Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Whitelist de-listing: HostDoc
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Whitelist de-listing: HostDoc

It is unfortunate but HostDoc has been de-listed from The Whitelist: https://lowendboxes.review/whitelist-de-listing-hostdoc/

There are multiple reports of random customer data leaks stretching back to October 2019. Evidence is detailed in the announcement above.

HostDoc has been a great provider but this random leaking of customers' private detail is a red line. There are many other great alternative providers on The Whitelist if you are concerned, and I also have posted some extended reviews on LowEndBoxes Review if you need fine-grained data on alternative providers (more to come).

If there is credible future evidence that customer data isn't being randomly leaked any more, HostDoc may be reinstated.

«1

Comments

  • I would really like to see the dox fix this once and for all, it's been reported many times and keeps persisting. I was told it was whmcs caching pages, and that clearing the cache "resolved" the issue but it seems like it's something deeper than that perhaps.

    I'm not sure how this will end to be honest..

    Paging @HostDoc

    This is probably a good time to announce that I'm not associated with HostDoc for a while now, and this has actually made me decide to cancel my services. My reason is the apparent lack of seriousness taken to resolve it, even I get a spiel about it being cleared and not coming back.

    Shitty times indeed.

  • havocxhavocx Member
    edited January 2020

    I've seen this myself before & reported it too. Changed my hostname as a result because that seems to be the most tangible info leaking (e.g. if it's same as server url)

    Definitely overdue for a fix.

  • It's a very serious problem. I hope it can be solved

  • @havocx said:
    I've seen this myself before & reported it too. Changed my hostname as a result because that seems to be the most tangible info leaking (e.g. if it's same as server url)

    Definitely overdue for a fix.

    If a visitor lands on the client area main summary page, it leaks your name and address. (This is the worst part imo)
    If they land on the services page, your hostnames and package types are leaked.
    If they land on the tickets page, your tickets will show.

    Thanked by 2AlwaysSkint havocx
  • I was reading the original post and I had this very thing happen to me multi-able times and I had reported it to them and HostDoc kept telling me I was the only client reporting the issue. This extremely concerning that it sounds like i was being lied to especially when it comes to my privacy.

  • @iTDave said:
    I was reading the original post and I had this very thing happen to me multi-able times and I had reported it to them and HostDoc kept telling me I was the only client reporting the issue. This extremely concerning that it sounds like i was being lied to especially when it comes to my privacy.

    I am now accused of smearing the Doc. :)

  • jackbjackb Member, Host Rep
    edited January 2020

    @dahartigan said:

    @havocx said:
    I've seen this myself before & reported it too. Changed my hostname as a result because that seems to be the most tangible info leaking (e.g. if it's same as server url)

    Definitely overdue for a fix.

    If a visitor lands on the client area main summary page, it leaks your name and address. (This is the worst part imo)
    If they land on the services page, your hostnames and package types are leaked.
    If they land on the tickets page, your tickets will show.

    Sounds like a caching reverse proxy is misconfigured. Whmcs pages and similar should be no-store.

  • @iTDave said:
    I was reading the original post and I had this very thing happen to me multi-able times and I had reported it to them and HostDoc kept telling me I was the only client reporting the issue. This extremely concerning that it sounds like i was being lied to especially when it comes to my privacy.

    Yeah mate, definitely not the only one it happened to. Even now, as of a minute ago on LES, his approach is to just keep fixing it as it happens and blame us for bringing it to attention so it can't be swept under the rug anymore..

  • @poisson said:

    @iTDave said:
    I was reading the original post and I had this very thing happen to me multi-able times and I had reported it to them and HostDoc kept telling me I was the only client reporting the issue. This extremely concerning that it sounds like i was being lied to especially when it comes to my privacy.

    I am now accused of smearing the Doc. :)

    Yeah and me too, it's crazy actually!

    @jackb said:

    @dahartigan said:

    @havocx said:
    I've seen this myself before & reported it too. Changed my hostname as a result because that seems to be the most tangible info leaking (e.g. if it's same as server url)

    Definitely overdue for a fix.

    If a visitor lands on the client area main summary page, it leaks your name and address. (This is the worst part imo)
    If they land on the services page, your hostnames and package types are leaked.
    If they land on the tickets page, your tickets will show.

    Sounds like a caching reverse proxy is misconfigured. Whmcs pages and similar should be no-store.

    It's possible, perhaps @HostDoc can look into those suggestions

  • hzrhzr Member

    Wtf is "just keep fixing it"? Manually clearing the cache?

  • dahartigan said: whmcs caching pages

    I wasn't care about the mentioned issues before reading this. Now I remember, when I enter their WHMCS pages, on the top right corner there's something like "Hello, 用户名".
    I refresh the page then it's gone.

  • @hzr said:
    Wtf is "just keep fixing it"? Manually clearing the cache?

    Pretty much :-S

    Someone will report it, it gets "fixed", repeat.

    @Coffee said:

    dahartigan said: whmcs caching pages

    I wasn't care about the mentioned issues before reading this. Now I remember, when I enter their WHMCS pages, on the top right corner there's something like "Hello, 用户名".
    I refresh the page then it's gone.

    That's what the problem is, those details belong to someone else. Someone else will log in and see your name and address too. That's why it's serious. Free personal details for all bad guys with no effort.

  • jarjar Patron Provider, Top Host, Veteran

    I remember something like that happening with a large provider in the past due to CloudFlare caching while attempting to mitigate a large DDOS attack. Maybe @HostDoc would share with us more about the software stack used on that server and we could brainstorm together, help a brother out you know.

  • Who let the docs out?

  • He has so many site with different theme/layout/whatever does not help either. I always confused when visit his site, some oder page has currency option, some don't...

  • @GayRun said:
    It's a very serious problem. I hope it can be solved

    Congrats on your first post

  • @jar said:
    caching while attempting to mitigate a large DDOS

    I think @HostDoc was using OVH mitigation system at one point (which was very quick to block my curious pings ... lol)

    Thanked by 1dahartigan
  • DPDP Administrator, The Domain Guy

    Yes I did experience this in the past and raised it to the Doc right away.

    Thanked by 1dahartigan
  • @dahartigan said:
    Someone will report it, it gets "fixed", repeat.

    Sounds like my Sydney VPS that is clearly on a server that is heavily oversold considering it had 50-70% IOwait and server CPU on the hypervisor would hit 70-90% utilization and was met with the response of one else is complaining about the server speed. Sounds like I given the same approach to There billing system that nobody else was having issues with.. lies have a funny way to come back to bite you eventually HostDoc!!!

    Thanked by 2Edmond dahartigan
  • @iTDave said:

    @dahartigan said:
    Someone will report it, it gets "fixed", repeat.

    Sounds like my Sydney VPS that is clearly on a server that is heavily oversold considering it had 50-70% IOwait and server CPU on the hypervisor would hit 70-90% utilization and was met with the response of one else is complaining about the server speed. Sounds like I given the same approach to There billing system that nobody else was having issues with.. lies have a funny way to come back to bite you eventually HostDoc!!!

    Ah yeah the SYD shitshow. You're definitely not the only person to notice that either. Extrapolate that across all experiences and you'll see the pattern emerge...

  • I wished i have screenshot of this same issue.. Chinese name in the profile. I have LA RYZEN plan...

  • DPDP Administrator, The Domain Guy

    @okgoogle said:
    I wished i have screenshot of this same issue.. Chinese name in the profile. I have LA RYZEN plan...

    I do but I'd rather not post it here due to privacy/sensitivity concerns.

  • @thedp said:

    @okgoogle said:
    I wished i have screenshot of this same issue.. Chinese name in the profile. I have LA RYZEN plan...

    I do but I'd rather not post it here due to privacy/sensitivity concerns.

    Agreed.. For support or proof of ongoing issues...

  • What is this issue about, since I've never encountered one ?

  • @Coffee said:

    dahartigan said: whmcs caching pages

    I wasn't care about the mentioned issues before reading this. Now I remember, when I enter their WHMCS pages, on the top right corner there's something like "Hello, 用户名".
    I refresh the page then it's gone.

    I faced exactly same issue i was surprised to see some other services under my hostdoc account in whmcs and another account name was showing up i refreshed the page and it was gone.

  • NyrNyr Community Contributor, Veteran

    The so called whitelist is kind of confusing to begin with and it seems like a list of hosts which just play cool with the community. It lacks plenty of big established and reliable providers and includes others which will need to restructure significantly or disappear within very few years (HostDoc being one of them).

    Don't take me wrong, the effort to help new community members away from scams and every contribution in that regard are of course helpful.

    Thanked by 1TimboJones
  • poissonpoisson Member
    edited January 2020

    @Nyr said:
    The so called whitelist is kind of confusing to begin with and it seems like a list of hosts which just play cool with the community. It lacks plenty of big established and reliable providers and includes others which will need to restructure significantly or disappear within very few years (HostDoc being one of them).

    Don't take me wrong, the effort to help new community members away from scams and every contribution in that regard are of course helpful.

    I am happy to include providers I have missed if you send them over. This is a side project and I do not promise comprehensiveness but if I come to know of more reliable additions, I will add them in. This project also depends on the community.

    Also, HostDoc was doing well, so the evidence wasn't against him. Furthermore, I don't want to penalise newer providers unnecessarily so I do check for user feedback and provider's responsiveness and attitude to make the decision. Ultimately, I have to make the judgement call, and I think the list, on balance of probability, is way safer than random Googling.

  • Probably should get rid of the whitelist all together. How much more evidence do you need that it's not helping anyone and only gives customers a false sense of security.

    Thanked by 1TimboJones
  • IMO the whitelist is just a recommended list that at least for now worth the money. All of the providers on the whitelist that I've used provided awesome service and was really worth the money.

    I'm pretty sure @poisson was trying to list providers that he thinks is worth the money, which I think is a great side project. :)

    Thanked by 1dahartigan
  • PieHasBeenEatenPieHasBeenEaten Member, Host Rep

    If a theme or theme integration is causing such a headache go back to the stock whmcs theme till you figure out wtf is going on. Really that should of happened after the first report.

Sign In or Register to comment.