Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dear XXX,
- We regret to inform you that yesterday evening around 4pm PDT Swizards.net was the target of a malicious attack. In this event, the attacker used an sql injection technique to exploit a vulnerability the code of WHMCS. As a result, the individual was able to gain access to our private database and began harassing individual users in IRC by showing them their personal information contained within our database. Last night I applied outstanding security patches to our installation and this morning the hacker went public with a post to reddit
- In short, the attacker is demanding that we pay him 1BTC or he will leak the contents of this database on Monday June 20th, 2016.
- I am currently unsure of how the ownership will proceed in regards this threat at this current time -- this email is only to get facts into the open.
- How safe am I? What about my personal info?
- We are currently operating under the assumption that the attacker has a full dump of our database. This data includes:
- Name
- Address
- Telephone #
- Client ID
- Email
- Hashed password for your account at Swizards.net
- Limited info about your credit card if Stripe is your payment method (Last 4 digits and expiry)
- The contents of all tickets
- In addition to this we also store your seedbox information as well if you have an active account with us. This information contains:
- Hostname
- Username
- Password
- Root password
- Because of this, we urge you to immediately change your user password (or better yet, setup private key/public key pair and disable password authentication entirely) web password and disable root login to your server via ssh.
- The following commands can be used to help. If you need help, come look for support in IRC and we will be glad to assist you in this matter. DO NOT OPEN A TICKET REQUESTING THAT WE CHANGE YOUR PASSWORD TO SUCHANDSUCH. ANY "PRIVATE" INFORMATION YOU CHOOSE TO SEND US IN PLAIN TEXT VIA TICKETS MAY STILL BE IN DANGER OF BEING DUMPED AND LEAKED. We do not know the extent to which our database has been comprimised and until we can migrate to a secure server, zero secure information should be passed through our database. We will provide future updates when such a transition takes place. If you require help in completing these commands, please seek us out in IRC and a staff member will be happy to assist you.
- To change your account passwords:
- Login to your slot via SSH and use the following commands
- sudo bash
- passwd (this will allow you to change your root password)
- passwd <username> (this will change the password for the supplied username)
- To change your web (rutorrent) password:
- htdigest /etc/htpasswd gods <username>
- To change you deluge auth password:
- edit the file /home/username/.config/deluge/auth -- example:
- nano /home/liara/.config/deluge/auth
- change the line
- liara:<insecurepassword>:10
- to
- liara:<newpassword>:10
- To secure your SSH accounts:
- edit the file "/etc/ssh/sshd_config"
- Find the line
- PermitRootLogin Yes
- and change it to
- PermitRootLogin without-password
- OR
- PermitRootLogin no
- To force public key authentication for ALL users find the following lines and ensure they are set as follows:
- ChallengeResponseAuthentication no
- PasswordAuthentication no
- UsePAM no
- Close the file and then restart your SSH server:
- service sshd restart
- For information on how to setup private and public keys please see the following: How do I setup SSH public key authentication?
- IF YOU HAVE A SHARED SLOT WITH SWIZARDS OR DO NOT KNOW HOW TO USE THE PREVIOUS COMMANDS ON YOUR DEDICATED SERVER SEEK OUT STAFF IN IRC AND PRIVATELY REQUEST A PASSWORD CHANGE. DO NOT SEND US A TICKET REQUESTING THAT WE CHANGE YOUR PASSWORD TO SUCHANDSUCH, THESE REQUESTS WILL BE IGNORED.
- I realize this is a wall of text and this may seem a daunting task. However, please do not delay following through with this task. We remain available for support in IRC and via ticket; however as mentioned several times already, do not divulge personal info in any tickets.
- Hopefully we will have more updates soon.
- Swizards
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement