New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What happened to Clouvider earlier... Why was a serious post like that removed?
noobjockeys
Member
in General
clouvider.net was compromised and hosted on the same server as .com and .co.uk
No explanation?
Hacked By Katyushahttps://clouvider.net
Comments
For real?
Yeah, the guy posted in haste but deleted his post content, saying he was mistaken.
Apparently, not. I even said my bit, too, the nigh is end stuff.
Oh wow it's true! That's unusual to see the website of such a provider compromised like that. Wordpress?
I feel like this type of event should be announced as an official statement from Clouvider...
If WP, I bet it was a plugin.
A butt plugin.
Yeah and not covered up (allegedly?) @Clouvider
Possible deadpool?
ROFL!
Interestingly the cached results show a pretty much empty directory on the 21st including the sxc.php file and then the "hacked" version a couple days later on the 23rd.
Doesn't look like there was a WordPress site there to be able to be exploited.
I use WordPress but it's not connected in any meaningful way to anything of value, so long as anything unexpected is removed extremely quick so as to not be able to trick a user into a compromising situation (like a false login form). If he's using WP as well I'd expect a similar scenario. WP is fine, so long as it's never connected to client data.
WP always being a reasonable assumption when a site is compromised.
I thought the same when I saw that image, perhaps WordPress was installed and compromised, then they nuked his wp install?
I generally do not like the silent type when a disaster strikes tho.
The user account tends to become compromised, so unless they run whmcs and WordPress under the same httpd user...
Nah, not possible. Only a dumb kid does that.
Yeah best to just not even have it on the same system. Root it for all I care 😂
I could settle for separate docker containers not linked to the same DB though.
Jesus haha running WordPress as root for lols?
Nah, but might as well if it's the only thing on the system anyway lol
Shots fired haha
I'm not gonna lie, I run a "few" things under such circumstances just fine, but they aren't business apps.
A good admin will usually talk after going over it all. A rare exception being my chat because talking to myself as I do it is a weird way I sort my thoughts.
I've had a few "personal" issues with Dom (a long time ago by now) but I understand he has a reputation as an excellent admin, so it's likely top of his mind already..
It's not that it was a mistake, but that I first wanted to notify the provider himself about the incident.
Good Evening,
At approximately 20:30 today (UK/London Time) we were made aware that one of our websites had been defaced, we are still currently investigating this and will release a full statement when we have concluded our investigations.
We would like to assure you that the targeted website clouvider.net holds no Customer data, it was simply a redirect to clouvider.co.uk with a minimal file structure and has no other function or access to any other services.
All of the subdomains for clouvider.net that are connected with functional internal infrastructure servers are completely separate and in no way impacted by this.
A more detailed statement will follow at the appropriate time.
Course of events:
1. I browse LET for offers, I come across an offer from Cloudvider, I find a serious bug on their website which allows general access to everything.
2. I am browsing other hosts/domains and I notice that someone was faster and there was a hack.
3. I create a LET post thinking that the .net domain is the main domain. I don't notice that the .com domain is still working.
4. I delete the content of the post, write a message to cloudvider asking for contact (so far I am waiting for contact).
5. Moderator gives me a warning and removes the post at my request.
Phew, customers' sexual orientation data is safe!
Praise the Moon!
Ph!
But could you contact me?, because I still have access to your Github and LibreNMS. You have saved access tokens in your github repositories. So it turns out it's a different leak/bug.
Edit: Contact established
You are a great person Hotmarer. Not only ticket/mail, but you even "bumping" it here. This thing just made me happier, thank you.
So a great provider on LET was hacked. So much professionalism. Drama continues.
For what exactly you received a warning?