[Calgon]

I'm posting this here because I believe their primary 'market' is within SA-MP.

http://www.webhostingtalk.com/showthread.php?t=1130361

Shame on them for using plaintext to store passwords...

I just thought you should know, in case you were considering buying from them or whatever.

Quote:

All my personal, banking and password information is on the internet - never mind patching the servers need to be shut down and the police involved immediately

Quote:

I was a customer of ColorHost as well, and I know for a fact that this is not the first time our information has been hacked. I received information of leaked data in December, and when I contacted Kevin, he told me it was impossible. I had a screenshot of my own data from the Database. I demanded that he remove all of my information from the database, or I would be taking legal action. He claimed to have complied, but obviously not.

Quote:

All my personal, banking and password information is on the internet - never mind patching the servers need to be shut down and the police involved immediately

Quote:

Hello All ColorHost clients! We have done an investigation, and have found out the recent attacks that have been made against us are from a gypsy terrorist group known as GypsyGuzz We have learnt that all data has been stolen including billing information, and as a reminder please all ignore emails that look false, all future emails will come from billingcenter@colorhost.co and please check your headers to verify this. Many Thanks Kevin, Carlos, Jason and Ethan ColorHost CEO

[Abbott]

I hate to bash on another host, but this is ridiculous.

Quote:

Protecting our root logins with keys that only me and staff have, preventing unauthorized logins to our SSH. Protecting the SQL databases better and hashing data.

Source: http://kevman95.com/blog/apolgies-an...g-your-truely/

I would think that these would be some of the first things to do when opening a website let alone a server hosting company.

plaintext passwords.......

[-CaRRoT]

Question - they stole from YOU 2500$ ?

[Calgon]

No, I was just casually browsing WHT and noticed the thread.

[-CaRRoT]

Quote:

The Sony attacks

And.. what's that ?

[Hiddos]

I've got no idea why anybody would choose to go with ColorHost in the first place, but thanks for sharing. Hope this is a warning to people considering cheaper, unprofessional hosting.

[Abbott]

Quote:

Originally Posted by Breto And.. what's that ?

How did you not hear about the Sony attacks, they were everywhere..


http://lmgtfy.com/?q=sony+lulzsec+attack

[shitbird]

I literally laughed when I read the topic @ webhostingtalk.

I love how everyone screams for compensation when these incidents occur, or even threatens the hosting company saying that they will take legal actions, simply because they can.

This is indeed an unfortunate incident at ColorHost, and needs to be corrected.
But the general attitude of some people leaves me laughing, really bad.

- ps. I was a victim of the Sony incident last year. So - Yes, I do know how it feels like.
- pps. Do you have any official statements from Kevin, or any of the managers from ColorHost?

[Abbott]

Quote:

Originally Posted by shitbird I literally laughed when I read the topic @ webhostingtalk. I love how everyone screams for compensation when these incidents occur, or even threatens the hosting company saying that they will take legal actions, simply because they can. This is indeed an unfortunate incident at ColorHost, and needs to be corrected. But the general attitude of some people leaves me laughing, really bad. - ps. I was a victim of the Sony incident last year. So - Yes, I do know how it feels like. - pps. Do you have any official statements from Kevin, or any of the managers from ColorHost?

As per second post.

http://kevman95.com/blog/apolgies-an...g-your-truely/

[ColorHost-Kevin]

Hello All.

This issue is corrected, and as my post says we are always working for improvements.

WHMCS does store a lot of information in plain text BUT not client passwords! I went back over it months ago when this situation occurred and corrected the non-secure information

The clients that were effected were also warned back in that month of the attacks, and the ways were preventing future attacks. I do not know why it chooses to come up months later.

We here have been running since 2009, And have attracted quite a large crowd. Including people who want to try to hack and get into our systems.

Our main goal here is that NO service was tampered with, but there was a leak of personal info for clients back in December or previous months.

We also got the media they were passing around removed.

If anyone does have any questions, your free to ask me.