Results 1 to 18 of 18
  1. #1
    Join Date
    Apr 2004
    Location
    A house on the beach
    Posts
    54

    Exclamation Bliksem Gave Out Your Info and Mine

    When I did all my backups through cpanel to my own FTP server, it would send me a .gz file with everything included. Databases, Email accounts, Files, Passwords, everything.
    Along with those files came some other junk (I thought) directories.
    Today I'm sitting here just going through these files and seeing what I need and don't need.
    One file interested me ALOT.
    backup-12.4.2006_13-16-35_*****\homedir\.cpanel-datastore\reseller_RESELLERSUSERS_root

    I opened it with a text editor and what a surprise....
    it's a complete list of all the accounts that were on joie... INCLUDING LOGINS!
    During a time when Blik messed up joie, we were moved to grenwerk... I have the same files in those backups.

    I'm not going to post the content of these files, but I suggest you all change your passwords/logins for your sites when you move them.

    On Dec 4th, joie had 592 domains on it
    -= Webmaster=-
    -=Programmer=-
    -=. Hired Gun .=-
    .oº°'¨'°ºo.oº°'¨

  2. #2
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,341
    This reminds me of a soap opera (no I don't watch them)
    <<< Please see Forum Guidelines for signature setup. >>>

  3. #3
    CJV what kind of informations do you have?
    I mean login could be public... but password.. it's encrypt (hope with some strong algorithm).

    regards

  4. #4
    When I did all my backups through cpanel to my own FTP server, it would send me a .gz file with everything included. Databases, Email accounts, Files, Passwords, everything.
    Hi CJV,

    Could you please post directions on how to make this backup? I could't retrieve any backup using cpanel transfers from my old Bliksem server.

    Regards,

    Ed

  5. #5
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,341
    You new host should make this backup for you and restore it on the new servers.
    <<< Please see Forum Guidelines for signature setup. >>>

  6. #6
    Hi HostFrog,

    I've tried to make the backups by myself already using VPS cpanel without any success.

    Ed

  7. #7
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,341
    Have you done this through remote FTP?
    <<< Please see Forum Guidelines for signature setup. >>>

  8. #8
    Hi,

    I've done through the following WHM options (not sure about remote FTP):

    - Copy an account from another server
    - Copy an account from another server with account password

    What is the correct option and what are the recommended settings?

    Thanks for your help

    Ed

  9. #9
    Hi,
    how could is possible to make a backup if I cant reach webserver and conseguently my control panel?

    Thanks,

  10. #10
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,341
    Quote Originally Posted by ArsMagnaWeb
    Hi,

    I've done through the following WHM options (not sure about remote FTP):

    - Copy an account from another server
    - Copy an account from another server with account password

    What is the correct option and what are the recommended settings?

    Thanks for your help

    Ed
    Login to your WHM and click list accounts. Login to the first control panel and click backups. Click Generate/Download backups. Once the screen come ups click the drop down and select Remote FTP. Enter in the IP for remote server, enter in the username (which should be done by your new host, or you can create a transfer account like filetransfer.com) and the password. The port is 21. Select ok.

    Then have your host restore the backup.
    <<< Please see Forum Guidelines for signature setup. >>>

  11. #11
    Join Date
    Apr 2004
    Location
    A house on the beach
    Posts
    54
    I used cpanel (NOT WHM) for all of the web sites that I am webmaster for.
    go to backups.
    Click on "Generate/Download a Full Backup"
    Backup Destination: select "Remote FTP Server"
    Fill in the rest of the server info
    Click "Generate Backup"
    Wait for the file to be delivered.

    I did this weekly for all my sites when the joie was still up and running.

    If you generate the files to your home directory, they will be no good.
    If you just try and download them through cpanel, they will be no good.
    The only good backups I was able to get from Bliksem were done this way.

    LOL Posted at the same time as HostFrog
    -= Webmaster=-
    -=Programmer=-
    -=. Hired Gun .=-
    .oº°'¨'°ºo.oº°'¨

  12. #12
    Join Date
    Apr 2004
    Location
    A house on the beach
    Posts
    54
    Quote Originally Posted by ifthenelse
    CJV what kind of informations do you have?
    I mean login could be public... but password.. it's encrypt (hope with some strong algorithm).

    regards
    That file does not contain the passwords, BUT I did find another file with the password hash table and yet another file with all the database logins and passes.

    I'll keep looking around.... Maybe I can find Jav's social security number or credit card info.
    -= Webmaster=-
    -=Programmer=-
    -=. Hired Gun .=-
    .oº°'¨'°ºo.oº°'¨

  13. #13
    Join Date
    Sep 2006
    Posts
    52
    Quote Originally Posted by ifthenelse
    CJV what kind of informations do you have?
    I mean login could be public... but password.. it's encrypt (hope with some strong algorithm).

    regards
    You would think so but the password you selected when you first signed up is sent in plain text to you (and presumably them).

    And 'normal' accounts (as opposed to reseller accounts with Bliksem) required you to submit password changes to them via a support ticket (for "security" reasons apparently).

  14. #14
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,687
    Quote Originally Posted by zlod

    And 'normal' accounts (as opposed to reseller accounts with Bliksem) required you to submit password changes to them via a support ticket (for "security" reasons apparently).

    What the heck?!? Why would they need your passwords, when they can access everything as root (including change your password, so they can get in). This is the most assinine requirement I have ever heard. For "security" reasons would be a complete lie. If anything, I could see someone getting password information and using it for sinister purposes...like, hoping you use the same password for other things as well.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  15. #15
    Join Date
    Sep 2006
    Posts
    52
    Quote Originally Posted by AH-Tina
    What the heck?!? Why would they need your passwords, when they can access everything as root (including change your password, so they can get in). This is the most assinine requirement I have ever heard. For "security" reasons would be a complete lie. If anything, I could see someone getting password information and using it for sinister purposes...like, hoping you use the same password for other things as well.
    Well that was apparently their policy.

    I did indeed query it and was told:

    As root...we have access to your entire account and any of your databases. It's our server and we need this access to make sure no files against our TOS are being uploaded. The only thing we need your password for is for installing a Fantastico script or accessing phpmyadmin. However, we still have access to your databases on our servers so that's moot.

    We have never allowed cpanel change password access for shared accounts. With all due respect, this isn't something we are going to enable now serverwide for one account, even temporarily. If you want to change your password, please update this ticket with what you'd like it to be, as every single shared hosting account with us does.
    And when i then further queried their "policy" with "Jav":

    My tech is being truthful with you as we are with all of our clients. You cannot enable this on a per account basis. As he explained, we have had the same policy for close to three years. If you do a bit of research on the issue you will find a slew of incidents where passwords were hi-jacked using the cpanel change password feature. It is simply NOT a safe feature to use and we are not the only host that disables this.

    There is absolutely no reason why you couldn't request a password change from our techs. We use a secure help desk and the password is x's out after it's adjusted so it isn't stored in any database.

    Suffice to say i never bothered to change my password with them

  16. #16
    Join Date
    Jul 2004
    Location
    Montreal, Canada
    Posts
    283
    That doesn't make sense... phpMyAdmin can be accessed via root and if there is a need for Fantastico, they can ask the customer to provide the password only when it is needed. Disabling password changing feature is retarded, I've never seen this 'evidence' he refers to, especially if cPanel is protected with a reliable server-wide SSL.
    •• polur.net | Premium web hosting solutions you can trust since 2004••
    High performance NVMe SSD, CloudLinux & LiteSpeed hosting with Canadian datacentres

  17. #17
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,687
    They're referring to the feature where you can reset a cPanel password via email (which did have some security issues a couple of years ago), but making it sound like its "all" password changes via cPanel. That's completely ridiculous. There is absolutely no legitimate reason why they would need to keep your password on file or why they would need to prevent you from resetting your own password.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  18. #18
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,341
    Quote Originally Posted by AH-Tina
    They're referring to the feature where you can reset a cPanel password via email (which did have some security issues a couple of years ago), but making it sound like its "all" password changes via cPanel. That's completely ridiculous. There is absolutely no legitimate reason why they would need to keep your password on file or why they would need to prevent you from resetting your own password.

    --Tina
    Exactly! There really is no reason to prevent them. Just going around in circles with this really....poor thread.
    <<< Please see Forum Guidelines for signature setup. >>>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •