, who knows what. It could even be a disgruntled employee or somebody who had access at the server at one time or another to do some work.
    And one we will never truly know for sure
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  10. #10
    Is it recovered on your website?

  11. #11
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    Is it recovered on your website?
    I cannot see their main site up, I have seen their "Back Shortly..." message for the last 3 + hours (since my time).
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  12. #12
    Join Date
    Jun 2005
    Location
    New York
    Posts
    2,883
    Quote Originally Posted by ATH-Sean View Post
    I cannot see their main site up, I have seen their "Back Shortly..." message for the last 3 + hours (since my time).
    Same here. Thankfully, it doesn't sound like the hacker deleted any client data
    XeHost.net - Hosting websites since 1999!
    Shared Hosting, Cloud Hosting, Reseller Hosting, VPS Hosting, and Dedicated Servers
    End-User Support, WHMCS, and WHMReseller Available on Reseller Plans!
    Follow us on Twitter - new special every Sunday! @XeHost

  13. #13
    All i am thinking right now is that it is really scary that this type of thing can happen

    It just goes to show how carefull we need to be, and how hard we have to work to make sure that high levels of security are maintained...

  14. #14
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by XeHSean View Post
    Same here. Thankfully, it doesn't sound like the hacker deleted any client data
    Depending on what data was stored - the attacker having any client data is definitely not a good prospect either way. They would have your hosting account details (cPanel username+password unless you've changed it inside cPanel without updating the support system), mailing address, phone number, email address, etc...

    The unfortunate thing is that no matter how well you protect yourself and no matter the size of the company this can and will eventually happen at some time or another. As with anything in life it's always a gamble.

    In my honest opinion any provider claiming to be "hack proof" or "hacker safe" is just begging for somebody to prove them wrong. I'm not sure that the site did say either but from the message that was posted on the site while it was defaced ... I would say somebody felt that Simplex needed sent a strong message... Why? I don't know.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  15. #15
    Join Date
    Jun 2009
    Posts
    48
    On various forums that they post on they about how secure they are and how good their techies are.
    By doing so I believe it made them a target straight away.

  16. #16
    Join Date
    Nov 2009
    Location
    Cincinnati
    Posts
    1,585
    Like Mike had mentioned it looks like they built their entire site off the WHMCS framework, perhaps they left a security issue for SQL injection.
    'Ripcord'ing is the only way!

  17. #17
    Join Date
    Dec 2007
    Location
    Isle of Man
    Posts
    3,068
    Quote Originally Posted by Zasky View Post
    On various forums that they post on they about how secure they are and how good their techies are.
    By doing so I believe it made them a target straight away.
    That's what every host does - I'd like to think that most technicians at companies are good at what they do.

  18. #18
    Join Date
    Jan 2010
    Location
    mkdir /stash; cd /stash
    Posts
    362
    https://www.simplexwebs.com/pdf/27-april-incident.pdf Thats the pdf release.

    They were hacked for a reason, that reason i heard was due to boasting, putting others down, and using threats to get other companies.

    Yet also they have no root access to any boxes. nor know what the hell there actually doing!!

  19. #19
    Join Date
    Dec 2007
    Location
    Isle of Man
    Posts
    3,068
    Quote Originally Posted by PPOwens View Post
    https://www.simplexwebs.com/pdf/27-april-incident.pdf Thats the pdf release.

    They were hacked for a reason, that reason i heard was due to boasting, putting others down, and using threats to get other companies.

    Yet also they have no root access to any boxes. nor know what the hell there actually doing!!
    The reason I heard was that your own company was hacked and you blamed them. I'm not really in to this dabbling in smaller hosts but I like to find out what's what with people.

  20. #20
    Join Date
    Jan 2010
    Location
    mkdir /stash; cd /stash
    Posts
    362
    We were not hacked, but correct some of this has caught up with us which we are no longer going to be caught up in.

    Whatever did go on was due to some reason which we will not ever fully know, but lets hope they continue to provide such good service as they did.

  21. #21
    Join Date
    Aug 2009
    Location
    Riverside, CA
    Posts
    35
    Scary stuff man. Just goes to show that diligence is the key to security. You have to actually care, lol.
    Webcave Hosting - Today's Gateway to Perfect Hosting!
    *Non-Oversold Shared hosting *Dedicated Servers *Web Design *Domain Names
    24/7/365 LIVE Technical Support/Sales via phone, live chat, email and ticketing system.
    30-Day Money back guarantee, 99.99% uptime SLA. - WebCaveHosting.com

  22. #22
    Quote Originally Posted by PPOwens View Post
    We were not hacked, but correct some of this has caught up with us which we are no longer going to be caught up in.

    Whatever did go on was due to some reason which we will not ever fully know, but lets hope they continue to provide such good service as they did.
    I suppose in any case that worth to investigate where the problem comes from....
    That could be the hole in the web application as well which hackers used.

  23. #23
    Join Date
    Jul 2009
    Posts
    69
    Hi all,

    This was indeed a very big inconvenience for ourselves and customers, we're deeply sorry for any problems caused. This should have never happened in the first place - but we now know who caused this, how it happened and what damage was done. It was caused by a 'hidden' shell (hidden meaning we simply didn't come across it during audits - yes, that was a terrible thing to happen on our part) - the attacker then grabbed the WHMCS database details using this shell and was able to access the database using this shell.

    We created a PDF statement for all customers and any parties interested, you can read it here - http://www.simplexwebs.com/pdf/27-april-incident.pdf.

    Furthermore, we've taken drastic measures to improve the overall security of our systems and servers and we're very sure that what happened here will not happen again.

    Customers data will not be leaked and I can confirm this.

    Thanks.
    Last edited by TimC; 04-29-2010 at 11:45 AM.

  24. #24
    Join Date
    Apr 2010
    Location
    North Carolina
    Posts
    68
    Quote Originally Posted by TimC
    we're very sure that what happened here will not happen again.
    That is a very strong statement.

  25. #25
    Quote Originally Posted by WinsNexus View Post
    That is a very strong statement.
    Correct. Maybe not the same type of attack, but in some other unforeseen way.

    This type of publicity can cripple a business.

Page 1 of 2 12 LastLast

Similar Threads

  1. Simplexwebs.com Ripped from x12Host.com??
    By Discreditable in forum Web Hosting
    Replies: 16
    Last Post: 12-09-2009, 12:35 PM
  2. Inlabz.com total rip of simplexwebs.com
    By TimC in forum Web Hosting
    Replies: 4
    Last Post: 09-30-2009, 02:47 PM
  3. Replies: 0
    Last Post: 08-28-2009, 10:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •