Sborg.us hacked and Database online

[Gavo]

I just imported the database and logged into admin panel of 3 sites within 15 minutes.

Any novice hacker could use admin panel details to gain full access to the hosting account or root the server.

Sborg should have notified clients immediately

[Mr Happy]

I am not that emo type that i would be feeling sorry for the action of a hacker for 4 days.

wtf? 4 days? I though it was only 3.

Mr Happy chill out , the guy is trying his best

No he obviously didn't do his best if it took me posting screenshots of usernames and passwords 4 days later for him to take appropriate action.

I just imported the database and logged into admin panel of 3 sites within 15 minutes.

Any novice hacker could use admin panel details to gain full access to the hosting account or root the server.

Sborg should have notified clients immediately

Exactly my point. I know they have now but it's retard how long it took. 4 bloody days is just ridiculous.

[ms7]

Ok, i have a question ..if i changed the login details i had by default when my account was set up i'm still in danger?
In any case, i had changed those twice, once then and once today after i read here, i changed paypal mail, accounts passwords, acc mail pass, security question, etc..
but i wanna know if a hacker could enter in my sborg with only knowing the adress, because this is the only thing i cannot change.
Thank you.

[Dj Mad]

Yes... it's too late for some clients.

Using the information in your database I've managed to gain access to one of your clients personal websites. Don't worry. I've done this before when boxhead used to hack websites and helped his victims secure and fix their sites and have already contacted the client in question.

Unfortunately unlike when boxhead hacked a site it only affected one person not a few hundred in this case so it's impossible for me to help every client.

I recommend some compensation for your clients would be in order considering the magnitude of this what I can only describe as "fuck up".

If any of your other clients have questions about security I'd be happy to help them.

Happy The Hacker. lol

[ajinkya9]

I'm failing to understand what your point is, are you saying that WHMCS doesn't help a host?

I am saying, all people were going on about how Nulled WHCMS had a security issue, and it was very important to protect the Private info of People.
I don't see that kind of movement here.

[somik]

Ok, i have a question ..if i changed the login details i had by default when my account was set up i'm still in danger?
In any case, i had changed those twice, once then and once today after i read here, i changed paypal mail, accounts passwords, acc mail pass, security question, etc..
but i wanna know if a hacker could enter in my sborg with only knowing the adress, because this is the only thing i cannot change.
Thank you.

No, noone can access your sBorg without the username and password that you have entered.


.

[Sp32]

Yes... it's too late for some clients.

Using the information in your database I've managed to gain access to one of your clients personal websites. Don't worry. I've done this before when boxhead used to hack websites and helped his victims secure and fix their sites and have already contacted the client in question.

Unfortunately unlike when boxhead hacked a site it only affected one person not a few hundred in this case so it's impossible for me to help every client.

I recommend some compensation for your clients would be in order considering the magnitude of this what I can only describe as "fuck up".

If any of your other clients have questions about security I'd be happy to help them.

You're a good guy Mr Happy.

[cgworld]

access to different vps is confirmed!! SOMIK raped you guyz.
he is responsible for all these shits, its not nice to have clients email in spammer's list !

[GoPantheoN]

I managed to get access to many filehost premium accounts. Notify the users to change their passwords for their email ids and filehosts asap!

[ProtoWorker]

I'll stay on sBorg's side. Its the "client's" responsibility to use a random password on each of his accounts, change his passwords whenever a problem is sorted out. The administration can't be held responsible for everything. I appreciate the way of Mr. happy and I hope to see more action from sBorg team to solve this issue ASAP and prove their clients' privacy with them now onward. I'm one of the very first users/resellers of sBorg and I always am a fan of how sBorg team solve any problems. So, I'm pretty sure this isn't gonna be any worse.