BuffaloHELP
Sep 26 2007, 05:22 AM
For some time I have been noticing too many patterns in problems with hosting accounts and their passwords. We have a topic that started here: http://www.trap17.com/forums/index.php?showtopic=51508As I manage to regain the control to these accounts I began to notice some odd incidences. Namely, I have been noticing that the last IP to enter these hosting accounts had similar origin location. The origination is from Vietnam. And account effected are passwords with simple and dictionary related passwords. I will be dealing with the culprit. In the mean time, dear hosting members, please please follow my instructions as I have been preaching this from the beginning! Do Not Start your password with a word that's found in a dictionary. For example "acehorse" Do mix alphabets and numbers. Do mix cap letters and symbols. Do rotate your passwords regularly. Do check your last login IP on your cpanel. This is the first indication of intrusion. This includes your forum password as well. Your forum account is the gateway to your hosting password change. This finding will be sent to OpaQue so that he can take the next measure of defense.
Reply
BuffaloHELP
Sep 26 2007, 07:07 AM
I have been informed that users "punisher" and "brandon" might be experiencing some issues as well. But until they contact me I will not take any action to attempt to reset their passwords. Guys, please PM me if you read this.
Reply
Jimmy
Sep 26 2007, 10:04 AM
Thank you for the information. This is quite worrying for all our accounts' security. I have a couple of questions that would probably answer people's first questions: I just logged in and have not experienced a password change. I changed it from the simple dictionary word (oh dear) I was using to a much more secure code now. Does this mean that my account was unaffected? Is it possible that our files have been altered if the password has not been changed by the "intruder"? Have there been any instances of files modified on people's hosting? If so we will need to check all of our files. Last but not least, Is there any way to see a list of all the recent logins, not just the last login, and their I.P. addresses? Regards, James
Reply
Saint_Michael
Sep 26 2007, 04:38 PM
QUOTE(Jimmy @ Sep 26 2007, 06:04 AM)  Thank you for the information. This is quite worrying for all our accounts' security. I have a couple of questions that would probably answer people's first questions:
I just logged in and have not experienced a password change. I changed it from the simple dictionary word (oh dear) I was using to a much more secure code now. Does this mean that my account was unaffected?
Is it possible that our files have been altered if the password has not been changed by the "intruder"?
Have there been any instances of files modified on people's hosting? If so we will need to check all of our files.
Last but not least, Is there any way to see a list of all the recent logins, not just the last login, and their I.P. addresses?
Regards,
James The only way that you will know if your files have been altered if you go through them and match them against the ones on your computer, or if your files are not displaying correctly in the browser. I would think it would be appropriate to display the IP number that is being used so the hosted members can check it against the latest visitors log. Also I believe the RAW access logs can be used to check to see who has access the account. I know at the admin level they have all those logs as well so most likely they are cross referencing that IP number to all the account and see who else this person tag, because it seems astahost got caught in this mess as well. The main question is though did the person go after individual accounts or did he get get root access in the system at all?
Reply
Jimmy
Sep 26 2007, 05:08 PM
QUOTE(Saint_Michael @ Sep 26 2007, 05:38 PM) The only way that you will know if your files have been altered if you go through them and match them against the ones on your computer, or if your files are not displaying correctly in the browser. Thank you for the lengthy reply SM.Well matching files is a bit of a problem for me since I don't have an up-to-date backup that I know of. (conducted one a couple of weeks ago) Hope I can remember the code and spot any bad stuff. I think it would be much more convenient to check the I.P. logs rather than go through the files manually!!!! QUOTE(Saint_Michael @ Sep 26 2007, 05:38 PM) I would think it would be appropriate to display the IP number that is being used so the hosted members can check it against the latest visitors log. Also I believe the RAW access logs can be used to check to see who has access the account. Okay, thank you I will have to check them. I would also agree that its a good idea to put at least half / most of the offending I.P. Address for the members to check against, if not all of it so we can check the problem. I have logged into my account from a number of computers (around the country!) and would have no idea which I.P. address may be bad! QUOTE(Saint_Michael @ Sep 26 2007, 05:38 PM) The main question is though did the person go after individual accounts or did he get get root access in the system at all? That is an excellent question, but from the sound of Buffalo's explanation it sounded like only accounts with weak passwords were hit. That sounds like he or she may have had a brute force or maybe rainbow table running on our cpanel accounts. Perhaps over the period of a long time. Yet another reason why if you change you're password often it's difficult to crack.
Reply
angad619
Sep 26 2007, 05:27 PM
Probably even my password was affected. But I managed to pool up some credits and got my password changed. Let me bring to your notice that while doing so, after I had put my forum username and pass, the page said something to the tune of: Account verified..... Changing Password..... Do not reload..... could not change password... But then my password did change to the new one. When I then logged into my cpanel my disc space usage was 20/20MB. I haven't uploaded anything in the past few weeks. How did the disc usage increase now?? I am now trying to pile up more credits to request for a hosting upgrade 
Reply
BuffaloHELP
Sep 26 2007, 08:49 PM
angad619 Your account came up as one of "problem" accounts but I was told probably not. Look through your directories and see if you find any suspicious files or folders. Brute force, indeed, was used to break into accounts with weak or predictable by password cracking script. As for the process page showing some error messages, OpaQue is working on the version 2 of the Process page. Therefore you might see some error message but the service would perform as it should. The security for Trap17 hosting accounts worked as it should (in acceptable standard) since only a hand-full of accounts were effected and not all 200+ accounts. But before the culprit was banned it did some damage. Although the penetration rate is way below the tolerance level, I do apologize for any inconveniences this has caused. I could say something in regards like you should have done this... you should have done that... but at the end at least we are able to recover from this disaster. Let's use this experience as a learning point. Trap17 is now aware that its firewall is not perfect. And our hosting members will prepare better for the future by having stronger passwords. Hopefully, there will be no next time.
Reply
serverph
Sep 26 2007, 09:18 PM
some more tips: the length of the password lends to a more secure combination also, something which exponentially increases security especially when brute force technique is employed. in short -- the longer, the better. an additional good measure is to have a separate set of password for your cpanel, VERY MUCH DIFFERENT from your forum password. it's very likely that some members here have the same passwords for both, which gives higher risks for both the forum account and the hosting cpanel. in the likelihood that one is compromised, it compromises the other as well. it's better not to compromise both at the same time.
Reply
Saint_Michael
Sep 26 2007, 10:19 PM
I am so glad that I did change my password a few months ago or be in the same boat as everyone else, because it was a common password as well, not dictionary common but common either way. I found an interesting site, well it was the first on the top of the list, this website test the password strength (how hard it is to crack). I wouldn't doubt there are other sites like that so make sure if you do plan to use this website make sure you alter the password once again just in case for double protection. one more thing never, ever, ever use a password generator regardless how secure they say it will be because it won't take much to crack how that generator works. Also here is a interesting article from Microsoft about security, yeah I know but it could still be useful though.
Reply
Jimmy
Sep 27 2007, 04:52 PM
Buffalo, is there any way you can list the I.P.(s) that were used to force people's accounts? The log file on my site is far too long to check all of it. If I could just search for part or all of an IP it would seriously help speed up the checking! Thanks
Reply
angad619
Oct 3 2007, 05:45 PM
Ban Me Corp The guy doesn't want to disclose his identity! But what's the use of having a domain name like 9xYenBai.Com?? Whoever can remember a name like that?? Even though he hacked my account, I can't remember his URL!! But he was considerate not to delete my stuff. He just put his illicit MP3s in the ramaining space available in my account. Did he expect he won't get caught??
Reply
hitmanblood
Oct 3 2007, 02:27 PM
Also maybe good thing would be to place all the accounts that weere affected on certain list so people can check it out. Well, I certainly would like to see whether I am on the list or not.
Reply
Sprnknwn
Oct 3 2007, 11:44 AM
Oh, I'm in the same situation. I've just noticed this. Fo tunately I haven't had any problem yet but I'm going to change my password right now just in case... 
Reply
Galahad
Oct 3 2007, 09:18 AM
Jeez! Didn't even notice this topic until today... I was lucky though, that my account was not affected by this, probably due to a fact that I don't use dictionary words, and like to make my p4S5w0rDs a bit complicated  It appears to me, that the hacker wanted to use someones bandwidth, or something, to host those files found in that directory... I got curious (as I always do), and checked a whois on that domain... Here's what I got: QUOTE Visit AboutUs.org for more information about 9xyenbai.com <a href="http://www.aboutus.org/9xyenbai.com">AboutUs: 9xyenbai.com</a> Registration Service Provided By: Google, Inc. Contact: apps-support@google.com Visit: www.google.com/a/ Domain name: 9xyenbai.com Registrant Contact: Ban Me Corp (banmecorp@gmail.com) +1.3215488754 Fax: 21 wall alaska, as 32515 US Administrative Contact: Ban Me Corp (banmecorp@gmail.com) +1.3215488754 Fax: 21 wall alaska, as 32515 US Technical Contact: Ban Me Corp (banmecorp@gmail.com) +1.3215488754 Fax: 21 wall alaska, as 32515 US Status: Locked Name Servers: ns1.10sec.com ns2.10sec.com Creation date: 23 Jul 2007 02:06:39 Expiration date: 23 Jul 2008 02:06:39 And, copied from AboutUs, containing this sites' description: QUOTE Entertainment, Free Music Online, VietNam, thatlong,9xYenBai.Com,thatlong I suppose this guy (or girl, or many of them  ) are trying to perform large scale bandwidth theft from Trap17 members, obviousely succeeding in that for a short period... Lucky for us we have such vigorous admins that keep an eye for us... I would also join the appeal to disclose perpetrators IP's, in order to include them in my scripts, and effectively ban them from my websites, to prevent any future hassle with them... Also, because of this, my password just doubled in length, so now, crackers would have about 12,401,769,434,657,526,912,139,264 combinations to go trough... So I guess, in about 39,325,752,900.35 years, they could reach the solution yay me... Check these pages for some info on passwords... Calculate your password strength, and Calculate time needed to crack you password
Reply
BuffaloHELP
Oct 3 2007, 03:39 AM
Yes. Members who are affected by brute force FTP hacking can contact me ASAP so that I can regain their accounts. I still see 8 accounts with yahoo.com.vn as their cpanel contact email address. This is the very hacker's email address that caused all this. Please check the contact email address in your cpanel if you already have not done so.
Reply
Recent Queries:--
hosting - 314.33 hr back. (1)
Similar Topics
Keywords : alert, notice, hosting, members, urgent
- The System Doesn't Let Me Apply For Hosting Upgrade [resolved]
(4)
Hosting Credits Problem? [resolved]
(9) Hi. Last night I had HOSTING CREDITS : 29.67 DAYS credits. Now I have HOSTING CREDITS : 7.06 DAYS.
How on earth did they get reduced that quickly? I am so confused. Any help please?....
Help With Hosting - Cant Get Anything To Work [resolved]
(6) Hi, im sure im being stupid and missing something obvious. But i cant get my site to work /sad.gif"
style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" /> The original index.html page
says to put pages in "public_html" But when i do that, and try to access the page, i see the
original index.html file. any suggestions, sorry, cant really be more specific, i dont really
understand whats going on! :S....
Terminating Hosting Problem
(1) Well, a few days ago I terminated my hosting using the Credit System 2.0, but it still has me in the
group on the forums, which is making my credits go down for nothing. I need this fixed please.....
Help Regarding Phpbb2
URGENT PLEASE ! ! ! ! ! (5) Hello Friends, I Need an Urgent help.I had installed a phpbb2 forum onto my website and i was
having it perfectly alright.But Unfortunately i found that many of the users who have joined are
because of spam , those spammed users post all pornographic content and so on.The thing which puts
me down is that inspite of the code verification in the signup page of the forum how come these spam
enter into my forums ? Moreover now i have ennabled admin approval during registration but still
even though i dont approve them i see their names in the board and their profiles are av....
Hosting Problem [resolved]
403 Forbidden Error occurs whenever I try to access my site (22) First off, let me say that I have spent considerable effort and time going through the forums
seeking solutions for this problem. I have even gone as far as to seek help from the Xisto Live
support team (they suggested I wait 2 hours and then get back to them. Well I did that, and there
has been no change, and live support is now down). I've also tried changing permissions on both
files and folders via Cpanel, but to no avail. I still end up with the same error: QUOTE
Forbidden You don't have permission to access /index.php on this server. Additionally, a 4....
A Couple Of Doubts
Regarding ssh and gzip, and those hosting credits loool (4) Hello, First of all, thanks for accepting my request for hosting. I do, however, have some
questions about it: When I first checked out trap17's website, I noticed you provide shell
access... Is this really true? If it is, would I be able to run, for example, an irc bot with the
account? Another thing... Your web server does not gzip content. This causes more traffic to be
generated, etc etc... Is there any chance to activate this feature? The question regarding credits
is a fairly simple one. I'd just like to know how you assure posting quality.. I mean, the c....
How Do I Close My Hosting Account?
(1) I would like to close my hosting account because I am moving to a new paid host but I am unsure how
to close the account so that if I need to in the future I can open it without having negative
credits. (I realize that all my info from my site will be wiped and if I reopen it will be from
scratch and Ill probably need to get the 30 creds again and what not)....
I Am Looking Into Going With A Paid Hosting Service And Trap17 Has Been Good To Me So Whats The Paid Hosting's Website?
(7) I am looking at different solutions for paid hosting and I know that that trap17 has some connection
with a paid hosting company and I would like more info about it because I like the way this place is
run and it has been a good place to have my website. So what is the site for the paid hosting?....
How Do I Delete My Hosting Account?
(2) I currently don't have the time to keep up with this forum and a website in addition to my job.
So, how would I delte my hosting account? I don't want to delete my trap17 forum account, I
like the discussions here, and I may want to try a website gain someday, but right now I don't
have the time. Is it possible to keep my forum account but have my hosting account deleted? Thanks
for any and all info!!! Byron Arnold....
Problem With My Email : [urgent]
Can't send or receive email. (1) Hi, I'm having a serious problem. I had a mail account set up through my Cpanel. My site is
zoebelkin.co.cc and my mail server is mail.zoebelkin.co.cc!!! The mail account which
I'm talking about is admin@zoebelkin.co.cc But for a week I was not getting mail. Now
that's wierd cause I get something around 10 mails daily. I then sent a mail from one of my
other mail id at other mail host whose address is dave2@bluebottle.com just for testing my server.
But the message didn't ever reach my mail server. I sent many other mails from some other mai....
Transfer To Free Hosting? [resolved]
(9) I am in the negative points as we speak here just to state that. I have had a couple times when I
have went negative because of certain reasons but I have been way to busy lately to do anything but
my personal life. I can't afford to come check here and post as often as I used to. So my
question then would be is there any way I can get my account changed to free hosting with the text
ad? I would really like to not have to make a whole new account and lose all of the stuff from my
hosting now and also my forum account. If it is needed that I post up enough to get pos....
Is Hosting Down?
(4) I am not sure.. Is the hosting of websites down in trap17.com My site
http://www.computerkindness.org is not loading. I checked it with,
http://downforeveryoneorjustme.com/ and it tells me, the site is down. Can someone provide me more
info on this. thanks.....
Sub Domain Problem : Urgent
Cannot access my sub domains (10) Hi, I am having some serious problems with my sub domains. I registered a site with trap17 named
http://zoebelkin.co.cc . Then I made 2 sub domains for the site. One is for the forums section
and the other is for the gallery section. 1> forums.zoebelkin.co.cc 2> gallery.zoebelkin.co.cc
Whenever I type these in the browser adress bar the browser gives an output that it cannot find the
web sites. But they are complete and should show something. Also using www. in front of the sub
domains didn't help. Is www. needed in front of the sub domains. Could you just....
Change To The Way Hosting Credits Work?
Was something changed when I wasn't looking? (8) I was just wondering if something changed in the way that the hosting credits work here... because
I'm pretty sure that I had enough credits to last a few more days, cause I built up a bunch the
last time I was here... but since I noticed that I haven't gotten many hits today, I checked my
site to see if it was still up and running. That tends to be how I see if I need to get back over
here and posting. Well, I can understand if I ran out of points, cause it certainly wouldn't be
the first time... but what's getting me is that my site has been down less ....
Free Domain Hosting Down? [resolved]
(5) hey all, it was about one hour ago that my website stopped working, apart from my home page which
is 30 bytes and not even proper html (a temp page). around 15mins later, a200 noticed he had the
same problem. then, the cpanel stopped working, followed promptly by the ftp. when i try to access
the cpanel now, i get the following message: QUOTE Sorry for the inconvenience! The
filesystem mounted at / on this server is running out of disk space. cPanel operations have been
temporarily suspended to prevent something bad from happening. Please ask your system adm....
I'm Pretty Much Completely New To Hosting
so could somebody give me some starting tips? (5) This is the first time I've used anything like this. Could someone tell me how to publish things
to the website etc. thanks =]....
Existing Domain With Free Hosting
(4) can i use my existing domain (mydomain.info) on this hosting and, can you please eksplain to me how
thank you....
I Am Hosting For The First Time
I am a little nervous now. (12) This is first time i uploaded my website(i was happy). Now iam nervous. I cannot see my website
after upload. My website name is cncinfotech. When i typed domain cncinfotech.trap17.com it show
apache welcome message. My domain is www.cncinfotech.uni.cc QUOTE Great Success ! Apache is
working on your cPanelŽ and WHM™ Server I already uploaded my index page in public_html
folder. I asked to each by chat. Everyone tell we are able to see your website. Every one said me
"Your website title is silverside" ,"Your website based on forex". There are detail rela....
Question About Hosting Getting Re-activated [resolved]
(3) Good day! I have some questions about my hosting account. I have been idle for quite some time
and unfortunately, I wasn't able to gather enough credits so my hosting got suspended (after my
credits reached negative). Last weekend I gathered enough (around 10 credits) so my website could be
reactivated again. I was told by my friend yesterday that my site was now accessible however, I
realized that it was only my main page that has been activated, the subdomains were not. Whenever I
try to access it, a trap suspended page keeps on appearing. Can anyone please exp....
Trap17 Offers 17 Mb Of Free Hosting
(11) Imagine that trap17 can offer 17 megs of free hosting to any member registered to this forums. I
mean, 17 megs of space shoudn't be too much fot this huge hosting company like trap17. You would
only need to geather 100 credits on forums, with ultra quality posts and you can get your 17 megs of
space for at least one year. I think it's great idea, don't you? /dry.gif"
style="vertical-align:middle" emoid=" ....
Unexpected Hosting Deletion - My Apologies
(0) Today, I have managed to screw some 10 hosting accounts. It was my mistake by running the script
while we're in the transition from Process v1.0 to Manage v2.0 Hosting Account System. For your
information we will be using trap17.com/manage instead of the process page from now on. Due to my
unfortunate action, OpaQue has quickly restored those 10 accounts but their hosting credits cannot
be certain. If you notice any hosting credits incorrectly stating in your account please PM me
directly and I will make things right and true. Again, I sincerely apologize for my a....
Question About Changing Hosting Type.
(5) I was wondering if it is possible to do the following thing with my trap17 account. Since school
has come by again I keep finding it harder and harder to keep my credits up because a lot of nights
I don't even get to look at the computer. I also have noticed that I am not really using trap17
for hosting a lot of websites but more files and such not. I was wondering if I am able to
downgrade my account for the time being to the account with the "One text ad" version. But a
question on that, that I have is: if I host an image with my account that way and put the ima....
Downgrading A Hosting Package 2
(9) I've been wondering for a while now, since the amount of days is hardly piece to achieve. Are
the days we get for our account fewer when applying for the hosting package 2, comparing applying to
the hosting package 1. Theoritical it would make sense, because it requires 20 more credits for the
package 2. If we posting a post in the forum do we achieve more days for that post if we having
package 1? If thats the case, are there any opportunity for downgrading to a package 1 account?....
Please Help Me With My Hosting
(3) I am trying put my scripts on my site and i upload all scripts to my ftp i put outside all files
like u cplanel and all other i put them there then i went my phpmyadmin and uploaded the db it
didn't work so i deleted the trap17 html index file or what ever that thing is now says 404
error can soemone please help me my website is clan-cw.trap17.com....
Hosting Forum Using Trap17? Help
(5) hello there, how can i host a forum using trap17, im a hosted member i can go thorw my cpanel, but i
wana host a forum to get members and stuff. so can someone plz tell me on how to code a forum or
creat a forum using trap17 cpanel or any other way.....
Bought Credits Not On Hosting Account [resolved]
Money was recieved but no credits (7) I have this problem for at least a week now. I bought 6 months woth of credits because i am going to
be out of town for some time and wont have computer access. So I decided to buy some credits so my
site can stay up and not go down. It has been at least a week now and i have not gotten any reply
from anyone at xisto sales and i went to the help desk and put a ticket in but i have not gotten any
reply from them. So I am posting this topic to see if any admin will be able to slove my problem. If
any admin needs proof that i payed for the 6 months credits you can pm me.....
The Matter Of Hosting Credits
Got a question? Find the answers! (49) Many members ask about the matter of hosting credits. Trap17 staff have explained hosting credits
clearly on the site, but if you're not paying attention, have any questions, or need more, here
are some points that will answer your questions. Due to a few user comments, I have had to add a
few more points, and edited some previous points to be a bit more clearer. This is in addition to
the additions mods have made to the posts, which I greatly thank you for. 1. READ THE FORUMS BEFORE
YOU POST A CREDIT QUESTION!!! How many times have the Admins of Trap17....
Mail Settings To Configure Outlook Express
Common mistakes by members (10) Hi, There are many members who face trouble getting their mails to their inbox. There can be many
reasons for which your system might not be able to fetch mails from our servers. We have kept all
the attributes related to the mail at DEFAULT so that our clients don't have problems
configuring the mail themselves. Here the the general mistakes which members make :- 1. Username
*MUST* be in format USERNAME@DOMAIN.COM (i.e. your complete Emaill address itself acts as your
username) 2. Forget the password or confuse it with Cpanel password. Every Email address has to....
Have You Read The Rules?
TOS, privacy policy, hosting rules... (27) Dear hosted members, We have noticed that many members are knowingly or unknowingly breaking some
basic rules of posting and hosting at T17. This has resulted in a lot of spam posts which in turn
lead to more unnecessary work for moderators and admins, 'defacement' of the foums and
sometimes even banning of the concerned member. The rules are there and you are also there. But
have you read them? Usually, if you have read the rules and understood them, it is not expected
that you break them voluntarily. This however can be expected of some unscrupulous eleme....
Looking for alert, notice, hosting, members, urgent
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for alert, notice, hosting, members, urgent
*MORE FROM TRAP17.COM*
|
advertisement
|
|
