K-disk - Sites Hacked several times and now offline! - Knowledgebase

Portal Home > Knowledgebase > Articles Database > K-disk - Sites Hacked several times and now offline!

K-disk - Sites Hacked several times and now offline!

Posted by syed, 12-20-2011, 01:19 AM
Its unfortunate that i have to create a thread here as they were wonderful hosts just a year ago but recently it doesn't seem safe or reasonable to get sites hosted here. Having been a fan of their quick replies earlier I am still pushing on and trying to patient but my sites have been hacked and defaced several times in last 10-12 days and about 12 hours all my sites went offline as the server has a downtime. Its going to cause a lot of frustration for my web visitors, clients and its also going to lose search authority due to inconsistent uptimes. I hope they can fix this soon as its really getting frustrating.
Posted by BrettB, 12-20-2011, 01:32 AM
It sounds like K-disk has been hit pretty hard with the recent WHMCS exploit. It does sound like Keith has been working hard to restore services, and hopefully all will be back to normal soon.
Posted by syed, 12-20-2011, 01:35 AM
Servers do get hacked and its understandable but its been going on for 12 days but whats even more frustrating is the lack of replies. In case of emergencies like these u cannot have all your staff deal with the situation and forget the support
Posted by BrettB, 12-20-2011, 01:37 AM
That's true -- it's extremely important to maintain communication during major problems. Has service been nonexistent for the past 12 days or spotty?
Posted by CrocWeb, 12-20-2011, 03:17 AM
Sounds bad, they should have secured it by now. Maintain your own backups, just in case.
Posted by blueriverhost, 12-20-2011, 06:10 AM
My WHMCS was hit by this exploit and it was most horrorful day for me. I did my patch up immediately for the same. Regards
Posted by ElFlammable, 12-20-2011, 06:32 AM
Backup your files, Just in case something happens.
Posted by djshades2004, 12-20-2011, 10:15 AM
Doesn't sound too good..
Posted by ModelWebHost, 12-20-2011, 12:30 PM
Same here. No reply from them and they are not responding tickets from last 7 days. They were one of the good host but now there is no announcement, no email reply. At least they should add an announcement in portal area that whats going on.
Posted by Hexpress, 12-20-2011, 02:05 PM
it is unfortunate what happened to you, usually read good things about K-disk, hope that a representative of K-disk answer is related to the problem.
Posted by syed, 12-20-2011, 02:39 PM
I am not able to take backups as the server is offline. 24 hours since downtime and no reply to ticket as of yet.
Posted by Server Management, 12-20-2011, 04:38 PM
I didnt think Keith would turn out like this...
Posted by Hexpress, 12-20-2011, 04:48 PM
Yes, I've always thought that k-disk is a good company, they should be working to resolve the problem, but it is unfortunate that ignore the support staff to users. It would be good for some k-disk representative in WHT give an answer here.
Posted by Server Management, 12-20-2011, 04:55 PM
According to Keiths profile he has been active on here today but why hes not updating anyone is beyond me... If the servers have been hacked and the backups are corrupt chances of restoring full data is very slim also with each day ticking by with no response no updates and no news the chances of survival are small. Last edited by Server Management; 12-20-2011 at 05:05 PM.
Posted by syed, 12-20-2011, 07:23 PM
I really hope he is not reading and simply ignoring these posts
Posted by PatrickN, 12-20-2011, 07:53 PM
This really doesn't sound like Keith at all.
Posted by SafeSrv, 12-20-2011, 08:06 PM
This seems to be happening quite alot recently, host hacked + no responses to customers, maybe they are just too embarrassed, it's no really a nice situation to be in but best they can do is fix what has happened address clients, rebuild and make sure it does not happen again.
Posted by trustedurl.com, 12-20-2011, 08:10 PM
I know WHMCS can be set to store credit cards? Any idea if that was the case?
Posted by syed, 12-20-2011, 08:12 PM
Completely agreed ~ addressing clients IMO is a top priority as clients being in the dark while having their sites offline for days is something terrible to go through and probably won't have repeat business from them.
Posted by syed, 12-20-2011, 08:17 PM
It is definitely surprising. I specialize in online marketing - SEO & PPC Management and as competitive as hosting industry is, I was interested in getting into it as I saw niche opportunities that were worthy of pursuing and looking at Keith's professionalism then I was actually going to offer him partnership but I am genuinely glad I saw this before that could happen.
Posted by Hexpress, 12-20-2011, 09:45 PM
I can not believe this happening in k-disk, I read it and do not believe, after all the good that has been published of this company .... The worst thing is that nobody gives answers.
Posted by Jason_Sanders, 12-21-2011, 12:04 AM
Good Afternoon WHT. My name is Jason and I currently work with K-Disk. I can inform you that we are not ignoring any support requests, however I can understand why some may think that we are. We are always open to our customers and do not hide anything. I would like to address a few things here. It is true that our WHMCS was exploited. It was actually exploited several days before the security notice put out by WHMCS. We acted quickly to block the malicious user from our systems but it was too late. The user was able to obtain our root passwords and bulk upload a defacement script to the system. Keith is not reading WHT, As stated in our network news, we are conducting a massive audit of ALL of our systems, none are excluded. This audit takes a lot of time. Rather then spending time on Web Hosting Talk, Keith and Myself have been hard at work auditing all systems/servers. The activity you are seeing may be from Keith's desktop as he has WHT as one of his home tabs. Any support ticket related to the defacement has been put on hold, as we have explained in our network news. We are advising customers to self restore backups as the backups we maintain were removed by the defacement script. We are updating our network news as the audit progresses. It is expected to take at least 4 more days. I am currently at Keith's house working with him As far as the user whos server has been offline for 24 hours, are you on CP4 by any chance? We actually sent several notices about a migration to CP5 due to issues with CP4. Please see your email for an updated list of nameserver IP Addresses. Again I am very sorry to all impacted customers. This attack was not something we could have ever expected and are indeed sorry it happened. We ask that all customers please read our network news as we have had this published for quite a while and are getting over 30 tickets per day asking to restore backups of defaced websites. Please understand the urgency for this audit is to prevent websites from being re-defaced upon restoration. I am currently at Keith's house and can report he has not left his computer for quite a while. He is currently sick but at his desk working.
Posted by ModelWebHost, 12-21-2011, 12:23 AM
Jason. Welcome to WHT. 1 - Keith is continuously reading WHT as you can see that he was online today. Check his profile. If he can come to WHT then why can't he reply my WHT PM's? 2 - My several tickets were not regarding defacement pages and most of these will not take more than a minute. Check these for your records. View Ticket #848963 View Ticket #135859 View Ticket #190672 View Ticket #760041 View Ticket #279417 3 - Now you moved all accounts on other server but not all accounts were transferred. There is no way to migrate accounts. What are you doing?
Posted by Jason_Sanders, 12-21-2011, 12:31 AM
The account transfer is still in progress, it should be finished in the next several hours. Unfortunately this is not something that can be accomplished in 20 minutes. Many of these tickets are placed on hold as they will be resolved with the migration. I see you are on CP4 which has been having issues for some time. We anticipated a migration at the end of November but due to the attack, we had to postpone it. As far as the ticket in regard to "cheaph", full name removed, I believe that should have been resolved some time ago. I did it myself. I am also positive Keith is not on WHT however one of his home pages is WHT. Can you PM me and I will relay the messgae Last edited by Jason_Sanders; 12-21-2011 at 12:34 AM.
Posted by ModelWebHost, 12-21-2011, 12:46 AM
But I am listening from OCT that accounts will be migrated to cp5 and still not done. Anyhow, I don't want to say anything as we have good relations in the past. The only thing I need is my accounts from cp4. How could I know that ticket has been resolved. You could reply with only and only single word "Done". But PM notifications are also sent on email too. He did not receive email notifications too? I want to move accounts to other server and ask server provider and they replied. Can you do this for me so that I can move accounts??
Posted by Jason_Sanders, 12-21-2011, 12:53 AM
We are not blocking CURL on any server or outbound CURL connections.
Posted by Server Management, 12-21-2011, 06:07 AM
Morning Why are support requests, threads and PM's going unanswered? Sure, I think its time you did... Just restore from one of your multiple off-site backups... So his profile on WHT is lying? Why exactly you know where the "hacker" got in patch up and move on... So you'd happily keep your customers in the dark? Maybe its time you seeked professional advice... Sorry this is a poor explaination... So you didnt have any off-site backups, You just kept onsite server ones? But its been at least a week since that was last updated? Oh right... Sorry but it seems that more than your WHMCS was attacked, I guess clients data has been leaked aswell? So if Keith is sick and your at his house, Whats Keith doing? The story doesnt add up and still their is no clear explaination why customers have been left in the dark, Sorry but keith is one of the first to jump onto threads when master/alpha resellers are going down the PAN...
Posted by ModelWebHost, 12-21-2011, 06:21 AM
Agree with you. Jason one thing more that you have given me account on another server that is totally unstable. I can pm you pingdom reports as I am receiving pingdom downtime alerts after every 5 minutes.
Posted by Martin-D, 12-21-2011, 06:21 AM
Since when was WHT the new support desk for these kind of issues? Sure, everyone jumps on it when a ticket is overdue by 3 seconds but to question them/him as to why Threads and PM's on here are going unanswered is stupid. They have no obligation to respond to PM's or threads on here - they have support avenues for that. If they're not working out too well, then you just have to wait. "Sorry but it seems that more than your WHMCS was attacked" Well, yes, and that has been mentioned. "So you'd happily keep your customers in the dark?" Would you rather they worked tirelessly on resolving the issues or come trundling on to WHT to see what bitching is going on? If they did, you'd moan that they're spending too much time on WHT and not enough time on dealing with tickets and resolving the problem! "So his profile on WHT is lying?" If you have tabs set to open when the browser launches then it will clearly show that a specific user has signed in. That doesn't mean they are actually active on the forum. Additionally, if the page is set to auto-refresh via the browser, they'll appear to be active on the forum for some time. Are you a customer of K-Disk? Have you spoken to Keith personally to 'verify' if he's ill? Do you have a little spy camera in his home to check up on him? This is entirely unlike Keith and for him to have been absent elsewhere on this forum suggests something big is going on. All the evidence suggests that it is in fact because of a serious security issue that by all intents and purposes, has spawned from the WHMCS bug. I know I personally wouldn't be wasting time on WHT if I was knee-deep in excrement trying to resolve the outfall of that. However, you seem intent on rubbishing yet another provider (and going by your history, that seems to be pretty much all you do) so bash away. Jason - it's good to see you're both working hard at getting the problems sorted. It's all too familiar too see providers panicking and running off when the going gets tough but if you pull through it, K-Disk will be all the better for it. Well done.
Posted by anon-e-mouse, 12-21-2011, 06:23 AM
So it is just coincidence that you joined from his IP to address the issues?
Posted by side3, 12-21-2011, 07:28 AM
Didn't he mention that he was at Keith's house though? I'm assuming if he is, he'd be using Keith's network, and therefore the same IP address.
Posted by Server Management, 12-21-2011, 08:07 AM
So you expect clients tickets to go unanswered for several days with their sites defaced even offline and then told "Ahh just restore your own backups" Is this how you run your business? Sorry but it has been confirmed that the exploit with WHMCS wouldnt cause mass wide problems like this if WHMCS was secured correctly... Sorry but it takes 5 minutes to add an announcement or something, Surely taking 5 minutes is worth peace of mind for your clients rather than no communication at all? Just seems abit of an coincidence... I think its spawned from something other than WHMCS If you feel I am bashing them feel free to report my posts, However am going off all the things keith have said in the past...
Posted by Jason_Sanders, 12-21-2011, 08:34 AM
I normally work out of Keith's house and this is no exception. Yes. I only have a verizon air card for my internet because of the area I live. It is fine for most tasks but for things like moving accounts and data heavy operations it is horrible. Last edited by Jason_Sanders; 12-21-2011 at 08:39 AM.
Posted by Jason_Sanders, 12-21-2011, 08:37 AM
We are posting normal updates on our portal. It is counter productive to be posting updates on every forum on the internet. The time is better spent completing the work and restoring service to all impacted sites. Also, please remember that the responsibility for keeping local backups does reside with the customer. We do our best to maintain our own backups however if they fail the customer should always have their own copy. Thank you HR for your support. I can say that this attack crushed Keith and he has not been himself. He is determined to getting this issue resolved even at the cost of his own health. He did invest 6 years of his life to hosting only to have it destroyed in 3 minutes. I have only been here for a year Last edited by Jason_Sanders; 12-21-2011 at 08:46 AM. Reason: Sorry for all of the edits. not used to using his laptop
Posted by Server Management, 12-21-2011, 08:37 AM
Hmmm... You both using the same machine then?
Posted by side3, 12-21-2011, 08:55 AM
Didn't he already say that he was using the same network - therefore the same IP address? Fairly simple explanation to be fair, and it does seem that you're trying to call this guy a liar at every opportunity, when he's come on here to try and explain to you what's happening. Are you saying it's improbable that one house can have more than two computers/laptops running? Last edited by side3; 12-21-2011 at 08:55 AM. Reason: Additional Info
Posted by Jason_Sanders, 12-21-2011, 08:56 AM
Machines - No Connections - Yes I usually use my Windows Laptop but he is all Linux. I left my power supply at home so I am using one of his laptops at the moment. Keith has several machines but they all run Linux
Posted by Martin-D, 12-21-2011, 09:05 AM
No, I'm offering up rational explanations to your points instead of jumping on the bashing bandwagon that you have become accustomed to. We have a dedicated individual who will respond to all threads, posts, tweets, tickets, Facebook messages if things go wrong allowing our technical team to concentrate on the issue. Where has it been confirmed? Complete nonsense. The security bug allowed a third party to upload content. If this content was then used to traverse through the directory structure one could easily gain access to WHMCS's config files. Once there, it's pretty damn easy to access all the servers connected to it and do as you wish. This is a known fact and it has been tested and proven by others including myself so I'm afraid you're entirely incorrect. And you'll notice that they have been updating their page with announcements - Jason has also confirmed this. Perhaps you can't read. I agree in so much as I drive a RangeRover as does the Duke of Edinburgh. Clearly, then, by your logic, we must be the same person. Once again, wrong. He has himself told other people, elsewhere on this forum, that the WHMCS bug has been the root cause of this issue. As mentioned above, exploited this bug gives a savvy attacker access to everything. You're not going off this previous information at all. If you were, you'd realise that a) this has been because of WHMCS, b) he has been doing all he can to get this sorted and c) you're simply looking to bash him and K-Disk at every opportunity you can. I would highly suggest you get an unsecure copy of WHMCS uploaded somewhere, attach any number of cPanel servers and actually look in to the bug to see what can be accomplished. I can assure you, everything that has happened can be done through that bug.
Posted by Jason_Sanders, 12-21-2011, 09:09 AM
Thank you for your support. I am looking at WHT and It appears we were not the only ones impacted. http://www. webhostingtalk. com/showthread.php?t=1107228
Posted by ModelWebHost, 12-21-2011, 09:20 AM
I have sent you pm regarding this. Reply right now.
Posted by Server Management, 12-21-2011, 10:16 AM
Oh really... Since this is the first time I have commented on their pratice(s) am hardly bashing them at every opportunity am I
Posted by Jason_Sanders, 12-21-2011, 10:21 AM
I do feel you are here to bash us. As far as I know, you are not a customer of ours. Please correct me if I am incorrect in this statement.
Posted by Server Management, 12-21-2011, 10:25 AM
I dont need to be a customer of yours, Am not reviewing your service or providing recommendations nor do I continuously comment on K-disk or any provider for that matter, Am merely commenting on the facts which your customers have brought to WHT, After all WHT is a public forum where users can comment on threads, If you dont want the truth of how poor the situation is being handled then please get WHT to remove such posts/threads.
Posted by JaJae, 12-21-2011, 10:27 AM
Irrelevent. He is not reviewing your products, just commenting on public information about your company. I like Keith, but he has jumped on other hosts in the past when they had issues and poor communication. Hosts can't expect to use this forum as a primary means to advertise their company and then call a pass on negative discussions when things go wrong.
Posted by Jason_Sanders, 12-21-2011, 10:37 AM
I may have been out of line when I said what I said. However you have stated several inaccurate facts. 1) You pretty much said we are obligated to post stats updates on WHT and bashed us for not doing so 2) You stated that we are not communicating this to our customers. There have been several posts on our Network News page. This is our primary communication tool for bulk announcements. 3) You seemed to make a fuss when it was stated that I work out of Keiths house. I dont get what this has to do with the price of tea in china. Keith has a spare room that we use as an office. Unlike other hosts, we do not claim to own a 5000 foot datacenter and have a high-rise office building. I am not trying to sensor anyones opinion I just ask that you keep it to the facts.
Posted by XTremo, 12-21-2011, 10:39 AM
Very good point JaJae! Though I hope K-Disk can sort out their issues because they seemed to be going well, and from what I've seen Keith seemed a pretty decent guy.
Posted by syed, 12-21-2011, 02:21 PM
I am not asking for any replies or support from Keith here but why are they not updating the tickets - why are the tickets "on hold". Couple of words of update would have sufficed. If you think from a customers point of view - if you create a ticket and it goes unanswered for days, and there is not way to get hold of them on phone, you see some serious trouble. The way this incident is being handled is debatable but the tickets should never go unanswered for so long by any professional host.
Posted by Jason_Sanders, 12-21-2011, 02:30 PM
We are updating our network news in place of tickets at this time. The reason for this is to deliver a consistent message to all users. As stated, we are conducting a full autit of the server to ensure the defacements dont continue. This is our top priority.
Posted by Kevin K, 12-21-2011, 03:22 PM
So why can't you just state the same thing in a ticket response, instead of ignoring the tickets. You have to look at it in the view of a customer. Would you like it if you submitted a ticket to a company where your service was and your ticket went unanswered for days...I think not. You guys really need to take a hard look on how you are addressing this situation.
Posted by side3, 12-21-2011, 08:21 PM
Hmm, don't want to be pedantic here, but maybe the reason they haven't repeated information that's already on their network status page, is because that's massively counter productive? They've been very clear about what they're trying to accomplish at the moment, and people with nothing better to do than bash a company are wasting K-Disk's valuable time by forcing them into petty arguments on here. If you don't have an account with them, why get so frustrated by issues affecting their customers?
Posted by syed, 12-22-2011, 03:32 PM
Lets not assume that all clients are aware of the 'network status page'. If for any reason that they cannot or do not wish to reply to their customers in tickets (bad idea in any situation), they can switch off the ticket system and may be have a popup message that shows network updates? I know its easier said than done but if I have clients, at least the ones that are paying, I would never leave them unattended and assume they will ALL refer to some central page where I would be making my updates. Hiring a part time mechanical turk to update clients with same reply - "Please refer to our 'network status' page: LINK" would have been more appreciated that not being replied at all.
Posted by syed, 12-22-2011, 03:35 PM
Also, no offense but I hope you are not a host or plan to be one any time soon
Posted by Server Management, 12-22-2011, 04:27 PM
You wouldnt even have to hire anyone just edit the "New Support Ticket Opened" email template within WHMCS, So everytime someone opens a ticket they will get said information sent to them... They could of added something like this: Or they could of used the "Mass Mail" feature within WHMCS Last edited by Server Management; 12-22-2011 at 04:30 PM.
Posted by Forward Web, 12-22-2011, 08:30 PM
This is why I have never been a fan of WHMCS, billing systems should never be hosted on a public network (in my opinion). With that being said, I can definitely sympathize with K-Disk, because lets be real, this could have happened to ANYONE and as far as I can tell, this is the first time something like this has ever happened with them? Surely they will lose some customers over this, but to completely bash a company over this one incident is not fair in my opinion. Now if this were something that were happening on a monthly, yearly basis (and already had a bad rep). That would be a different story. Last edited by Forward Web; 12-22-2011 at 08:36 PM.
Posted by syed, 12-22-2011, 08:54 PM
I think you are missing the point here. Its not about Why it happened, its more about How its being handled after it happened (2 weeks now) In my last 8 years of web-mastering I have seen at least 4 different hosts hacked so its not completely uncommon but no one abandoned their ticket system and just updated a network status page. The key, as I have highlighted before, is never to lose communication with your users, and not to assume that users will get the message from some place. Ticket system is central to most hosts and info should be updated there as well.
Posted by JaJae, 12-22-2011, 08:59 PM
That's something I don't understand either. A rep came here and said they're getting something like 30 tickets a day. That doesn't seem difficult to manage, even if all that is done is a copy/paste generic response to let people know what is going on.
Posted by Server Management, 12-22-2011, 09:14 PM
Who knows Eh? To even put the tickets on hold you must open the ticket to place it on hold unless WHMCS can bulk do this which is something I dont know...
Posted by Forward Web, 12-22-2011, 09:14 PM
I agree, two weeks is a long time, however on that same note, its not like sites have been down for two weeks straight? What it sounds like to me is their back-up systems were probably compromised, leaving them in a tough situation? When a server is compromised, you just wipe it clean and then reload your back-ups (the whole process can take about 12 hours depending on the amount of users you had on the server). Thats also assuming you were able to locate the vulnerability and properly get it patched (failure to do this, will just lead to the same problem happening over and over again). I've been in the industry for over 10 years now (once as an employee and now as an owner) and trust me, it happens more than you think. I'm not going to name any web hosts, but there are some big name hosts that have their servers hacked almost on a monthly basis and do nothing about it. At least in this case, kdisk hopped right on it and provided some form of communication . Well I don't think that was ever the situation here. You have a rep posting on here and im sure they were probably answering tickets but then decided (for what ever reason) that updating the network status page would be more efficient). If you have ever run a web hosting business you would know that customers (especially in situations like this) can become extremely impatient, expecting immediate responses to ticket systems (often times leading to more delays because customers start submitting 4-5 tickets every 5 mins demanding answers). My point here is, give these guys a break (especially if you are a provider). If your a customer, I wouldn't necessarily crucify them for this either (especially if they have been good to you in the past).
Posted by [x10]Corey, 12-22-2011, 09:23 PM
I think this is a no win situation, if Keith was on WHT posting there would be people here bashing him for posting on WHT instead of answering tickets\fixing the issue. They are a small operation and I'm sure are doing the best they can to recover from this disaster. Could communication be better? Maybe. I'm sure going forward they will revise their disaster recovery plans to include better communication, at this point they're in crisis mode and changing how they communicate is probably not going to happen until after things are back to normal. It is clear for anyone on WHT reading what is happening and what they are doing now as updated in this thread. I can understand people wanting them to update WHT with a play by play but they have been updating their client area and I would assume anyone who logs in to post a ticket would see the network issue icon and click it. Based on WHT timestamps they were attacked 3 days prior to WHMCS even releasing the patch to fix the issue. So they were just VERY unlucky. I can also confirm that this attack can lead to all servers being compromised as WHMCS has the WHM hashes stored and possibly root passwords depending how it is setup. A compromise of all servers would take a very long time to properly clean up especially without a dedicated team of people working on it. I'm fairly particular that Keith is doing his best to fix what happened and I'm sure he'll be changing or making some policies to better deal with disasters in the future. In my years at WHT I have seen countless compromises and while they may not be handling it the best they're definitely FAR from the worst.
Posted by Forward Web, 12-22-2011, 09:36 PM
It can be depending on the amount of staff you have on hand. Most web hosting companies only keep enough staff to cover their current support needs). If this is a 2-3 man operation, 30 different tickets, from 30 different customers regarding the same issue can be a bit much. Conservatively, each of those tickets can take 15-20 mins to resolve. Now factor in that they are also replacing drives, reloading OS..ect, I can see how responding to WHT or individual tickets was not a top priority. Anyway, im not saying your wrong for being concerned or questioning their methods, just saying that sometimes when you are on the outside looking in, its real easy to pass judgement. Now if the same thing happens 6 months from now, you probably wont see me coming to their defense
Posted by side3, 12-22-2011, 11:12 PM
Just for reference, I'm not a host, but have worked for a few. I've also used K-Disk in the past for a personal website, and I know that Keith bulk mail's to all his customers, whatever he posts on the network status page. If this is still the case, then surely an email and a network information page should suffice? Keith is working with a small team and trying to get this back on track. Why should they have to go through a pile of tickets just to re-iterate what's clearly visible in emails and the network status page, just because people think their site being down, is more important than every other customers.
Posted by BassHost, 12-23-2011, 02:43 AM
Well said. It is unfortunate that K-Disk had this problem. It could have happened to anyone ... please be patient because it takes a lot of time to get everything back up and running securely. @others I know it is a public forum, but please respect both parties.
Posted by xTiNcTion, 12-23-2011, 05:03 AM
Don't kick a man when he's down... do u remember when WHT where hack**? I wonder, what would WHMCS have to say to their customer in same/similar situation? I guess: "Sorry for the inconvinience..." Last edited by xTiNcTion; 12-23-2011 at 05:11 AM.
Posted by xTiNcTion, 12-23-2011, 05:21 AM
It depend. Take for example ur CMS, or is it not important? not to mention your CC procesor system/store (e.g OSCommerce). Keeping your billing system "in house" doesn't make it less vulnerable.
Posted by JixHost, 12-24-2011, 10:25 AM
Probably a good idea would have been to write what happened, explain how it's going to be solved, where updates can be found and saved to the clip board of his PC so when tickets come in regarding the issue it's just a copy/paste response that would be quite effective and efficient at the same time.
Posted by reliabilitytester, 12-27-2011, 06:21 PM
I am currently a paying customer of K-disk. So that I do not double-post, my gripes and conclusion can be found here: http://www.webhostingtalk.com/showth...=1#post7872564 I am very sad and super-disappointed with what I am seeing there that has been ongoing for WEEKS now. Last edited by reliabilitytester; 12-27-2011 at 06:21 PM. Reason: eye kent spill tu gud
Posted by Forward Web, 12-27-2011, 06:28 PM
We dont store any CC information online and all of our customer data is stored in house (which is still vulnerable), but not as vulnerable as keeping that kind of information in a public network. Also not sure where you got the impression we were using OScommerce or some type of CMS? We don't use either... but our customers do (which I am sure they use at their own risk). Either way, in this day and age everything is at a risk of being hacked (if its connected to the net, there's a way in). All we can do is take all the necessary precautions and hope not to get caught with some type of zero day exploit.
Posted by Forward Web, 12-27-2011, 06:30 PM
Yikes, after reading more and more into this its definitely not looking good.
Posted by Server Management, 12-27-2011, 06:52 PM
They said that they would be updating people Via the network issues page: https://k-disk.net/portal/networkissues.php Its been a week since that was updated: Also Keith is no where to be seen, Some one who "claims" to work from Keiths house popped up before christmas day but hasnt been back since. It certainly doesnt give their reputation or customers any glimer of hope that they are moving forward from this problem...
Posted by Forward Web, 12-27-2011, 07:06 PM
Thats awful, I hate hearing about stuff like this. Looks like the hack, may have ruined their business? Still at this point, there is no excuse for the silence, even if they lost all of there clients data, someone should step up and lay all the cards out on the tables (so clients can at least start making arrangements for finding a new host).
Posted by syed, 12-27-2011, 07:48 PM
They moved sites from CP4 to CP5 however the new server is extremely slow and the logins do not work either. I have asked them if they changed the passwords but no reply yet... If the sites are lost, the least they could do is update us and let us know exactly how it is
Posted by reliabilitytester, 12-27-2011, 10:04 PM
Can anyone verify that just prior to all these 'troubles' Keith Meyers had put K-disk up for sale with an asking price of $15000.00 ? If that is true, and then suddenly all these attacks & problems just appeared soon after, it makes me very suspicious indeed...?
Posted by Server Management, 12-27-2011, 10:06 PM
Where did you hear this?
Posted by reliabilitytester, 12-27-2011, 10:12 PM
From another provider whose privacy I will respect by not sharing the name. Someone who is well-known and has a long-standing reputation in the community - that much I will say.
Posted by Server Management, 12-27-2011, 10:14 PM
Any business is up for sale these days to be honest, As long as you got the cash they will sell You got any proof to prove your claims? Links, etc...
Posted by reliabilitytester, 12-27-2011, 10:20 PM
Goodness - you ARE confrontational !!! I made NO CLAIMS - please reread what I ASKED !?!? This was told to me, and I was ASKING if anyone could VERIFY. Kindly chill out, please.
Posted by Server Management, 12-27-2011, 10:27 PM
Just your story doesnt make sense, You claim someone told you but you cannot tell who they are, Whoever they are their most likely breaking an argeement from leaking such information hence you cannot tell... (Half A Story) Most hosts who advertise on WHT end up selling on WHT, Was K-Disk for sale on WHT or are we talking about a private sale here?
Posted by reliabilitytester, 12-27-2011, 10:45 PM
It is NOT 'mine' and not a 'story', it is an uncertain bit of news. Verify it or dis-prove it yourself and then we'll all know. I have no further info to offer on this I have shared what I was told. Your posts are unhelpful, disrespectful and argumentative. I will not dignify such nastiness with any further response. Peace out.
Posted by reliabilitytester, 12-27-2011, 10:49 PM
Those who aggressively try to one-up others are usually trying to hide the very things they attack...or to discredit things which may reveal flaws in things they have interest/investment in. I stand to lose a year's payment to K-disk; that is MY interest. If the service is truly failing, being sold-off, or otherwise not solid - I want that revealed if for no other reason than to help others away from making the same mistake I made & lost money on.
Posted by Server Management, 12-27-2011, 11:16 PM
Am sorry to hear but maybe you should be redirecting your questions towards K-Disk themselfs... None of us are sure whats going on, Updates come about then nothing for a week or so. News has come in that they have migrated the server CP4 to CP5. Has your sites been down all this time?
Posted by reliabilitytester, 12-27-2011, 11:31 PM
Much better, thanks...this is worthy of a reply: Contact K-disk ? I have tried endlessly for weeks - no response has come; phone is down, email to Keith unanswered, tickets ignored except one useless reply by the same guy who posted on the other thread - once. Server/DNS changes ? Sure. Update the registrar and...the sites go down, email down, WHM down, cPanel down. A very ugly situation. This is why I hoped someone might have some useful news. If not, then it is as serious as it looks and that service is likely finished.
Posted by ModelWebHost, 12-27-2011, 11:37 PM
I am stuck with them. Remote backups are not allowed. Firewall is blocking IP's from transferring accounts. No way to move accounts away from him. Very much disappointed from this childish behavior.
Posted by Dustin B Cisneros, 12-28-2011, 01:44 AM
in the prem section he offered it for sale, not sure if it ever fell through or not. Anyhow wishing Keith the best and hope he can recover. Also @Jamshed I know that K-disk has a firewall unblocker that he made via the client portal, I am aware of this as he offered this as a paid software.. Maybe try that?
Posted by reliabilitytester, 12-28-2011, 05:43 AM
As it happens - after keeping watch on this mess for FAR too many hours, the sites came back up and much later cPanel access slowly reappeared. A point of advice: Anyone using K-disk=> GET YOUR FULL BACKUPS NOW=> before it can go down again !!! All may appear grand, but I cannot see my way to ever trust K-disk again after the seriousness, duration, and lack of communication these problems have revealed.
Posted by Server Management, 12-28-2011, 07:47 AM
No your not, Just FTP into the accounts, etc and do it all manually Ahh I see...
Posted by syed, 12-29-2011, 02:17 AM
I have 40+ websites and almost all of them have databases and many of the site files are 100mb+ with thousands of files - can you imagine how much time it will take to transfer all sites out manually?
Posted by MattS, 12-29-2011, 05:09 AM
The sale did fall through so it never was sold. I guess you can say he loved it way too much to let go of it. At any rate, sad to see K-Disk go down like this, though I do hope that Keith gets better and comes back 100x as strong and ready to fight.
Posted by Martin-D, 12-29-2011, 05:10 AM
I'd rather start a manual process and capture as much as I can than risk losing it all.
Posted by syed, 12-29-2011, 12:38 PM
Sure I had started on that already and I just on #4 now. 36 more to go. Jason / Keith- Could you please let me know working logins for the new server (CP5)? The password you provided does not work and I am waiting reply on the ticket last 2 days.
Posted by Server Management, 12-29-2011, 12:53 PM
I personally would get a VPS from Hetzner spin up a trial of cPanel/WHM and secure it, etc then use the "Copy an account from another server with account password" to try and pull the accounts across... Or You could just contact another host or something and ask if they could do this for you... Of course you would still need to audit the data for correct retention however this way would be slightly quicker...
Posted by BassHost, 12-29-2011, 01:06 PM
Ask who over you are moving to to assist you with moving your cPanel accounts.
Posted by syed, 12-29-2011, 02:10 PM
This would be possible if current host K-disk provided me with WHM logins that worked. Previous server (CP4) got hacked and was taken own so they moved my accounts to new one (CP5) but the old logins didnt work. I asked for new logins few days ago but those don't work too, so there is no way to move multiple sites at once. I am still waiting for a reply from Jason/ Keith with working logins
Posted by ModelWebHost, 12-29-2011, 11:26 PM
Did you send PM to Jason? May be this works!
Posted by syed, 12-30-2011, 01:31 AM
Tried that already, sent him 2 PMs in last 3-4 days..
Posted by Server Management, 12-30-2011, 09:29 AM
Doesnt seem good after all the things Jason said... It also appears that they have updated their network status issues page after a week of nothing Are you hosting any sites for clients? If so, What do they make of all this? Last edited by Server Management; 12-30-2011 at 09:35 AM.
Posted by syed, 01-06-2012, 08:26 AM
Its been 11 since I created a ticket and its still unresolved. All I wanted was logins to new servers that they have migrated my sites to - they keep replying with passwords that do not work at all.
Posted by Forward Web, 01-06-2012, 08:32 AM
Maybe its time to finally pack-up and move elsewhere? Or were you trying to get the Pw's so you can pull your back-ups?
Posted by CrocWeb, 01-06-2012, 08:38 AM
He is trying to migrate but his login details don't seem to work for some reason.
Posted by Server Management, 01-06-2012, 12:00 PM
Maybe they need to flush CPHulk as you could well be on the ban list or something because of incorrect attempts from your IP address, Just a thought...
Posted by reliabilitytester, 01-06-2012, 07:13 PM
K-disk needs to do SOMETHING, that's for sure. They haven't shown their presence ANYPLACE that I can see since almost a month now, and if their problems are fixed why don't they just say so where folks can see and find it ?
Posted by Forward Web, 01-06-2012, 07:37 PM
If that were the case though, the user would know as cpanel would give them a "too many failed login attempts" error message.
Posted by public_html, 01-07-2012, 03:02 PM
I don't know why there are alot of whmcs hacks these days ? I've seen a lot of reports and whmcs continuously working hard to release their patch's.
Posted by JixHost, 01-10-2012, 10:58 AM
The hackers know that an entry will most likely lead to root access to multiple servers...which is why we leave all servers except 1, disengaged.
Posted by sonymervin, 01-11-2012, 11:43 AM
I got following reply on one of my support tickets.
Posted by Dustin B Cisneros, 01-15-2012, 02:40 PM
I wonder if this is accurate? I dont see why a tech would mention this, this can scare off clients, an official e-mail I would assume is sent before the sale or after, if its after I would assume nothing be said at all. Awkward...
Posted by Server Management, 01-15-2012, 02:42 PM
Well, I did send them an email offering my assistance but I never heard back, So I assume they have everything under control and running again?
Posted by PatrickN, 01-15-2012, 03:24 PM
I think Keiths to embarrassed to show his face on WHT. I don't care how much you work, but if it's on the computer...for the past 4-5 weeks you should have just 10 minutes spare to come up and give us a followup on WHT. Keith was a great guy, and I always loved talking to him, but I'm kinda getting iffy on him now after this incident.. Especially after new management, if he doesn't come back and post on these forums, i'll be speechless! :X
Posted by Martin-D, 01-15-2012, 03:30 PM
Could be one of the many businesses that's currently for sale....?
Posted by UnderHost, 01-15-2012, 03:33 PM
He might be the new CEO already and have few thing to fix up.
Posted by reliabilitytester, 01-15-2012, 03:44 PM
Ummm...not to throw stones at what was once a highly reputable company, but: You folks posting today ARE aware that K-disk was down for like a month, and that the 'tech' posting was the 'assistant' (a kid ?) who was trying to help the owner get the service back online, and they were both working from the owner's house...you knew all that, right ?
Posted by Martin-D, 01-15-2012, 03:46 PM
Whats that got to do with anything?
Posted by reliabilitytester, 01-15-2012, 03:53 PM
Try this, angry man: An already dead business, you mean ? And this: A -few- things ? Considering NOTHING was working that may be an understatement - AND - if the 'new ceo' is another boy wonder like so many kids who revel in that over-blown title, the service will either remain dead, or soon be 100% gone like so many others. I hope that answers your aggressive query.
Posted by Martin-D, 01-15-2012, 04:00 PM
Angry? Aggressive? Perfectly legitimate question considering your contribution made no sense at all. Thanks for clearing it up though, now go have a camomile tea.
Posted by reliabilitytester, 01-15-2012, 04:15 PM
When one has read/followed a thread for some time: And if one has also had direct exposure to the subject under consideration...one tends to know what the discussion has for a basis. -OR- One jumps in without understanding and makes unrelated comments then points at others...no biggie, just biznezz as usual.
Posted by Tyl3r, 01-15-2012, 05:08 PM
Can't say this surprises me, when he announced he got hacked in the Premium Forums and kinda brushed it under the mat, I knew he really didn't take it that serious after all. Oh well, another kiddy host gone, he'll pop up with a new name in a few weeks.
Posted by ModelWebHost, 01-15-2012, 10:37 PM
Off course, they should come in to the ground and explain the things. Why they are hiding themselves from others?
Posted by kpmedia, 01-16-2012, 02:19 AM
So the only supposedly "good" master/reseller host failed after all? That would mean my assertion that master/reseller hosting is a ponzi scheme still stands true. It's a failed business model, and this is unfortunately what happens where there are too many levels of interactions going on. The entire thing implodes.
Posted by CrocWeb, 01-16-2012, 02:35 AM
ezpzhosting still remains. However I agree with you, it simply leads to oversold servers.
Posted by XTremo, 01-16-2012, 03:59 AM
TurnkeyInternet are still doing it.....and they've been doing it a long time. But they are a very big company with a lot of resources, whereas most of them tend to be startups that have appeared in recent years.
Posted by Faris Aziz, 01-16-2012, 04:13 AM
They have huge clientbase and many happy customers to supports them when they are going down.
Posted by rahulkapoor, 01-16-2012, 07:59 AM
even after all this, their site still seems to up and running and accepting orders, i may add. they must be having their site hosted somewhere else surely. i mean, this just amazed me, with all this happening all this while, they are still accepting orders. if someone doesn't do some research and places an order, God save him the mercy.
Posted by Server Management, 01-16-2012, 01:33 PM
What does any of this have to do with their WHMCS getting hacked and someone wiping their servers clean because they had root access from WHMCS? You let someone get access to WHMCS and all hell breaks lose just like it has to K-Disk... Now if they had R1-Soft or the likes with offsite datasafes/tape backups, etc they could of BMR'd and been backup and running within a week or so... If anything the good old saying of "Backup & Backup again" comes to mind here. Last edited by Server Management; 01-16-2012 at 01:37 PM.
Posted by JixHost, 01-16-2012, 11:21 PM
Even if they used a remote back up service, it would take a few days to restore the servers. My educated guess (and I could be wrong) is that several days of downtime would result in most clients bouncing to a new host regardless. As for as "Master not being sustainable" is completely incorrect. I've been selling it for years and when managed correctly, is no worse then offering a shared plan. I understand that there are many who offer it recklessly spoiling the perception to those that are offering it responsibly.
Posted by Faris Aziz, 01-16-2012, 11:55 PM
Absolutely right, they have to manage it well. There are indeed still a some companies surviving for years selling that.
Posted by Server Management, 01-17-2012, 08:23 AM
You might have some churn from the host hoppers, etc One of the brands which I am involded in has been offering Master Reseller accounts for around the past year now, Theirs nothing wrong with the model if its managed correctly of course. The way I see it, Many have attempted to sell master reseller accounts on sub-par equipment or on their 2048MB/$10 per month oversold VPS which leads to mass problems, XY&Z (No need to repeat we've all seen it) If you have decent equipment good management and fast reaction then offering master reseller accounts is and will be very profitable of course it all comes at a cost...
Posted by sonymervin, 01-21-2012, 03:24 AM
FTNHosting.net acquires K-Disk Networks
Posted by Server Management, 01-21-2012, 02:32 PM
This part is pretty interesting: The facts are: All clients are still in Limbo with their data, their data is going to be now migrated to another server/provider which means their data will still be in limbo - Clients shall get no refunds for the huge problems and downtime they have encountered, XY&Z I wonder if keith will ever show up here again? Last edited by Server Management; 01-21-2012 at 02:36 PM.
Posted by ModelWebHost, 01-21-2012, 02:45 PM
Off course, Keith will come here with a new name with a new company.
Posted by XTremo, 01-21-2012, 02:56 PM
Course he'll be back! There's no shortage of people here who've ducked and dived under various "company" names over the years. And then they throw out superfluous BS like "Ten year's industry experience". But notice the missing word? SUCCESS! These people may have had ten years of experience.....but the only thing they've ever experienced throughout that time is dismal failure and complete and utter trainwrecks! And that's a pattern that will never change.
Posted by Kevin Hillstrand, 01-21-2012, 04:38 PM
The data was fully recovered a while back and no clients have any outstanding issues with there data, don't be so quick to auto-assume without completely knowing what is going on. While I understand you have concerns whether or not Keith will show up here again, we have taken measures within the sale to protect the brand. Be nice to Keith guys He has done an awesome job running the ship for over 4 years and he certainly deserves some credit.
Posted by XTremo, 01-21-2012, 04:56 PM
So you consider the fact that the ship eventually sank, and Keith didn't actually answer his customers on here to be an awesome job? I take it that you don't set your sights particularly high then?
Posted by Patrick, 01-21-2012, 04:58 PM
Hey Kevin, any relation to the Hillstrand brothers on Deadliest Catch?
Posted by Kevin Hillstrand, 01-21-2012, 05:04 PM
Let's stop assuming here, please show me the proof where Keith ignored his customers. You have not seen the internal backend, if you did you would see Keith and Darren have been actively responding to clients and recovering from any damage done from the hack. A quick look through closed and answered tickets shows they have been offering stellar communication to clients so far. Anyway what's done is done, we have taken measures to protect the brand, and assure you we are going to make K-Disk even better. Best, Kevin
Posted by XTremo, 01-21-2012, 05:19 PM
THIS is just one of them! I should point out as you're relatively new here....I'm not a host, and I've never been a customer of K-Disk. So I have no vested interest one way or the other. I've seen this type of scenario many times over the last 14 years, and it wears a bit thin when people try to gloss over a situation that in effect is a mess. However, I wish you all the best with it....be interesting to see if you can turn the whole thing round.
Posted by KnownHost-ChrisM, 01-21-2012, 05:19 PM
I have been waiting for someone to ask Kevin that since he started working for my company in June of 2011. It appears you are the first. I can't say if he is or isn't related to them since it is upto Kevin to decide to release such information. --- To Everyone else: If you are having any issues with your service be sure to open a ticket for it can be addressed by our staff Webhostingtalk is never to be considered a proper support method. Thank you!
Posted by FTN-Ethan, 01-21-2012, 05:24 PM
Hello XTremo- Kevin likely knows more about the specific dates, but from what I know, that post was prior everything was fully recovered and attacks were mitigated. Since Keith's team was a small team, they couldn't attend to all tickets in a timely fashion whilst auditing/recovering servers. We all only have so much manpower inside of us . I like you to know this will be remedied, we are backed with a solid team and have been in business for ~4 years. We will be implementing 30 minute response times, phone support, and so much more. Regards, Ethan
Posted by Server Management, 01-21-2012, 05:29 PM
Really... Well people here was saying different plus the updates on the K-Disk site stated they could only restore so much data Maybe so but recent affairs arent so "awesome" are they? Tickets being closed without answer, tickets being placed on "hold" for a number of days without answer, No show on here, lack of information regarding what was happening... I assume you think the above is acceptable? Why would we need to see the "internal" affairs? We all know what happened and that lead to virtually wiping them out of business. Well threads around here say other wise. Sure, But coming here and making out everything is fine and dandy when its clearly far from personally makes me throw up into my recycle bin...
Posted by FTN-Ethan, 01-21-2012, 05:29 PM
Hello everyone- I understand from previous posts, it does not look good for K-Disk. In fact, before we acquired K-Disk, we even thought so as well until we fully understood what was going on internally and had appropriate access. As Kevin has assured you all, it is correct that all data has been fully recovered and all data will be safely migrated over to our infrastructure. Chris, Kevin and myself have been working on auditing all servers and setting up our new infrastructure all of last night and today, and all existing K-Disk servers will be migrated to Intel Sandybridge setups, with RAID protected drives and daily backups. As mentioned in my previous post, We have a decently sized team running over 4 brands at the moment, and we're ready to back K-Disk up with a solid team. We plan on implementing 30 minute response times, phone support, and much more over the coming weeks, but at the moment our main focus is migrating the existing infrastructure to the new. We are ready to put every effort to make K-Disk even better and to improve the experience for the customers. In the foreseeable future, I am confident that this will be proven. This will be a good change for all parties involved. An official press release announcing FTNHosting acquiring K-Disk will be posted momentarily. Thank you. Regards, Ethan Last edited by FTN-Ethan; 01-21-2012 at 05:43 PM. Reason: Added Information
Posted by Kevin Hillstrand, 01-21-2012, 05:36 PM
I appreciate you taking the time to respond. While I understand your argument, and somewhat agree with you that December/January was a mess, let's skip past these 2 months. Keith has made a huge presence in the reseller industry and that will not be forgotten. He definately deserves credit for that. He was probably one of the top few hosts out there to be able to offer master/alpha resellers for over 4 years with minimal complaints. All I kindly requested was to be nice to him, what's wrong with that? There's no need to throw accusations and criticism at someone without fully understanding the facts. That is inconsiderate and unprofessional. We can assure you all outstanding issues regarding the data have been resolved at this time. Have a good weekend. Best, Kevin
Posted by Server Management, 01-21-2012, 05:44 PM
So whats happened to Jason Sanders? The good old saying of "time will tell" was at essence here as you can only truely state a hosting provider is "professional" when problems like this occur and they have the correct systems, plans and multiple backups in place to survive... Their is way too many people claiming to be "CEO's" or own a business when they little more or less dont own nothing. So coming here and calling us "unprofessional" is pretty stupid as the sinking of K-Disk was pretty much very unprofessional, If you think the K-Disk brand conducted themselfs in a professional way over the last month or so you must be kidding yourself... Well you seem to be saying different to what was published on the K-Disk website some 4 weeks or so ago... Heres a recap: So your saying 100% they published 70% whos lying?
Posted by PatrickN, 01-21-2012, 05:48 PM
What a mess. I sure have a lot of questions and concerns with the whole K-Disk/FTN movement, but this threads headed towards the wrong direction. I vote to close this thread! NOTE: Admin, please use my message for the quote that you will say you agree
Posted by HostXNow_Chris, 01-21-2012, 05:58 PM
Good luck to FTNHosting with taking on K-Disk. Hope all goes well.
Posted by JixHost, 01-21-2012, 06:22 PM
I would say Keith was very well known in this forum, it was certainly out of character for him not to post here when things went wrong, I was completely surprised. My guess would be that he would not start another hosting business, but I certainly can be wrong.
Posted by nel$on, 01-21-2012, 06:23 PM
Can we please stop picking apart replies, and belittling people? If you are not a customer of K-Disk and or FTNHosting you really should not be that concerned. Let them work things out. Sh*t happens.
Posted by PatrickN, 01-21-2012, 06:24 PM
From what I can tell, Keith didn't do a very good job towards the end of K-Disk. But I do know, he ran a great company before hand and was a great guy. I'm guessing he just wasn't prepared for the attack, and hopefully he's learned from it. We're not all perfect, and I'm sure FTN will do a great job taking over. I haven't heard anything bad about them, let's stop giving these guys a hard time and see what they can do. But really, I vote this thread CLOSED Good luck to the FTN guys!
Posted by DWS2006, 01-22-2012, 12:20 AM
What is so unfortunate about this, is that much of this problem is the result of poor security planning on the part of WHMcs. Many users have been requesting for years that server and domain registrar passwords be encrypted within the WHMcs database, unfortunately this has fallen on deaf ears. Hopefully the php eval hack will prove the importance of this feature to the WHMcs dev team.
Posted by Server Management, 01-22-2012, 09:32 AM
Since WHMCS houses some VERY important data if you really wanna wipe a business out of business launching an attack at this vital piece of software will more or less take them down, Its pretty shocking to think about. Whats encrypted can be more or less decrypted by these hacking forums, etc
Posted by Yujin, 01-22-2012, 09:36 AM
Oh wow is this true? I guess I need to stick with my excel sheets.
Posted by DWS2006, 01-22-2012, 09:54 AM
Very true. However, the more hassle that can be introduced the better. An encryption scheme with a unique hash string etc for each installation could help. Specifically a hash that is provided by the licensing system or localkey file and not the config. I've gone as far as IonCubing my WHMcs config files, I know not much security there when the common variable names are known. But anything that takes a hacker by surprise even for a few moments is a plus. It is so important to be vigilant in monitoring WHMcs access logs etc., for anything unusual.
Posted by Tyl3r, 01-22-2012, 10:00 AM
If you use your cPanel root password in WHMCS instead of a access hash key (like K-Disk) you're asking to be hacked. Sure, they can use the API to change your password and then get in but the chances of being hacked are very slim, nobody's going to put that much work into things.
Posted by DWS2006, 01-22-2012, 10:02 AM
It is very true. That's why I am so careful with the registrar accounts I use with the program. I pity the person who gives WHMcs unfettered access to a domain reseller account with a high balance or auto funding. The problem isn't only with hackers either, anyone with root access to the database system can also view the database. For users that host WHMcs on reseller accounts, for which I'm sure there are many, that includes everyone at your host from admins to support techs with root access.
Posted by DWS2006, 01-22-2012, 10:07 AM
It depends on the intention of the intruder. The API access is more than enough to do very serious damage. And most hackers would anticipate getting a hash key response for a cPanel server.
Posted by Server Management, 01-22-2012, 02:57 PM
Root Password or Access hash key if you have access to WHMCS you can still "terminate" all the accounts from within and cause some nasty damage, etc
Posted by Tyl3r, 01-22-2012, 03:00 PM
Correct, but K-Disk was using his root account which means he had no idea what he was doing. Access key is dangerous but it makes the "hacker" work harder.
Posted by kpmedia, 01-22-2012, 03:03 PM
Things like this are great reminders of why I use Stablehost. You're on top of security. I get a warm and fuzzy feeling when I see my hosts demonstrate competence on WHT (or in tickets). Nice. -------- I believe FTN will get things sorted out. Best of luck to them.
Posted by DWS2006, 01-22-2012, 03:29 PM
Exactly, That's why I strongly believe that WHMcs should be encrypting sensitive data. Even though any reversible encryption can ultimately be broken, it makes the process that much more difficult. Hopefully this is the last incident of its kind we'll hear in regards to the php eval hack. The thing about this type of situation is that "kiddy" hackers will look to make an instant statement with a major defacement after the hack. But a serious hacker will likely lay quiet sniffing data from user databases etc., looking for a way to monetize the situation. It could be months before this type of hack is noticed.
Posted by Server Management, 01-22-2012, 04:26 PM
How do you know this?
Posted by SafeSrv, 01-22-2012, 04:39 PM
Maybe if people implemented basic security steps for WHMCS then this would not have happened i.e. moving directories outside the web root, limiting access to admin areas - even these small steps would mitigate the majority of attacks. I must say - buisneses who stick with bog standard installs of WHMCS/clientexec/ubersmith i would not touch with a barge pole.
Posted by DWS2006, 01-22-2012, 04:43 PM
Very true, but this certain hack didn't rely on the admin area or 777 folders. The whmcs config file could be pulled via the public section.
Posted by KnownHost-ChrisM, 01-22-2012, 04:49 PM
Hello Everyone: An official announcement of the acquisition of K-Disk Networks has been posted here: http://www.webhostingtalk.com/showthread.php?t=1119343 Thanks!
Posted by SafeSrv, 01-22-2012, 04:51 PM
Thats true But moving the directories outside the web root would have pretty much prevented them from uploading shells to the template_c directory etc - after all getting a config file and the details with no way to use them is better than them gaining full control.
Posted by DWS2006, 01-22-2012, 05:03 PM
I agree that moving the directories is a must, however in this case they really didn't need a shell, once they had the config file they could dump the mysql db with a subsequent attack. The only 100% preventative measure for this attack prior to the patch was to have php eval disabled. Last edited by DWS2006; 01-22-2012 at 05:06 PM.
Posted by SafeSrv, 01-22-2012, 05:12 PM
Yep - just read into it via another thread, they could have pretty much done anything with that vuln then.
Posted by anon-e-mouse, 01-22-2012, 07:02 PM
And with that, this one is closed.