- Please close the thread / resolved

Status
This thread has been locked.

Vensity

Feedback score
0
Posts
9
Reactions
6
Resources
0
Thanks, I will keep these threads open and active till the issue is fixed or situated.

Still talking to the founder, Mitch.
 

YAML

Feedback score
0
Posts
49
Reactions
20
Resources
0
Currently talking to bcroca on skype.

Doesn't believe a word i say , says im bullshitting.
Also they said I couldn't take it to court b/c they're in australia.
They're completely protected.

At this moment, im asking for contact with Mitch. Won't reply back.
Give me your court case, and I'll deal with it, I'm in Australia, haha, just kidding, I'm too young to take a court case haha!
 

Switchbladed

Premium
Feedback score
1
Posts
119
Reactions
218
Resources
0
We've been investigating and before anyone makes any more assumptions, Funnygatt and Shockbyte have not been compromised, nor was it Funnygatt who did this. (We have not confirmed yet if Funnygatt's Minecraft account was compromised). I've been speaking with Vensity trying to figure out what happened. So far we've found Vensity's client account was in fact compromised, but not through Shockbyte. This was from a user using a VPN hosted with another host on this forum. The user that hacked Vensity submitted an immediate cancellation request in our system, which resulted in his server being deleted. After checking logs, it seems Vensity may have accidentally given FTP access to Funnygatt, then later checked and assumed it was Funnygatt who gave the FTP access.

We're still investigating and I'll post some more information/clear some things up once we find out more. Anyone is welcome to PM me if they have any questions.
 

Jack

Retired Moderator
Supreme
Feedback score
11
Posts
1,209
Reactions
1,462
Resources
0
First post just to post this?
@Shockbyte What are your opinions on this accusation?
Personally I don't see how he acquired your password because I don't think (could be wrong) that Shockbyte gives out db access to their reps.
WHMCS sends your password in plain text in a welcome email.
Anyone with support/admin access can check past emails sent to your account and can get your password from there.
That's why when you use WHMCS you should use a different password than your other ones.

But reading the rest of the thread looks like this has basically been resolved?
 

VG.Developments

Java Developer
Premium
Feedback score
0
Posts
740
Reactions
398
Resources
0
I wouldn't be shocked if this was the case of someone using the same password for everything & it was simple. Common sense tells me to use multiple passwords. Of course someone could of hacked it, but still, multiple passwords fixes this issue and only a few things will be compromised.
[/rant]
 

Switchbladed

Premium
Feedback score
1
Posts
119
Reactions
218
Resources
0
WHMCS sends your password in plain text in a welcome email.
Anyone with support/admin access can check past emails sent to your account and can get your password from there.
That's why when you use WHMCS you should use a different password than your other ones.

But reading the rest of the thread looks like this has basically been resolved?

Actually, that's not the case. Yes, by default WHMCS will send new account passwords in plain text, however we have removed this. The only password sent in plain text is a randomly generated password created for the Multicraft panel, however we recommend that this is changed again by the account owner. Also, WHMCS has a very extensive permissions system, only staff with access to emails and see previous emails.

The issue was not due to a Shockbyte staff member, nor was Shockbyte's security breached. It seems the client had all of their accounts hacked by someone completely unrelated to Shockbyte. More information will be provided shortly.
 

OSTKCabal

I run Ready2Frag.
Supreme
Feedback score
0
Posts
81
Reactions
71
Resources
0
After conducting a joint investigation with our friends over at Shockbyte, and using the supplied IP, we've found that it is one of our VPS clients. While this is the first complaint of wrongdoing from this specific client, we take any and all reports seriously.

Our Acceptable Usage Policy has a clause that prohibits our users from launching malicious attacks.
"Network Security:
Customers may not use the Ready2Frag network with an attempt to circumvent user authentication or security of any host, network, or account. This includes, but is not limited to accessing data not intended for YOU, logging into a server or account YOU are not expressly authorized to access, password cracking, probing the security of other networks in search of weakness, or violation of any other organization's network security policy. YOU may not attempt to interfere or deny service to any user, host or network. This includes, but is not limited to flooding, mail bombing, or other deliberate attempts to overload or crash a host or network. Ready2Frag will cooperate fully with investigations for violations of system or network security at other sites, including cooperating with law enforcement authorities in the investigation of suspected criminal violations. User who violate system or network security may incur criminal or civil liability."

The client has been suspended pending a response/explanation, as we believe that both sides of the story should be shared.

We'd like to remind our clients and Shockbyte's clients that neither of these incidents were directly related to our respective hosts. None of Shockbyte's staff or systems were compromised, and none of our staff were involved in the attack. As the client had never been involved in a security complaint before, we had never directly investigated the usage of his service. At the completion of our investigation, it is highly likely that the client is at fault, and we're dealing with it.

Thank you.

Wyatt T. / Head of Operations
 

Fl0w_SKIST

Feedback score
0
Posts
247
Reactions
90
Resources
0
After conducting a joint investigation with our friends over at Shockbyte, and using the supplied IP, we've found that it is one of our VPS clients. While this is the first complaint of wrongdoing from this specific client, we take any and all reports seriously.

Our Acceptable Usage Policy has a clause that prohibits our users from launching malicious attacks.
"Network Security:
Customers may not use the Ready2Frag network with an attempt to circumvent user authentication or security of any host, network, or account. This includes, but is not limited to accessing data not intended for YOU, logging into a server or account YOU are not expressly authorized to access, password cracking, probing the security of other networks in search of weakness, or violation of any other organization's network security policy. YOU may not attempt to interfere or deny service to any user, host or network. This includes, but is not limited to flooding, mail bombing, or other deliberate attempts to overload or crash a host or network. Ready2Frag will cooperate fully with investigations for violations of system or network security at other sites, including cooperating with law enforcement authorities in the investigation of suspected criminal violations. User who violate system or network security may incur criminal or civil liability."

The client has been suspended pending a response/explanation, as we believe that both sides of the story should be shared.

We'd like to remind our clients and Shockbyte's clients that neither of these incidents were directly related to our respective hosts. None of Shockbyte's staff or systems were compromised, and none of our staff were involved in the attack. As the client had never been involved in a security complaint before, we had never directly investigated the usage of his service. At the completion of our investigation, it is highly likely that the client is at fault, and we're dealing with it.

Thank you.

Wyatt T. / Head of Operations
Too much to read.. I quit
\
 
Status
This thread has been locked.
Top