LES Members Respond to FlorinMarian Exposing IHostArt Panel Issues

edited January 19 in Industry News

Hello everyone we informed recently about a data breach of our main website (ihostart.com data base)

we would like to inform you that the data on the VPS was NOT AFFECTED, only the database of the website ihostart.com, the following objects were compromised

Email address
Tickets requests/views

We recomanded for all customers ASAP , to change VPS password (as a precautionary measure) , we leave here coming soon more updates about this , in same time , i'm want inform , no one knew about this security breach, only after a user posted on LET, and we will take all legal measures for this
We leave in next hours more details about this situation

Thanked by (1)treesmokah
«1345

Comments

  • We send coming soon to all emails about this , for now we back to put website online

  • Just tell the truth ...
    The bug was made public by a competing company named hazi.ro managed by @FlorinMarian ...

  • edited January 18

    Calin borked web server config and for unknown amount of time visitors could download raw .php files. Whmcs config file also was accessed raw.

    @FlorinMarian exposed redacted config file publicaly on LET to defame calin. A scum move.

    Thanked by (3)Swiftnode Otus9051 adly
  • Data breach happened at 8:25 PM - 1/18/2024 (bucharest time)
    We shutdown all our web servers at 8:37 - 1/18/2024 (bucharest time)
    @everyone For now we confirmed just config.file and our data base password start expose , we confirm coming soon if anybody download main data base

  • @Calin said:
    Data breach happened at 8:25 PM - 1/18/2024 (bucharest time)
    We shutdown all our web servers at 8:37 - 1/18/2024 (bucharest time)
    @everyone For now we confirmed just config.file and our data base password start expose , we confirm coming soon if anybody download main data base

    Could database be accessed remotely?

  • @legendary said: Could database be accessed remotely?

    >

    Hello no ,all work at localhost

    Thanked by (1)legendary
  • I'm a huge proponent of responsible disclosure, and that thread on LET is not even close to being responsible.

    It's clear that thread was created with the intent to harm @Calin/IHostArt, I would genuinely be surprised if it didn't result in a ban.

    Swiftnode.net - Baremetal, virtual machines, VoIP, and DDoS mitigation.

  • MannDudeMannDude Hosting Provider

    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • MikeAMikeA Hosting ProviderOG

    @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    Lord is this true.

    Thanked by (2)Swiftnode webcraft
  • @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    Calin: "hi, we fix license next week"
    Florin: "you are an idiot suggesting me to pay $60 per month for some license when my clients pay me peanuts"

    Why?

  • @everyone After we investigate more attented this breach we confirmed emails or phones or tickets not exposed , just our password of config.php from WHMCS

    AGAIN , as a precautionary measure we recommend you to change the VPS password

    At the same time, we plan to migrate from WHMCS to blesta or another billing panel

    We don't have for now a ETA when website back online

    More Answers/Questions (Q&A)

    Question: Data base it's possible accesed outside from VPS network?

    Anwser: NO , we usage all on localhost

    Question: Any customer from ihostart network possible try to login on web panel to accesed data base?

    Answer: NO , we usage separed provider for our main website (ihostart.com / panel.ihostart.com)

  • edited January 18

    @MikeA said:

    @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    Lord is this true.

    Yes, the screenshot FlorinMarian posted of Calin's config file showed the first part of a shared license key,

  • Maybe you two should take a month off les and focus on drama at ogf.

    Thanked by (1)host_c
  • @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    ihostart.com shows legit on whmcs license checker though

    Hey teamacc. You're a dick. (c) Jon Biloh, 2020.

  • MannDudeMannDude Hosting Provider
    edited January 18

    @teamacc said:

    @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    ihostart.com shows legit on whmcs license checker though

    From: https://lowendtalk.com/discussion/comment/3892511/#Comment_3892511

    gblic is nulled

    What I have seen before now is people will pay the lowest licence to verify a domain but need a much higher package, so they replaces the licence file with the cracked one and have a little bash script that will run every day to put the original back, run the force update licence and then put the nulled back to continue the higher package

    I am not saying that is what is going on here but just what I have observed with others in the past.

    Maybe not nulled. Maybe nulled.

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • @teamacc said:

    @MannDude said:
    Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...

    ihostart.com shows legit on whmcs license checker though

    It didn't on the first checks after it was revealed on LET that it was a shared license.

  • I would hope that publicly exposing an exploit that could potentially leak customer data is bannable on LES as well.. it would be different if the issue was raised to Calin first and no measures were taken but the issue was never raised privately.

    Thanked by (5)MannDude Kris Falzo skhron adly
  • FrankZFrankZ Moderator
    edited January 19

    @BruhGamer12 said:
    I would hope that publicly exposing an exploit that could potentially leak customer data is bannable on LES as well.. it would be different if the issue was raised to Calin first and no measures were taken but the issue was never raised privately.

    The provider tag was suspended pending review when this came to my attention. A final decision will be made regarding this after the rest of the LES staff has weighed in.

    As long as they do not break the rules here at LES, I can't see how it would be justifiable to ban a member for things that they do elsewhere. As an example some members that are upstanding citizens here have been banned for actions taken at the OGF.

    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • @FrankZ said:

    @BruhGamer12 said:
    I would hope that publicly exposing an exploit that could potentially leak customer data is bannable on LES as well.. it would be different if the issue was raised to Calin first and no measures were taken but the issue was never raised privately.

    The provider tag was suspended pending review when this came to my attention. A final decision will be made regarding this after the rest of the LES staff has weighed in.

    I don't see how we can ban a member here if the issue does not happen here. As an example some members that are upstanding citizens here have been banned for actions taken at the OGF. As long as they do not break the rules here at LES, I can't see how it would be justifiable to ban a member.

    Devil's advocate, if a vendor deadpooled on OGF and a bunch of people lost money but he never advertised here would you let them keep their provider tag? But it only happened over on OGF ....

    Thanked by (1)Falzo
  • It doesn't matter if hazi broke specific rules at OGF. It was an illegal olympic-sized dick move against a competitor, for petty and stupid reasons.

    This is kill -9, this person is a potential threat to any community due to a combination of low intelligence and malevolence.

    Ban won't make any sense, as no one forbits him to create a new account. But IMHO he shouldn't sell anything again anywhere.

    Thanked by (2)Kris jmaxwell
  • FrankZFrankZ Moderator
    edited January 19

    @skorous said: Devil's advocate, if a vendor deadpooled on OGF and a bunch of people lost money but he never advertised here would you let them keep their provider tag? But it only happened over on OGF ....

    Not the same thing. As I said in the first part of my statement above, I suspended the provider tag when this came to my attention. Provider tags are removed, or never issued, to providers that the staff feels have a reasonable potential to be a danger to the community. Permanent removals or denials are generally decided by a majority vote of the staff, not just by any one person.

    EDIT: It should be noted that there are other reasons, in addition to what I stated above, that a provider tag would not be issued or would be revoked but they don't apply to this situation.

    Thanked by (3)skorous bikegremlin adly

    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • @FrankZ said:

    @skorous said: Devil's advocate, if a vendor deadpooled on OGF and a bunch of people lost money but he never advertised here would you let them keep their provider tag? But it only happened over on OGF ....

    Not the same thing. As I said in the first part of my statement above, I suspended the provider tag when this came to my attention. Provider tags are removed, or never issued, to providers that the staff feels have a reasonable potential to be a danger to the community. Permanent removals or denials are generally decided by a majority vote of the staff, not just by any one person.

    EDIT: It should be noted that there are other reasons, in addition to what I stated above, that a provider tag would not be issued or would be revoked but they don't apply to this situation.

    So the provider tag portion wasn't as important as the fact that they never did anything wrong here. It was an attempt to show that some mistakes are big enough that they follow you. I don't really have an opinion so last I'll say on it.

  • edited January 19

    So the provider tag portion wasn't as important as the fact that they never did anything wrong here. It was an attempt to show that some mistakes are big enough that they follow you. I don't really have an opinion so last I'll say on it.

    @skorous I'm confused by this comment, FrankZ has just explained above that the provider tag was suspended so he can no longer sell anything in this board, so what did I missed?

  • edited January 19

    Kudos for extremely fast disclosure, Romanian king is only one.

    @FlorinMarian If you are confident in your new 20Gbps "Arbor" protection, think again, you made yourself many new enemies. I liked to laugh at your incompetence, but such retarded malicious move is a no go.
    (this is not a threat, i'm just sure someone will do it)

  • cybertechcybertech OGBenchmark King

    @FlorinMarian care to clarify

    I bench YABS 24/7/365 unless it's a leap year.

  • cybertechcybertech OGBenchmark King

    I think it's unfair to ban this boy based on what he does/did on OGF, but yes there should be certain requirements to being a provider here and anywhere else.

    Thanked by (3)treesmokah yoursunny adly

    I bench YABS 24/7/365 unless it's a leap year.

  • edited January 19

    @treesmokah @cybertech
    This is what I can say about this situation:

    Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
    As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
    Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
    Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
    After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
    Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.

  • @FlorinMarian said:
    @treesmokah @cybertech
    This is what I can say about this situation:

    Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
    As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
    Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
    Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
    After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
    Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.

    if bad, why do?
    and, if do, why public?

    youtube.com/watch?v=k1BneeJTDcU

  • MannDudeMannDude Hosting Provider

    @FlorinMarian said:
    @treesmokah @cybertech
    This is what I can say about this situation:

    Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
    As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
    Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
    Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
    After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
    Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.

    You "randomly" went to a competitors WHMCS. You "randomly" checked to see if files were available through non-standard methods. Then instead of informing Calin directly, like a reasonable person, you submitted your findings to LET with a snarky message and thread title that made it clear your actions were malicious. As I'm sure you expected, and to no surprise of anyone, the information and method YOU posted was used maliciously. Only after did you share your findings publicly did you then decide to inform him.

    I'm not going to defend Calin, to be quite frank I think the two of your are cut from the same cloth and greatly lack business ethics. We'll all judge him in our own ways for his poor security practice that lead up to this event, but you really shot yourself in the foot. What did you expect to happen when you posted that thread? Everyone would clap for you, carry you on their shoulders and shower you with praise?

    [ IncogNET LLC ] - Privacy By Design
    We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
    [ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]

  • edited January 19

    @MannDude said:

    @FlorinMarian said:
    @treesmokah @cybertech
    This is what I can say about this situation:

    Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
    As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
    Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
    Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
    After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
    Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.

    You "randomly" went to a competitors WHMCS. You "randomly" checked to see if files were available through non-standard methods. Then instead of informing Calin directly, like a reasonable person, you submitted your findings to LET with a snarky message and thread title that made it clear your actions were malicious. As I'm sure you expected, and to no surprise of anyone, the information and method YOU posted was used maliciously. Only after did you share your findings publicly did you then decide to inform him.

    I'm not going to defend Calin, to be quite frank I think the two of your are cut from the same cloth and greatly lack business ethics. We'll all judge him in our own ways for his poor security practice that lead up to this event, but you really shot yourself in the foot. What did you expect to happen when you posted that thread? Everyone would clap for you, carry you on their shoulders and shower you with praise?

    Why do you look at the situation in one way?
    Calin, a provider in his turn, affects the image of the provider FlorinMarian in FlorinMarian's threads.
    Why do you expect FlorinMarian to show true fraternity towards the one who tries to bury his image?

    EDIT:

    You "randomly" checked to see if files were available through non-standard methods.

    What was non-standard? I've used my browser to access his homepage and index.php was downloaded instead of interpreted and then did the same with configuration file to see if still works with that.

Sign In or Register to comment.