AmpleHosting / Greycell possibly hacked

J

JasonH

Senior Member
Joined
Mar 27, 2005
Messages
580
Reaction score
0
Location
elitehost.co.za / Johannesburg, ZA
Hello,

I just received the following email

http://elitehost.co.za/amplehosting.PNG

Hey everyone ! Do you belive your personal details are safe within this site? I know they're not as I am not a part of this company and yet I am sending this e-mail.
Yeah you probably get it by now this site got hacked by TheUnkn0wn - Offensive Security.

I also got a total backup of the whole site in my hands to release where ever I see fit, maybe on ThePirateBay or other big torrent sites/trackers, and belive me when I say people will use it for bad purposes.

So all I ask from everyone is to Register an account with us at TheUnkn0wn and send Casi a PM saying that you are from this hosting company thing...

I exspect at least 500 msgs else I will release everything

www.TheUnkn0wn.org
Click to expand...

I thought this was another one of those email addresses being spoofed, but decided to double check and found this in our mail logs. It shows that the email was sent from their server server.greycell.co.za @ 96.31.79.81

http://elitehost.co.za/amplehosting2.PNG
Code: 
root@aries [~]# grep amplehosting.co.za /var/log/exim_mainlog
2010-08-01 18:06:09 1Ofb34-0005sU-FB <= [email protected] H=server.greycell.co.za [96.31.79.81] P=esmtps X=TLSv1:AES256-SHA:256 S=3892 id=l6he1u.8jm1vs@localhost T="Official Partner" for [email protected]
2010-08-01 18:06:11 1Ofb36-0005t7-V8 <= [email protected] H=server.greycell.co.za [96.31.79.81] P=esmtps X=TLSv1:AES256-SHA:256 S=3892 id=l6he1v.rgxtvt@localhost T="Official Partner" for [email protected]
2010-08-01 18:06:16 1Ofb3B-0005uQ-Jx <= [email protected] H=server.greycell.co.za [96.31.79.81] P=esmtps X=TLSv1:AES256-SHA:256 S=3892 id=l6he22.23xre6@localhost T="Official Partner" for [email protected]
2010-08-01 18:06:18 1Ofb3D-0005uX-W4 <= [email protected] H=server.greycell.co.za [96.31.79.81] P=esmtps X=TLSv1:AES256-SHA:256 S=3892 id=l6he23.84whez@localhost T="Official Partner" for [email protected]
2010-08-01 18:06:44 1Ofb3f-00064i-1u <= [email protected] H=server.greycell.co.za [96.31.79.81] P=esmtps X=TLSv1:AES256-SHA:256 S=3892 id=l6he28.aao326@localhost T="Official Partner" for [email protected]

Sure, we are a competitor and we also deal with our servers getting hacked but this doesn't seem good, lets wait until they release something. Has anyone else received an email like this from them?

edit: saw greycell.co.za/support/ had a MySQL error, now it has a blank page, this seems quite legit unfortunately.

Jason
 
Last edited:
I have also received this mail, I stopped hosting with amplehosting about a year ago but looks like they still have my details on there system.
 
Ouch, that sucks a bit. What information would they release, I presume they don't store payment details so all they would really have it you personal details which you can pretty much get from a phone book.
 
VexBlade said:
I have also received this mail, I stopped hosting with amplehosting about a year ago but looks like they still have my details on there system.
Click to expand...

Yeah, seems our details are on their system as we deal with domain transfers from/to them etc.

James said:
Ouch, that sucks a bit. What information would they release, I presume they don't store payment details so all they would really have it you personal details which you can pretty much get from a phone book.
Click to expand...

It depends which database they hacked.. not sure about this. Wonder if they have emailed their customers about the hack, anyone?
 
I have one of my domains hosted with Amplehost/Greycell and also got this email sent to one of the email addresses of that domain. I have another email address that my bills get sent to and have not received a similar email to that address so I hope it is not to bad.
 
"Posted Today, 10:38 AM
I just got a PM from them saying
Quote
"Spare us please ! =)"

Ouch :(
 
LOL "Newest Member elitehost.co.za " - just joined the hacking forum :p

You do know with a username like that you will get loads of unwanted attention.

10/10 for confidence :p
 
Last edited:
w1z4rd said:
LOL "Newest Member elitehost.co.za " - just joined the hacking forum :p

You do know with a username like that you will get loads of unwanted attention.

10/10 for confidence :p
Click to expand...

I haven't signed up there :/

I'm guessing this was an SQL injection into the Kayako support system. They have all the passwords of "welcome emails" that clients have replied back to.
 
Last edited:
Ouch, unlucky for the headwise.net people. Probably a good idea to remove the shell above, not too cool for that on a public forum.

I wonder if amplehost have let their clients know?
 
So my post was deleted... Sorry for trying to help guys

So then, if anyone want any real info on this, PM me...
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X