LES Members Respond to FlorinMarian Exposing IHostArt Panel Issues
Calin
Hosting Provider
Hello everyone we informed recently about a data breach of our main website (ihostart.com data base)
we would like to inform you that the data on the VPS was NOT AFFECTED, only the database of the website ihostart.com, the following objects were compromised
Email address
Tickets requests/views
We recomanded for all customers ASAP , to change VPS password (as a precautionary measure) , we leave here coming soon more updates about this , in same time , i'm want inform , no one knew about this security breach, only after a user posted on LET, and we will take all legal measures for this
We leave in next hours more details about this situation
Thanked by (1)treesmokah
Comments
We send coming soon to all emails about this , for now we back to put website online
Just tell the truth ...
The bug was made public by a competing company named hazi.ro managed by @FlorinMarian ...
Calin borked web server config and for unknown amount of time visitors could download raw .php files. Whmcs config file also was accessed raw.
@FlorinMarian exposed redacted config file publicaly on LET to defame calin. A scum move.
Data breach happened at 8:25 PM - 1/18/2024 (bucharest time)
We shutdown all our web servers at 8:37 - 1/18/2024 (bucharest time)
@everyone For now we confirmed just config.file and our data base password start expose , we confirm coming soon if anybody download main data base
Could database be accessed remotely?
>
Hello no ,all work at localhost
I'm a huge proponent of responsible disclosure, and that thread on LET is not even close to being responsible.
It's clear that thread was created with the intent to harm @Calin/IHostArt, I would genuinely be surprised if it didn't result in a ban.
Swiftnode.net - Baremetal, virtual machines, VoIP, and DDoS mitigation.
Yeah, Florin is a real piece of crap for that. Also, Calin, buy a legitimate WHMCS license and don't use a nulled one...
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
Lord is this true.
ExtraVM - High RAM Specials
Yours truly.
Calin: "hi, we fix license next week"
Florin: "you are an idiot suggesting me to pay $60 per month for some license when my clients pay me peanuts"
Why?
@everyone After we investigate more attented this breach we confirmed emails or phones or tickets not exposed , just our password of config.php from WHMCS
AGAIN , as a precautionary measure we recommend you to change the VPS password
At the same time, we plan to migrate from WHMCS to blesta or another billing panel
We don't have for now a ETA when website back online
More Answers/Questions (Q&A)
Question: Data base it's possible accesed outside from VPS network?
Anwser: NO , we usage all on localhost
Question: Any customer from ihostart network possible try to login on web panel to accesed data base?
Answer: NO , we usage separed provider for our main website (ihostart.com / panel.ihostart.com)
Yes, the screenshot FlorinMarian posted of Calin's config file showed the first part of a shared license key,
Maybe you two should take a month off les and focus on drama at ogf.
ihostart.com shows legit on whmcs license checker though
Hey teamacc. You're a dick. (c) Jon Biloh, 2020.
From: https://lowendtalk.com/discussion/comment/3892511/#Comment_3892511
Maybe not nulled. Maybe nulled.
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
It didn't on the first checks after it was revealed on LET that it was a shared license.
I would hope that publicly exposing an exploit that could potentially leak customer data is bannable on LES as well.. it would be different if the issue was raised to Calin first and no measures were taken but the issue was never raised privately.
The provider tag was suspended pending review when this came to my attention. A final decision will be made regarding this after the rest of the LES staff has weighed in.
As long as they do not break the rules here at LES, I can't see how it would be justifiable to ban a member for things that they do elsewhere. As an example some members that are upstanding citizens here have been banned for actions taken at the OGF.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Devil's advocate, if a vendor deadpooled on OGF and a bunch of people lost money but he never advertised here would you let them keep their provider tag? But it only happened over on OGF ....
It doesn't matter if hazi broke specific rules at OGF. It was an illegal olympic-sized dick move against a competitor, for petty and stupid reasons.
This is kill -9, this person is a potential threat to any community due to a combination of low intelligence and malevolence.
Ban won't make any sense, as no one forbits him to create a new account. But IMHO he shouldn't sell anything again anywhere.
Not the same thing. As I said in the first part of my statement above, I suspended the provider tag when this came to my attention. Provider tags are removed, or never issued, to providers that the staff feels have a reasonable potential to be a danger to the community. Permanent removals or denials are generally decided by a majority vote of the staff, not just by any one person.
EDIT: It should be noted that there are other reasons, in addition to what I stated above, that a provider tag would not be issued or would be revoked but they don't apply to this situation.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
So the provider tag portion wasn't as important as the fact that they never did anything wrong here. It was an attempt to show that some mistakes are big enough that they follow you. I don't really have an opinion so last I'll say on it.
@skorous I'm confused by this comment, FrankZ has just explained above that the provider tag was suspended so he can no longer sell anything in this board, so what did I missed?
Kudos for extremely fast disclosure, Romanian king is only one.
@FlorinMarian If you are confident in your new 20Gbps "Arbor" protection, think again, you made yourself many new enemies. I liked to laugh at your incompetence, but such retarded malicious move is a no go.
(this is not a threat, i'm just sure someone will do it)
@FlorinMarian care to clarify
I bench YABS 24/7/365 unless it's a leap year.
I think it's unfair to ban this boy based on what he does/did on OGF, but yes there should be certain requirements to being a provider here and anywhere else.
I bench YABS 24/7/365 unless it's a leap year.
@treesmokah @cybertech
This is what I can say about this situation:
if bad, why do?
and, if do, why public?
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
You "randomly" went to a competitors WHMCS. You "randomly" checked to see if files were available through non-standard methods. Then instead of informing Calin directly, like a reasonable person, you submitted your findings to LET with a snarky message and thread title that made it clear your actions were malicious. As I'm sure you expected, and to no surprise of anyone, the information and method YOU posted was used maliciously. Only after did you share your findings publicly did you then decide to inform him.
I'm not going to defend Calin, to be quite frank I think the two of your are cut from the same cloth and greatly lack business ethics. We'll all judge him in our own ways for his poor security practice that lead up to this event, but you really shot yourself in the foot. What did you expect to happen when you posted that thread? Everyone would clap for you, carry you on their shoulders and shower you with praise?
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
Why do you look at the situation in one way?
Calin, a provider in his turn, affects the image of the provider FlorinMarian in FlorinMarian's threads.
Why do you expect FlorinMarian to show true fraternity towards the one who tries to bury his image?
EDIT:
What was non-standard? I've used my browser to access his homepage and index.php was downloaded instead of interpreted and then did the same with configuration file to see if still works with that.