#安全通报# EthernetServers遭黑客侵袭

本文地址:http://www.oyayu.com/security-news-ethernetservers-is-attacked-by-hackers.html
文章摘要:#安全通报# EthernetServers遭黑客侵袭 ,监督电话家居霍然,必得想吃尺寸千里。

ethernetserversEthernetServers是一家来自国外的VPS服务商,彩票控重庆时时彩:前一阵子曾经提供过非常给力的促销(当前依旧可购买):1.5G内存,400G硬盘,6T流量,洛杉矶机房, 基于OpenVZ的VPS,年付仅20美元(购买链接)。但最近微魔收到了这家的邮件,生成自己的客户信息可能因为黑客的入侵而泄露(具体信息参见下文的邮件内容)。关于这次侵袭,EthernetServers的反应行动几乎受到了客户的一致好评,应对措施也显得颇为专业(虽然把员工的电脑系统重装这点有点儿“霸道”),就这种对客户“透明”的态度,微魔觉得也值得点赞。当然,如果你是这家的客户,最好重置客户中心密码。

邮件详情

Hello XXX,

It comes with much sadness and disappointment that I must announce that we've been the victim of a security breach. 

As it stands, our website (ethernetservers.com) and customer portal (ethernetservers.com/clients) are hosted on a server which is completely separate from any other parts of our network. It's in a completely different physical location, with a provider that only hosts our website and no customer servers. This is something we've long believed in to maintain redundancy should a part of our network fail. Over the weekend, an unauthorized individual was able to access the control panel for the provider that hosts our website, from which point they asked for the root password to be reset. We did have various security protocols in-place on the server-level such as a non-standard SSH port, IP restrictions, etc. however, our provider, being the helpful people they are, were persistent in assisting who they thought was myself (George) re-gain access to the server, as they didn't have reason to believe otherwise. 

From this point, the attacker logged into the server. It is not known exactly what they did or did not do, as they cleared the log files, however we are assuming the worst, being that they took a backup of our database. This was the only sensitive information on the server, and this backup will contain everything within our billing system, which includes:

- Full names
- Addresses
- Email Addresses
- Phone Numbers
- Support Tickets
- Service details (domains & IP addresses)

We use the latest version of the industry standard billing software, WHMCS, which contains passwords for services (Shared/Reseller Hosting Accounts and VPS Root Passwords) in plain-text within the administrator interface. Passwords used to login at our customer portal (ethernetservers.com/clients) are not stored in plain-text, and are not visible to us, however there is always the possibility that they can be converted to plain text. As such, we urge everyone to adjust any and all passwords. This can be done, here: http://www.oyayu.com/191/clients/clientarea.php?action=changepw

If you are a Shared or Reseller Hosting customer, you will be prompted to set a new password the next time you login to cPanel. The password you set will not be stored on file in our billing system. 
If you are a VPS customer, we recommend changing your root password, along with your SolusVM password. Unfortunately it is not possible for us to force resets of these passwords.

No access has been gained to any server other than our main website, and the possibility of an attacker logging into customer services individually from the details on file seems extremely unlikely, and so we do not believe the content under your hosting accounts to be at risk, although a password reset is certainly recommended. If you do not wish to have your service password stored within our billing system, this is possible by making password resets directly, rather than through our customer portal. For example, if you have a shared hosting account, you can change your password via cPanel and then it will not be stored in our billing system. The same applies to VPS customers. 

How did the attacker gain access? 
The attacker used the account password for our supplier, which was complex, though very regrettably, was used in more than one location online. As such, we are of believe the password may have been compromised elsewhere. Despite our best efforts, we have been unable to determine exactly where this might have been. 

What have we done to prevent a further breach?
As soon as we became aware of this issue, we immediately logged into the server, took a full backup of all important content, and made it unavailable to public internet connections. We then setup a new server and restored all of our static website content from a backup taken before the breach, and completely reinstalled our billing system from scratch, with our database, which has been thoroughly checked and declared as clean. Our site and server has been rebuilt from the ground upwards, and we are confident that it is safe to use. 

Our previous server security measures have been put into place, as well as new layers of security. We must stress that our server software itself was not compromised, this attack was made possible by a password reset as explained above. 

All staff PCs have been completely wiped, and their operating systems have been reinstalled. Whilst we are confident that the attack was not made possible via a compromised PC, every possible step is being taken to rebuild our security. 

Passwords and API keys for every service we use have been reset to fully unique, complex values, which are not being stored on computers. 

The attack method which was used is no longer possible, even under the very rare chance that the new password was obtained, as we have setup new security protocols.

Are my payment details at risk? 
We accept PayPal payments, and Credit/Debit card payments via the Stripe gateway. We do not store credit card information ourselves, and payments are processed via Stripe's API. The old API details we were using have been removed and so even in the hands of an attacker, any attempts to make charges will fail. As such, we do not believe your payment details to be at risk, although if you use the same passwords elsewhere, changing them is advised.

I speak on behalf of all our staff when I say we're extremely sorry for the inconvenience caused. We're disappointed in ourselves that prevention of this attack vendor was so very simple, and have fully learnt from our mistake. I understand there is going to be concern as a result of this, and if you would like to discuss anything with us, please let us know by replying to this email, contacting us on Facebook or Twitter, submitting a support ticket, or reaching out to us on Skype (EthernetServers). To verify the legitimacy of this email, we have also placed a copy on our website: http://www.oyayu.com/412/email.html

Regards,
George, 
Ethernet Servers

You May Also Like

About the Author: 微魔

小微魔,大智慧!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

福彩幸运农场开奖走势图百度 重庆福彩官方网站 幸运农场黄金分割点 幸运农场开奖结果了58 重庆幸运农场开奖
重庆幸运农场遗漏软件 北京赛车pk10稳赢公式 幸运农场三连中 幸运农场怎么容易中啊 幸运28外围投注微信群
幸运农场追号可以吗 重庆幸运农场数字走势图 幸运飞船全天计划 幸运农场8复试中奖多少 重庆幸运农场历史记录
重庆福彩幸运农场 广东快乐十分技巧 123重庆幸运农场走势 幸运农场三全中概率 幸运农场选重号技巧
双色球蓝球五行走势 形容词排列顺序 时时彩平台出租 彩票开奖查询 国际娱乐平台
七乐彩开奖时间 山东福利彩票群英会 超声波捕鱼器视频 福建体彩11选5走势图表 北京pk10聚彩
辽宁体彩11选5开奖查询 北京赛车官网视频直播 六合彩开 赌场风云国语全集 香港六合彩曾道人
七乐彩基本走势图 双色球彩票走势图 北京赛车破解规律1到10 世界杯投注网 吉林体彩11选5走势图