Page 1 of 5 1234 ... LastLast
Results 1 to 25 of 118
  1. #1
    Join Date
    Jun 2011
    Location
    Buffalo, NY
    Posts
    3,849

    Exclamation We3Cares Hacked?

    Well no one else created a thread here so I thought I would ask.

    One of our clients contacted me over chat today asking for us to provide advise on server management companies (as we are a self-managed hosting company), and when We3Cares was the subject of the discussion as they are a server management company, I visited their site and saw they got hacked:

    http://we3cares.com/

    Anyone know what is going on with them? Upon googling "We3cares hack" I couldn't find anything, but found this which was quite interesting: http://we3cares.com/replies/
    Attached Thumbnails Attached Thumbnails we3cares.PNG  
      0 Not allowed!

  2. #2
    How long they are hacked?
    Officials are not aware of this?
      0 Not allowed!

  3. #3
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Confirmed!

    This can eb worse then the whole WHMCS attack as it could mean that the attackers could now posses the root passwords of ALL of their clients. If you are a customer, it would be STRONGLY advised to change all passwords and revoke SSH keys until further notice.
      0 Not allowed!

  4. #4
    Quote Originally Posted by KMyers View Post
    Confirmed!

    This can eb worse then the whole WHMCS attack as it could mean that the attackers could now posses the root passwords of ALL of their clients. If you are a customer, it would be STRONGLY advised to change all passwords and revoke SSH keys until further notice.
    That is too much scary for all customers of We3Care
      0 Not allowed!

  5. #5
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    Their site looks fine now - they must have just fixed it.
      0 Not allowed!

  6. #6
    Fixed!
    But Still Same Question!
    Where is their security?
      0 Not allowed!

  7. #7
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by ramnet View Post
    Their site looks fine now - they must have just fixed it.
    Yes, I just hit refresh again and it seems back to normal.
    Quote Originally Posted by Askforhost Hosting View Post
    Fixed!
    But Still Same Question!
    Where is their security?
    Analyzing the source of the attack can take time. They should however issue some sort of official statement. Customers are still advised to change ALL passwords
    Attached Thumbnails Attached Thumbnails Screenshot from 2012-06-02 13:55:59.png  
      0 Not allowed!

  8. #8
    Join Date
    Mar 2005
    Location
    Orlando, Florida
    Posts
    2,625
    They're on php 5.2.14. I know that versions had some exploits recently. I wonder if that's what could have caused it?
      0 Not allowed!

  9. #9
    Join Date
    Jul 2009
    Location
    Atlanta, GA
    Posts
    622
    @KMyers: You missed one of the F-words in your attempt to cover it up.
      0 Not allowed!

  10. #10
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by FrankLaszlo View Post
    @KMyers: You missed one of the F-words in your attempt to cover it up.
    That explains the 2nd terminal Window I had to close hiding behind the FF screen
      0 Not allowed!

  11. #11
    So any official statement released?
      0 Not allowed!

  12. #12
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410

    Regarding Hack

    Hello,

    Our site got hacked last day. Actually we do not save any passwords or SSH keys inside the server where we3cares.com is hosted.

    I request WHT community to remain patient. I hereby declare that all customers info are safe and are not exposed any where. We save all the info in a seperate software called clientdb, which is again accessible by techs internally in our office (from local linux machine, by executing ./clientdb command).

    Even our site is not connected to a DB. Our WHMCS also do not contain any credit card info of our customers. Our long standing customers know this!

    We know such things can happen any day and hence we do have seperate setup for every thing and please do not co-relate this index page hack (due to older php version) with any security issue.

    We3cares.com server is managed personally by me ( me a sales guy after all) as I can't let my techs know that server's root password.

    Also it is not a server root hack, its a index page hack.

    Hope WHT community understand my situation now!
      0 Not allowed!

  13. #13
    Join Date
    May 2007
    Posts
    2,745
    How does we3cares obtain information to provide support through email? tickets...
      0 Not allowed!

  14. #14
    Join Date
    May 2008
    Location
    Citrus Heights, CA
    Posts
    1,887
    Quote Originally Posted by hosting_we3cares View Post
    We3cares.com server is managed personally by me ( me a sales guy after all) as I can't let my techs know that server's root password.

    So you're a sales guy trying to admin a server?

    And, you can't trust even a single tech of yours with the root?


      0 Not allowed!

  15. #15
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Hello,

    You asked the right question at right time. This question is for the customers who have server management plans (not complete server management) and do not have their own helpdesk.

    The answer is known to our existing customers already. They always send an email to a seperate id (given to them while they sign up) and they never open a ticket with our whmcs.

    Hence no point in thinking whether server logins are compromised. Also once they sign up, we save their passwords with clientdb and our techs do not even ask for logins via emails.

    I believe my customers will support me in this thread as they know how safe they are and how this is nothing to do with their security.

    Again, we know this could happen to any one on anyday. Hence we always keep different tools for everything and we never allow hackers to move into our customers data.

    You might have observed that none of our existing customers has complained about us yet. This shows how strong they believe our support.

    Thanks once again.
      0 Not allowed!

  16. #16
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,105
    But it is a fair question how you as a server management company operator don't trust your techs in your own server but have them managing customer servers.

    That sees ... odd to me.
      0 Not allowed!

  17. #17
    Join Date
    Jun 2010
    Location
    Indonesia
    Posts
    473
    Oh my. I just realize the words, in the hacked page
    It's someone using javaneese, maybe someone from Indonesia.
    I wonder why they do this
      0 Not allowed!

  18. #18
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Hello Mark,

    Yeah, I am a sales manager. We do have 4 management people in panel,technical heads are available in that. As you know it was a weekend and they were not available.

    We just have our own site in that server and we never thought some admin should manage it.

    The site has been restored by me with in some time after the hack happened. So I believe I am good enough to do basic stuff in my server.

    However I will take you advice and will employ one of my senior tech to take care of my server.
      0 Not allowed!

  19. #19
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Hello Coolraul,

    You got a great question. My manegment team decided earlier not to give root password of our server as few of them are great techs and they can manage by themself. However I will employ one of senior admin to manage my server hereafter.

    As I said earlier, none of my existing customers has complained yet as they are aware of our security measures.

    Have a nice day!
      0 Not allowed!

  20. #20
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by hosting_we3cares View Post
    Hello,
    We know such things can happen any day and hence we do have seperate setup for every thing and please do not co-relate this index page hack (due to older php version) with any security issue.
    I am curious, was it actually due to the older php version or are you just agreeing with what someone else has said to cover up the real reason?
      0 Not allowed!

  21. #21
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410

    Regarding hack

    Hello Steven,

    There is no real reason apart from older PHP version.

    Hope your curiosity is over now
      0 Not allowed!

  22. #22
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by hosting_we3cares View Post
    Hello Steven,

    There is no real reason apart from older PHP version.

    Hope your curiosity is over now
    Exactly what exploit (CVE number) in the older php caused it? Did you guys even investigate what happened? Unless you had a pretty poor setup to begin with, the older php by itself would not lead to you being compromised.
      0 Not allowed!

  23. #23
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Hello Steven,

    I will explain such things to my customers. I believe I have made enough explanation on this thread.

    Thanks for your interest shown on us.
      0 Not allowed!

  24. #24
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by hosting_we3cares View Post
    Hello Steven,

    I will explain such things to my customers. I believe I have made enough explanation on this thread.

    Thanks for your interest shown on us.

    Are you sure you even informed your customers? I have a few customers who also use you and they didn't hear anything about this until I showed them the thread.
      0 Not allowed!

  25. #25
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Hello Steven,

    All our customers have been informed.

    I know, none of our customers use your service as of now as they are satisfied with our support.

    If so, you can contact me privately and argue.
      0 Not allowed!

Page 1 of 5 1234 ... LastLast

Similar Threads

  1. Thanks We3cares.com
    By Vatu in forum Managed Hosting and Services
    Replies: 8
    Last Post: 11-14-2009, 12:04 PM
  2. We3Cares?
    By IPswing-Sarwar in forum Managed Hosting and Services
    Replies: 9
    Last Post: 06-19-2009, 05:14 PM
  3. We3Cares Review
    By redham in forum Managed Hosting and Services
    Replies: 8
    Last Post: 05-19-2009, 06:05 AM
  4. Review: We3Cares
    By GamesLinux in forum Managed Hosting and Services
    Replies: 10
    Last Post: 04-04-2009, 06:28 AM
  5. We3cares.com
    By HL90 in forum Managed Hosting and Services
    Replies: 8
    Last Post: 11-17-2008, 11:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •