New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
There is too much activity in this thread for me to reply to everyone individually.
As mentioned on the other forum, I believe there are different motivations behind this thread but, let's leave emotions at the door.
A statement has now been issued addressing the data leak.
I can only apologise for the problem at this junction.
I would like to reassure all users that their accounts and VPS are secure and not accessable by outside parties.
Regards
Condoms and vaccines follow the same arguments. They are not 100% but people are very likely get STDs or infectious diseases without them. I operate on a probabilistic model, and so far I have been wrong once, which is acceptable.
Once again, I invite you to share evidence. There are many more data points that have surfaced and surely these customers have "motivations" too?
@HostDoc said:
Honestly, my motivation is that you hopefully take it seriously now and don't brush it off as minor because the only thing that leaked is personal details and not access to VPS themselves. In many cases, the data on the VPS is worthless compared to personal details.
Great, but what about personal details? Can you assure everyone their personal details are safe with you?
I want to see you succeed @HostDoc but far out man, if it were me, I'd take the billing system down until it's fixed properly. This isn't personal, but my personal details are, you feel me?
He sent an email about it that it is already fixed. Also, I’d trust a random HostDoc’s customer over alpharacks and woothosting about personal details, just saying.
There's usually a disclamer on the condom package
As with most other tools - it can be good, or bad - depending on how it is used.
We can't reasonably expect any single person to be constantly checking the service quality of more than a few hosting providers they themselves are using. Hence - I wouldn't even trust my own recommendation of hosting providers who's services I have used, but am no longer with them - even a 6 month old info can be considered not very relevant.
However, it is as good as it gets for a starting point. Having a, what I believe to be, an objectively created and maintained (as good as possible) list of hosting providers who have been solid so far and have a good reputation (with an added disclaimer like: "as far as I know", or "to the best of my knowledge").
Without such lists, one is left with "top 10 hosting providers" googling, which returns paid and suspicious reviews. Or go completely random.
This way - at least the probability of starting off with a good low budget hosting provider is much greater. Takes fewer trial and errors.
I, for one, appreciate the effort Poisson is making and think having such information is very useful and helpful. It seems as methodical and objective as possible and probably takes a lot of time and discipline to build and keep up to date.
I also believe that this public sharing of info about HostDoc was with best intentions - not aimed at bashing them - as much as one can judge other people over the Internet.
Reasonable course of action (in my opinion) would be a public disclosure by HostDoc about why it has happened, how it was resolved and what has been done to prevent the same/similar problem from re-occuring.
If I were a hosting provider, think I'd prefer to be notified more discretely, if for no other reason, then to prevent any extra data leakage. Though I believe this was done in this case - months before this publication and it's been made public only after receiving no convincing information that the problem is being dealt with (hope HostDoc will correct me if I'm wrong).
Either way, there's no shame in having a problem - it happens to everyone. Own it, fix it. Sure there are loads of third party apps that providers don't really have a control over and I'm sure it's a tough line of work. The bad that comes with the good.
You are right. Let me get the fine print on the whitelist this week!
When it happened to me (seeing a Chinese account), I expressed the seriousness of the incident and was seemingly 'taken onboard'. To find out months later the the problem persisted is galling. As others have said, an immediate takedown of the Client Area should've been done, returning the software to basics. KISS philosophy.
Nope. Chinese & Americans are the worst spammers, IME.
I reported/worked with the Doc regarding this issue a few weeks back and with my experience, even with the default WHMCS theme, at that time, the issue persisted.
Ok that's not something pleasant to know
I don't know what to feel any more. Every time a possible explanation is given, someone comes along with a somewhat credible account negating the explanation. 😂
As per the email sent a few hours ago, the leak was due to a tawk.to module?
Some of the more technically inclined LET members have looked at the code and said they don't believe the tawk.to module caused it.
Default theme without tawk?
The default theme still had tawk.to loaded via the module.
At this time, we were working closely with WHMCS and the module had not yet been identified as the cause.
Please note there are three ways to implement tawk.to to WHMCS.
We initially used their module. Upon a template change, the code was manually added to the footer.tpl file.
I think this change clarifies the timeframe of the statement and avoids confusion (past vs present).
I'm kind of surprised something like tawk would even require a module, instead of at best a footer change to add some JS.
If I remember correctly it lets it pull data from WHMCS into Tawk.tk if the client is logged in, makes it simpler to confirm users and access stuff. I haven't used it in a long time though.
It's not smearing if it's on topic and true (have evidence). You want to bring up non-related issue like illegitimate kids or cheating on a gf, that would be smearing.
Sounds useful but pretty dangerous at the same time to let a 3rd party plugin access customer data. I don't know why anyone would implement that to begin with.
Easy/quicker to spot an existing client and reference their service(s).
Plenty of live chat apps do it. WHMCS official one (developed by third party), LiveChatInc (which I use), Tawk.to. Regardless, that isn't his problem.