Results 1 to 25 of 118
Thread: We3Cares Hacked?
-
06-02-2012, 01:33 PM #1Temporarily Suspended
- Join Date
- Jun 2011
- Location
- Buffalo, NY
- Posts
- 3,849
We3Cares Hacked?
Well no one else created a thread here so I thought I would ask.
One of our clients contacted me over chat today asking for us to provide advise on server management companies (as we are a self-managed hosting company), and when We3Cares was the subject of the discussion as they are a server management company, I visited their site and saw they got hacked:
http://we3cares.com/
Anyone know what is going on with them? Upon googling "We3cares hack" I couldn't find anything, but found this which was quite interesting: http://we3cares.com/replies/0
-
06-02-2012, 01:36 PM #2Web Hosting Master
- Join Date
- Jul 2011
- Posts
- 2,636
How long they are hacked?
Officials are not aware of this?0
-
06-02-2012, 01:40 PM #3Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
Confirmed!
This can eb worse then the whole WHMCS attack as it could mean that the attackers could now posses the root passwords of ALL of their clients. If you are a customer, it would be STRONGLY advised to change all passwords and revoke SSH keys until further notice.0
-
06-02-2012, 01:42 PM #4Web Hosting Master
- Join Date
- Jul 2011
- Posts
- 2,636
0
-
06-02-2012, 01:53 PM #5Virtually Flawless ;)
- Join Date
- Apr 2009
- Location
- USA / UK
- Posts
- 4,577
Their site looks fine now - they must have just fixed it.
0
-
06-02-2012, 01:55 PM #6Web Hosting Master
- Join Date
- Jul 2011
- Posts
- 2,636
Fixed!
But Still Same Question!
Where is their security?0
-
06-02-2012, 01:59 PM #7Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
0
-
06-02-2012, 02:04 PM #8Web Hosting Master
- Join Date
- Mar 2005
- Location
- Orlando, Florida
- Posts
- 2,625
They're on php 5.2.14. I know that versions had some exploits recently. I wonder if that's what could have caused it?
0
-
06-02-2012, 02:21 PM #9Web Hosting Master
- Join Date
- Jul 2009
- Location
- Atlanta, GA
- Posts
- 622
@KMyers: You missed one of the F-words in your attempt to cover it up.
0
-
06-02-2012, 02:22 PM #10Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
0
-
06-02-2012, 02:25 PM #11Web Hosting Master
- Join Date
- Jul 2011
- Posts
- 2,636
So any official statement released?
0
-
06-02-2012, 10:09 PM #12Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Regarding Hack
Hello,
Our site got hacked last day. Actually we do not save any passwords or SSH keys inside the server where we3cares.com is hosted.
I request WHT community to remain patient. I hereby declare that all customers info are safe and are not exposed any where. We save all the info in a seperate software called clientdb, which is again accessible by techs internally in our office (from local linux machine, by executing ./clientdb command).
Even our site is not connected to a DB. Our WHMCS also do not contain any credit card info of our customers. Our long standing customers know this!
We know such things can happen any day and hence we do have seperate setup for every thing and please do not co-relate this index page hack (due to older php version) with any security issue.
We3cares.com server is managed personally by me ( me a sales guy after all) as I can't let my techs know that server's root password.
Also it is not a server root hack, its a index page hack.
Hope WHT community understand my situation now!0
-
06-02-2012, 10:13 PM #13Web Hosting Master
- Join Date
- May 2007
- Posts
- 2,745
How does we3cares obtain information to provide support through email? tickets...
0
-
06-02-2012, 10:26 PM #14Rebooting is a hack, not a fix
- Join Date
- May 2008
- Location
- Citrus Heights, CA
- Posts
- 1,887
0
-
06-02-2012, 10:32 PM #15Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Hello,
You asked the right question at right time. This question is for the customers who have server management plans (not complete server management) and do not have their own helpdesk.
The answer is known to our existing customers already. They always send an email to a seperate id (given to them while they sign up) and they never open a ticket with our whmcs.
Hence no point in thinking whether server logins are compromised. Also once they sign up, we save their passwords with clientdb and our techs do not even ask for logins via emails.
I believe my customers will support me in this thread as they know how safe they are and how this is nothing to do with their security.
Again, we know this could happen to any one on anyday. Hence we always keep different tools for everything and we never allow hackers to move into our customers data.
You might have observed that none of our existing customers has complained about us yet. This shows how strong they believe our support.
Thanks once again.0
-
06-02-2012, 10:40 PM #16Retired Moderator
- Join Date
- May 2004
- Location
- Toronto, Canada
- Posts
- 5,105
But it is a fair question how you as a server management company operator don't trust your techs in your own server but have them managing customer servers.
That sees ... odd to me.0
-
06-02-2012, 10:42 PM #17Web Hosting Evangelist
- Join Date
- Jun 2010
- Location
- Indonesia
- Posts
- 473
Oh my. I just realize the words, in the hacked page
It's someone using javaneese, maybe someone from Indonesia.
I wonder why they do this0
-
06-02-2012, 10:43 PM #18Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Hello Mark,
Yeah, I am a sales manager. We do have 4 management people in panel,technical heads are available in that. As you know it was a weekend and they were not available.
We just have our own site in that server and we never thought some admin should manage it.
The site has been restored by me with in some time after the hack happened. So I believe I am good enough to do basic stuff in my server.
However I will take you advice and will employ one of my senior tech to take care of my server.0
-
06-02-2012, 10:48 PM #19Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Hello Coolraul,
You got a great question. My manegment team decided earlier not to give root password of our server as few of them are great techs and they can manage by themself. However I will employ one of senior admin to manage my server hereafter.
As I said earlier, none of my existing customers has complained yet as they are aware of our security measures.
Have a nice day!0
-
06-02-2012, 11:37 PM #20Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
0
-
06-03-2012, 12:08 AM #21Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Regarding hack
Hello Steven,
There is no real reason apart from older PHP version.
Hope your curiosity is over now0
-
06-03-2012, 12:18 AM #22Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
0
-
06-03-2012, 12:26 AM #23Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Hello Steven,
I will explain such things to my customers. I believe I have made enough explanation on this thread.
Thanks for your interest shown on us.0
-
06-03-2012, 12:33 AM #24Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
0
-
06-03-2012, 12:40 AM #25Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Hello Steven,
All our customers have been informed.
I know, none of our customers use your service as of now as they are satisfied with our support.
If so, you can contact me privately and argue.0
Similar Threads
-
Thanks We3cares.com
By Vatu in forum Managed Hosting and ServicesReplies: 8Last Post: 11-14-2009, 12:04 PM -
We3Cares?
By IPswing-Sarwar in forum Managed Hosting and ServicesReplies: 9Last Post: 06-19-2009, 05:14 PM -
We3Cares Review
By redham in forum Managed Hosting and ServicesReplies: 8Last Post: 05-19-2009, 06:05 AM -
Review: We3Cares
By GamesLinux in forum Managed Hosting and ServicesReplies: 10Last Post: 04-04-2009, 06:28 AM -
We3cares.com
By HL90 in forum Managed Hosting and ServicesReplies: 8Last Post: 11-17-2008, 11:06 PM