Page 5 of 8 FirstFirst ... 2345678 LastLast
Results 101 to 125 of 198
  1. #101
    Join Date
    Feb 2013
    Posts
    283
    SO WHY ISN'T THIS THREAD FLAGGED AS FEATURED?

    It only has impact / interest with every user on this site? Far less newsworthy and less active threads end up featured.

    Are moderators hands being tied by Lord Penton? Show spine mods, do the right thing.

  2. #102
    Join Date
    Dec 2007
    Location
    Isle of Man
    Posts
    3,068
    Certainly very strange that nothing *appears* to be happening, but I'm sure there is something in the background taking place.

    Communication is key and communicating this issue to members would make complete sense at the moment. If this was any other company holding personal information, the lapse of time would just be unacceptable. Even if the data might not be legitimate (but appears that it is), then a simple precaution to suggest passwords being changed would be very sensible.

  3. #103

    Communication

    At the very least, I would have expected an official "We are investigating this issue and will update everyone once we know more".

    The fact that the owners couldn't be bothered to do that much says a lot.....
    ATM Web Design Inc.
    Providing Reliable Web Development and Hosting since 2002 - Visit http://www.atmwebdesign.ca for packages and pricing.

  4. #104
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    Quote Originally Posted by elrooted View Post
    BRING THE TWO FACTOR AUTHENTICATION LAYER.
    Now you are talking my language
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Join me on Technical.chat

  5. #105
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by elrooted View Post
    I'll be the first to confirm this hackYou
    No , you're far from the first

    Quote Originally Posted by whmcsguru View Post
    Well, it's definitely out there, that's for sure.
    Quote Originally Posted by elrooted View Post
    since the cowardly owners are trying to cover it up.
    Wrong. Nobody's trying to 'cover it up'.

    Quote Originally Posted by elrooted View Post

    This has been going on officially since Friday. They knew about it then and did nothing.
    In any other business, you have all hands on deck and legal on the weekend due to such. Ruined weekend is what the office workers should have had.
    You clearly have no clue how the corporate world works. You do not get someone out of bed, or 'ruin weekends' for something as trivial as this. Yes, this is trivial, in the grander scheme of things.

    Yes, I get it, the social media aspect of things has taught you to demand instant gratification, but that's not how reality works.
    Have they ignored the issue? You can bet they haven't. They'll get a response when it is appropriate. Don't like it?? The door's over there, feel free to use it.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  6. #106
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by elrooted View Post
    BRING THE TWO FACTOR AUTHENTICATION LAYER.
    That's quite a bit overboard for a simple discussion forum. For admins, yes, absolutely, require it... For every day members? Not so much.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  7. #107
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by rasputin View Post
    If the hole is not closed it's kinda pointless to change it.

    Seems to me it's the forum owners responsibility to fix that first.
    Quote Originally Posted by whmcsguru View Post
    That's quite a bit overboard for a simple discussion forum. For admins, yes, absolutely, require it... For every day members? Not so much.
    Having it optionally for end-users would be nice. At least that way if somebody did get the password they wouldn't easily be able to make use of it to log in and damage the user's reputation / company / etc.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  8. #108
    Join Date
    May 2009
    Posts
    312
    Quote Originally Posted by MikeDVB View Post
    Having it optionally for end-users would be nice. At least that way if somebody did get the password they wouldn't easily be able to make use of it to log in and damage the user's reputation / company / etc.
    It would be good choice to make it optional.

  9. #109
    Join Date
    Aug 2015
    Posts
    182
    2FA will be a nice addition

  10. #110
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by MikeDVB View Post
    Having it optionally for end-users would be nice. At least that way if somebody did get the password they wouldn't easily be able to make use of it to log in and damage the user's reputation / company / etc.
    Looking at that leaked password list, there's much more to worry about than logging in and damaging reputations
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  11. #111
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by whmcsguru View Post
    Looking at that leaked password list, there's much more to worry about than logging in and damaging reputations
    Just because I happen to like lemonade doesn't mean there aren't other drinks out there just like having optional dual authorization doesn't mean there aren't bigger problems to address .
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  12. #112
    Join Date
    Feb 2007
    Location
    Isle Of Anglesey, UK
    Posts
    1,468
    Quote Originally Posted by astutiumRob View Post
    An official announcement from WHT/inet/Penton and a note to change pwds at the top of every forum page would be good !
    I agree, and it should have been done as soon as they became aware of the breach.

  13. #113
    Join Date
    Feb 2013
    Posts
    283
    Quote Originally Posted by whmcsguru View Post
    You clearly have no clue how the corporate world works. You do not get someone out of bed, or 'ruin weekends' for something as trivial as this. Yes, this is trivial, in the grander scheme of things.

    Yes, I get it, the social media aspect of things has taught you to demand instant gratification, but that's not how reality works.
    Have they ignored the issue? You can bet they haven't. They'll get a response when it is appropriate. Don't like it?? The door's over there, feel free to use it.

    A. You have skewed view of how things are or just are apathetic.
    B. This happened on Friday. So slack started then. Friday still is a workday in the Americas.
    C. Legal council is 24/7 for screw ups at Pentons size.
    D. PR is in house on salary and they jump when told to, even if 3 AM on a Sunday Christmas.
    E. There is nothing trivial about details of millions of accounts getting public displayed. There is legal liability, can be civil implications, criminal if intentionally negligent, most States can assess fines and require disclosures potentially. It's nothing to go minifying.
    F. Logical thing to do was to reset passwords upon notification of this potential. Working on 4 days of letting the bad guys have at things. Open season on their valued account holders.
    --- Do you treat your customers/partners/audience like that?

    I have experience in public relations field representing clients who do moronic things like this at major level. Been involved in $xxx million matters on acquisitions as well as lawsuits.

    What Penton is doing is covering their asses. Told everyone including mods to shut their mouthes and no mention of it. Goes something like this:
    "... statements potentially could expose Penton to serious financial and legal risks..."

    I've emailed Penton corporate asking them to come out of their spider hole and clean up the mess.

    We don't need a security firm report later as the peace offering to tell use that their software here was old, not updated, full of exploits, we already know that. We know the perps didn't do it from their network connected refrigerator on their home IP either. Fruitless theater meant for show and never yields anything of value.

    Risk and liability gets minimized by pushing the magic PASSWORD RESET in the administrative area for all accounts. Not for me, for all those millions that have no freaking clue what has happened and now are about to get phished on and ID robbed potentially. Someone, anyone, do the right thing and push the password reset button.

  14. #114
    Join Date
    Dec 2011
    Posts
    1,460
    Quote Originally Posted by whmcsguru View Post
    You clearly have no clue how the corporate world works. You do not get someone out of bed, or 'ruin weekends' for something as trivial as this. Yes, this is trivial, in the grander scheme of things.
    Having all the databases for so many high profile properties stolen and offered up for sale on the dark web is not considered trivial.

    By anyone.

    Anywhere.

    Ever.
    "I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."

  15. #115
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Quote Originally Posted by elrooted View Post
    B. This happened on Friday. So slack started then. Friday still is a workday in the Americas.
    Actually, this happened much earlier than Friday. However, first notification of this?
    07-08-16, 16:13
    That's my time (CST). New York? That's 17:13...
    That's past business hours. I'm sorry you don't get that, but that is what it is.

    Quote Originally Posted by elrooted View Post
    C. Legal council is 24/7 for screw ups at Pentons size.
    Bzz, wrong answer. Legal is not going to get called in for this on the weekend. Again, this is a corporate mentality, not your own specific site.


    Quote Originally Posted by elrooted View Post
    E. There is nothing trivial about details of millions of accounts getting public displayed. There is legal liability, can be civil implications, criminal if intentionally negligent, most States can assess fines and require disclosures potentially. It's nothing to go minifying.
    Again , wrong answer. This is trivial, it's minimal. Them not responding to you immediately is not going to solve a thing.
    Until they identify how the breach took place, find, and fix the hole, them responding is pointless.. THAT, you can bet, started the instant that this was posted. Mat knows his stuff and will take care of things. he always has.

    It's funny , so many armchair quarterbacks here , what with their pitchforks and nooses, ready to lynch corporations, without a shred of respect for the real world out there. Things like this take time. Investigation takes time, responses to incidents like this are not going to come over the weekend, or over night, no matter how much you want to feel warm and fuzzy. Again, if you can't deal with it, then the door's over there... I suggest you use it.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  16. #116
    Join Date
    Mar 2010
    Location
    CMYK-Land
    Posts
    1,400
    Its amazing how much of double standard and rules people applied in this topic. If there was same situation but with a host who stay silent for 4 days most of the members who right now have patience and understanding would be livid over that host. Not to mention accusations followed by "change the host", "irresponsible host", "host is a joke", "time to leave"... Well how about to apply same rules here. So are you guys leaving WHT?
    - I often come to the conclusion that my brain has too many tabs open. -
    Failing at desktop publishing & graphic design since 1994
    .
    Pretty soon we can expect hosting companies offering "double unlimited"
    or
    "not limited unlimited with no limits".

  17. #117
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by Madbunny View Post
    Its amazing how much of double standard and rules people applied in this topic. If there was same situation but with a host who stay silent for 4 days most of the members who right now have patience and understanding would be livid over that host. Not to mention accusations followed by "change the host", "irresponsible host", "host is a joke", "time to leave"... Well how about to apply same rules here. So are you guys leaving WHT?
    It has happened to providers before and there was a similar mix of responses there as there are here.

    That said - leaving WHT for what?
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  18. #118
    Quote Originally Posted by elrooted View Post
    B. This happened on Friday. So slack started then. Friday still is a workday in the Americas.
    You have no idea what they did or did not do that Friday.

    C. Legal council is 24/7 for screw ups at Pentons size.
    What kind of ridiculous assumption is that? I think you should stop reflecting what TV has taught you into the real world.

    D. PR is in house on salary and they jump when told to, even if 3 AM on a Sunday Christmas.
    PR shouldn't release anything until they have a proper announcement to release, and are unlikely to be told to start working on that story on a weekend.

    E. There is nothing trivial about details of millions of accounts getting public displayed. There is legal liability, can be civil implications, criminal if intentionally negligent, most States can assess fines and require disclosures potentially. It's nothing to go minifying.
    I agree it's not trivial - but you're blowing it way out of proportion. I'm sure things will be dealt with, and you not seeing a progress bar moving doesn't mean it isn't. In the grown up world, you don't just panic and start throwing random actions left and and right - you sit down, distantiate and start planning a course of action.

    F. Logical thing to do was to reset passwords upon notification of this potential. Working on 4 days of letting the bad guys have at things. Open season on their valued account holders.
    What if they aren't sure that the vulnerability is fixed? If they are sure, and they still didn't - then I agree, that would've been the correct course of action seen from my perspective.

    I have experience in public relations field representing clients who do moronic things like this at major level. Been involved in $xxx million matters on acquisitions as well as lawsuits.
    That sounds like something requiring a fair bit of tact - something you've not displayed any ability of here so far.

    What Penton is doing is covering their asses. Told everyone including mods to shut their mouthes and no mention of it. Goes something like this:
    "... statements potentially could expose Penton to serious financial and legal risks..."
    Why are you representing yourself as someone able to analyze their actions?

    I've emailed Penton corporate asking them to come out of their spider hole and clean up the mess.
    Thumbs up! I'm sure they'll listen.

    Risk and liability gets minimized by pushing the magic PASSWORD RESET in the administrative area for all accounts. Not for me, for all those millions that have no freaking clue what has happened and now are about to get phished on and ID robbed potentially. Someone, anyone, do the right thing and push the password reset button.
    +1!
    MightWeb - Web Hosting, Reseller Hosting, Virtual Servers & Dedicated Servers.
    KVM VPS's - RAID 10 Pure SSD - Windows & Linux - Managed services available
    Reseller Hosting with WHMCS | Pure SSD | Premium Network | SpamExperts
    DDoS Protection, R1Soft Hourly Backups, LiteSpeed, 30 Day Money-Back Guarantee

  19. #119
    Join Date
    Feb 2012
    Location
    New York, NY
    Posts
    568
    Quote Originally Posted by whmcsguru View Post

    You clearly have no clue how the corporate world works. You do not get someone out of bed, or 'ruin weekends' for something as trivial as this. Yes, this is trivial, in the grander scheme of things.
    I question whether "the university of life" and low level non-managerial support positions qualifies someone to tell others "how the corporate world works".

    Data breaches are never "trivial" to any company because they bring with them a huge amount of potential legal liability. The databases of at least five Penton sites were hacked (and are available online), and the hacker has claimed in a couple of reports that their hack of Penton was far more extensive then just those five sites so I don't really think this hack can be called "trivial".

    If you truly think that this breach is trivial then you are obviously completely oblivious to the data breach notification laws of the 47 states that have enacted notification laws. Perhaps you should familiarize yourself with them if you consider this leak to be trivial, and specifically you should review the notification statutes of the states that have broader definitions of "personal information". Using Florida's statute as an example, "a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account. " is all that it takes for a breach to be considered non-"trivial" and trigger the notification requirements. California also has a broader definition of personal information and all it takes for a breach to become non-"trivial" is "a username or email address, in combination with a password or security question and answer that would permit access to an online account"

    Quote Originally Posted by whmcsguru
    ...knows his stuff and will take care of things. he always has.
    running outdated software on multiple sites, including versions that contain known 0day exploits that were first published more than a year ago, is not what I would consider taking care of things and that employee would long ago have been looking for a new job if he worked for most companies.

    Quote Originally Posted by elrooted
    F. Logical thing to do was to reset passwords upon notification of this potential. Working on 4 days of letting the bad guys have at things.
    Agreed, a mandatory password reset for all breached Penton properties should have been done as a precaution as soon as the breach was confirmed.

    It is understandable if a company waits xx days to issue an official statement about a data breach (and the law, depending on state does give them xx days to do it) because they need to make sure their response conforms to the various notification laws, but it is not understandable if they don't take steps to limit the damage by doing something as simple as a mandatory password reset for everyone whose info is in those databases.

    Quote Originally Posted by MightWeb-Marcus
    What if they aren't sure that the vulnerability is fixed?
    Obviously none of the vulnerabilities have been fixed yet, which can be verified by anyone since it is easy to check the versions of WordPress and VBulletin installs. All hacked sites are still running the same outdated scripts that are chock full of XSS vulnerabilities and long known 0day exploits.

  20. #120
    Join Date
    Mar 2010
    Location
    CMYK-Land
    Posts
    1,400
    Quote Originally Posted by MikeDVB View Post
    It has happened to providers before and there was a similar mix of responses there as there are here.
    Well i could say that i believe in fairy-tales but i dont. I'm sure that some small percentage of topics are like you said but the majority are not.

    Quote Originally Posted by MikeDVB View Post
    That said - leaving WHT for what?
    I dont know but i will follow the flow.
    - I often come to the conclusion that my brain has too many tabs open. -
    Failing at desktop publishing & graphic design since 1994
    .
    Pretty soon we can expect hosting companies offering "double unlimited"
    or
    "not limited unlimited with no limits".

  21. #121
    Join Date
    Dec 2011
    Posts
    1,460
    Quote Originally Posted by whmcsguru View Post
    This is trivial, it's minimal.
    You keep repeating this and I keep mumbling to myself the question "What planet do you live on?"

    An information services company has had a significant chunk, possibly all of its assets stolen?

    It doesn't get any less trivial than that?

    If that doesn't warrant an All Hands On Deck response I don't know what does...
    "I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."

  22. #122
    Join Date
    Jul 2004
    Location
    Pittsburgh PA
    Posts
    469
    We are coming up on the end of the business day and not a word from them yet. At the minimum the system admin should have plugged the holes, forced changed passwords site wide and said "Yes we know about the issue".

    At this point they are starting to look bad. Now the fact that they posted some news on their main company site today (not related to the hacking mind you) tells me someone should be in the office to handle the issue. They still have an old version of Wordpress running, I do see this forum is running the latest Patch Level version of vBulletin (that's a plus). Security is a must and with a site like this always being a target they need to step up their game in that department.
    ▉▊ HostKoi Web Services LLC - Optimized Web Hosting, Reseller, VPS and Dedicated Servers.
    Services World Wide: US, UK, Europe & Asia
    ▊▉ True 24x7 Support

  23. #123
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by Madbunny View Post
    Well i could say that i believe in fairy-tales but i dont. I'm sure that some small percentage of topics are like you said but the majority are not.
    I'm speaking from direct personal experience. I've never written a fairy-tale.

    Quote Originally Posted by Madbunny View Post
    I dont know but i will follow the flow.
    A few years ago I wanted to create a WHT replacement - had a really hard time getting it off the ground.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  24. #124
    Join Date
    Jul 2004
    Location
    Pittsburgh PA
    Posts
    469
    Looks like the leak happen on 2016-07-04

    https://www.leakedsource.com/
    ▉▊ HostKoi Web Services LLC - Optimized Web Hosting, Reseller, VPS and Dedicated Servers.
    Services World Wide: US, UK, Europe & Asia
    ▊▉ True 24x7 Support

  25. #125
    Join Date
    Mar 2009
    Location
    Here Today - Gone to Maui
    Posts
    9,962
    Quote Originally Posted by MikeDVB View Post
    Last time WHT was hacked I don't remember notifications/emails/etc... I know WHT is owned by Penton now - but I wouldn't expect the behavior to change.

    Honestly I'd be very surprised if I heard about this anywhere else but here. I almost expected this thread to disappear.

    I guess it's good that the attackers only snagged a copy of the database rather than defacing it / destroying it / damaging the data - or maybe they tried and failed. I know last time WHT was hacked I lost something like 1,500 posts.
    I lost everything from December to March and this was the only forum I was on at the time.
    ProlimeHost - Dedicated Server Hosting & KVM SSD VPS
    Three Datacenter Locations: Los Angeles, Denver & Singapore
    SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On-site Engineers

Page 5 of 8 FirstFirst ... 2345678 LastLast

Similar Threads

  1. Very interested on the status of WHT hacked db restore, Any one else?
    By Manageandsupport_com in forum WHT Announcements, Feedback and Questions
    Replies: 16
    Last Post: 04-06-2009, 07:23 PM
  2. US and Canada Telephone Area Code DB for sale!
    By Douglas in forum Other Offers & Requests
    Replies: 2
    Last Post: 06-09-2006, 02:27 PM
  3. site + large DB for sale with some traffic + others
    By DNGeeks in forum Other Offers & Requests
    Replies: 7
    Last Post: 10-15-2004, 10:29 AM
  4. 30+ Domains for sale - Discounts for WHT users
    By deepensky90 in forum Other Offers & Requests
    Replies: 9
    Last Post: 05-26-2003, 08:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •