SHARE
TWEET

Untitled

a guest Jun 14th, 2016 1,040 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Dear XXX,
  2.  
  3. We regret to inform you that yesterday evening around 4pm PDT Swizards.net was the target of a malicious attack. In this event, the attacker used an sql injection technique to exploit a vulnerability the code of WHMCS. As a result, the individual was able to gain access to our private database and began harassing individual users in IRC by showing them their personal information contained within our database. Last night I applied outstanding security patches to our installation and this morning the hacker went public with a post to reddit
  4.  
  5. In short, the attacker is demanding that we pay him 1BTC or he will leak the contents of this database on Monday June 20th, 2016.
  6.  
  7. I am currently unsure of how the ownership will proceed in regards this threat at this current time -- this email is only to get facts into the open.
  8.  
  9. How safe am I? What about my personal info?
  10.  
  11. We are currently operating under the assumption that the attacker has a full dump of our database. This data includes:
  12. Name
  13. Address
  14. Telephone #
  15. Client ID
  16. Email
  17. Hashed password for your account at Swizards.net
  18. Limited info about your credit card if Stripe is your payment method (Last 4 digits and expiry)
  19. The contents of all tickets
  20. In addition to this we also store your seedbox information as well if you have an active account with us. This information contains:
  21. Hostname
  22. Username
  23. Password
  24. Root password
  25. Because of this, we urge you to immediately change your user password (or better yet, setup private key/public key pair and disable password authentication entirely) web password and disable root login to your server via ssh.
  26.  
  27. The following commands can be used to help. If you need help, come look for support in IRC and we will be glad to assist you in this matter. DO NOT OPEN A TICKET REQUESTING THAT WE CHANGE YOUR PASSWORD TO SUCHANDSUCH. ANY "PRIVATE" INFORMATION YOU CHOOSE TO SEND US IN PLAIN TEXT VIA TICKETS MAY STILL BE IN DANGER OF BEING DUMPED AND LEAKED. We do not know the extent to which our database has been comprimised and until we can migrate to a secure server, zero secure information should be passed through our database. We will provide future updates when such a transition takes place. If you require help in completing these commands, please seek us out in IRC and a staff member will be happy to assist you.
  28.  
  29.  
  30. To change your account passwords:
  31. Login to your slot via SSH and use the following commands
  32. sudo bash
  33. passwd (this will allow you to change your root password)
  34. passwd <username> (this will change the password for the supplied username)
  35.  
  36. To change your web (rutorrent) password:
  37. htdigest /etc/htpasswd gods <username>
  38.  
  39. To change you deluge auth password:
  40. edit the file /home/username/.config/deluge/auth -- example:
  41. nano /home/liara/.config/deluge/auth
  42.  
  43. change the line
  44. liara:<insecurepassword>:10
  45.  
  46. to
  47. liara:<newpassword>:10
  48.  
  49. To secure your SSH accounts:
  50. edit the file "/etc/ssh/sshd_config"
  51.  
  52. Find the line
  53. PermitRootLogin Yes
  54.  
  55. and change it to
  56. PermitRootLogin without-password
  57. OR
  58. PermitRootLogin no
  59.  
  60. To force public key authentication for ALL users find the following lines and ensure they are set as follows:
  61. ChallengeResponseAuthentication no
  62. PasswordAuthentication no
  63. UsePAM no
  64.  
  65. Close the file and then restart your SSH server:
  66.  
  67. service sshd restart
  68.  
  69. For information on how to setup private and public keys please see the following: How do I setup SSH public key authentication?
  70.  
  71. IF YOU HAVE A SHARED SLOT WITH SWIZARDS OR DO NOT KNOW HOW TO USE THE PREVIOUS COMMANDS ON YOUR DEDICATED SERVER SEEK OUT STAFF IN IRC AND PRIVATELY REQUEST A PASSWORD CHANGE. DO NOT SEND US A TICKET REQUESTING THAT WE CHANGE YOUR PASSWORD TO SUCHANDSUCH, THESE REQUESTS WILL BE IGNORED.
  72.  
  73. I realize this is a wall of text and this may seem a daunting task. However, please do not delay following through with this task. We remain available for support in IRC and via ticket; however as mentioned several times already, do not divulge personal info in any tickets.
  74.  
  75. Hopefully we will have more updates soon.
  76.  
  77. Swizards
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top