Portal Home > Knowledgebase > Articles Database > Bliksem Gave Out Your Info and Mine


Bliksem Gave Out Your Info and Mine




Posted by C~J~V, 12-15-2006, 01:09 PM
When I did all my backups through cpanel to my own FTP server, it would send me a .gz file with everything included. Databases, Email accounts, Files, Passwords, everything. Along with those files came some other junk (I thought) directories. Today I'm sitting here just going through these files and seeing what I need and don't need. One file interested me ALOT. backup-12.4.2006_13-16-35_*****\homedir\.cpanel-datastore\reseller_RESELLERSUSERS_root I opened it with a text editor and what a surprise.... it's a complete list of all the accounts that were on joie... INCLUDING LOGINS! During a time when Blik messed up joie, we were moved to grenwerk... I have the same files in those backups. I'm not going to post the content of these files, but I suggest you all change your passwords/logins for your sites when you move them. On Dec 4th, joie had 592 domains on it

Posted by Swelly, 12-15-2006, 01:11 PM
This reminds me of a soap opera (no I don't watch them)

Posted by ifthenelse, 12-15-2006, 01:21 PM
CJV what kind of informations do you have? I mean login could be public... but password.. it's encrypt (hope with some strong algorithm). regards

Posted by ArsMagnaWeb, 12-15-2006, 01:38 PM
Hi CJV, Could you please post directions on how to make this backup? I could't retrieve any backup using cpanel transfers from my old Bliksem server. Regards, Ed

Posted by Swelly, 12-15-2006, 01:46 PM
You new host should make this backup for you and restore it on the new servers.

Posted by ArsMagnaWeb, 12-15-2006, 01:49 PM
Hi HostFrog, I've tried to make the backups by myself already using VPS cpanel without any success. Ed

Posted by Swelly, 12-15-2006, 01:50 PM
Have you done this through remote FTP?

Posted by ArsMagnaWeb, 12-15-2006, 02:00 PM
Hi, I've done through the following WHM options (not sure about remote FTP): - Copy an account from another server - Copy an account from another server with account password What is the correct option and what are the recommended settings? Thanks for your help Ed

Posted by ifthenelse, 12-15-2006, 02:02 PM
Hi, how could is possible to make a backup if I cant reach webserver and conseguently my control panel? Thanks,

Posted by Swelly, 12-15-2006, 02:16 PM
Login to your WHM and click list accounts. Login to the first control panel and click backups. Click Generate/Download backups. Once the screen come ups click the drop down and select Remote FTP. Enter in the IP for remote server, enter in the username (which should be done by your new host, or you can create a transfer account like filetransfer.com) and the password. The port is 21. Select ok. Then have your host restore the backup.

Posted by C~J~V, 12-15-2006, 02:18 PM
I used cpanel (NOT WHM) for all of the web sites that I am webmaster for. go to backups. Click on "Generate/Download a Full Backup" Backup Destination: select "Remote FTP Server" Fill in the rest of the server info Click "Generate Backup" Wait for the file to be delivered. I did this weekly for all my sites when the joie was still up and running. If you generate the files to your home directory, they will be no good. If you just try and download them through cpanel, they will be no good. The only good backups I was able to get from Bliksem were done this way. LOL Posted at the same time as HostFrog

Posted by C~J~V, 12-15-2006, 02:30 PM
That file does not contain the passwords, BUT I did find another file with the password hash table and yet another file with all the database logins and passes. I'll keep looking around.... Maybe I can find Jav's social security number or credit card info.

Posted by zdss, 12-15-2006, 06:40 PM
You would think so but the password you selected when you first signed up is sent in plain text to you (and presumably them). And 'normal' accounts (as opposed to reseller accounts with Bliksem) required you to submit password changes to them via a support ticket (for "security" reasons apparently).

Posted by Tina J, 12-15-2006, 07:58 PM
What the heck?!? Why would they need your passwords, when they can access everything as root (including change your password, so they can get in). This is the most assinine requirement I have ever heard. For "security" reasons would be a complete lie. If anything, I could see someone getting password information and using it for sinister purposes...like, hoping you use the same password for other things as well. --Tina

Posted by zdss, 12-15-2006, 08:14 PM
Well that was apparently their policy. I did indeed query it and was told: And when i then further queried their "policy" with "Jav": Suffice to say i never bothered to change my password with them

Posted by PolurNET, 12-15-2006, 08:29 PM
That doesn't make sense... phpMyAdmin can be accessed via root and if there is a need for Fantastico, they can ask the customer to provide the password only when it is needed. Disabling password changing feature is retarded, I've never seen this 'evidence' he refers to, especially if cPanel is protected with a reliable server-wide SSL.

Posted by Tina J, 12-15-2006, 08:44 PM
They're referring to the feature where you can reset a cPanel password via email (which did have some security issues a couple of years ago), but making it sound like its "all" password changes via cPanel. That's completely ridiculous. There is absolutely no legitimate reason why they would need to keep your password on file or why they would need to prevent you from resetting your own password. --Tina

Posted by Swelly, 12-15-2006, 10:38 PM
Exactly! There really is no reason to prevent them. Just going around in circles with this really....poor thread.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
SLhost down ? [merged] (Views: 673)
hetzner server down (Views: 678)

Language: