Sborg.us hacked and Database online

[Tango]

I just imported the database and logged into admin panel of 3 sites within 15 minutes.

Any novice hacker could use admin panel details to gain full access to the hosting account or root the server.

Sborg should have notified clients immediately

 

[Mr Happy]

I am not that emo type that i would be feeling sorry for the action of a hacker for 4 days.

wtf? 4 days? I though it was only 3.

Mr Happy chill out , the guy is trying his best

No he obviously didn't do his best if it took me posting screenshots of usernames and passwords 4 days later for him to take appropriate action.

I just imported the database and logged into admin panel of 3 sites within 15 minutes.

Any novice hacker could use admin panel details to gain full access to the hosting account or root the server.

Sborg should have notified clients immediately

Exactly my point. I know they have now but it's retard how long it took. 4 bloody days is just ridiculous.

 

[ms7]

Ok, i have a question ..if i changed the login details i had by default when my account was set up i'm still in danger?
In any case, i had changed those twice, once then and once today after i read here, i changed paypal mail, accounts passwords, acc mail pass, security question, etc..
but i wanna know if a hacker could enter in my sborg with only knowing the adress, because this is the only thing i cannot change.
Thank you.

 

[Dj Mad]

Yes... it's too late for some clients.

Using the information in your database I've managed to gain access to one of your clients personal websites. Don't worry. I've done this before when boxhead used to hack websites and helped his victims secure and fix their sites and have already contacted the client in question.

Unfortunately unlike when boxhead hacked a site it only affected one person not a few hundred in this case so it's impossible for me to help every client.

I recommend some compensation for your clients would be in order considering the magnitude of this what I can only describe as "fuck up".

If any of your other clients have questions about security I'd be happy to help them.

Happy The Hacker. lol

 

[ajinkya9]

I'm failing to understand what your point is, are you saying that WHMCS doesn't help a host?

I am saying, all people were going on about how Nulled WHCMS had a security issue, and it was very important to protect the Private info of People.
I don't see that kind of movement here.

 

[somik]

Ok, i have a question ..if i changed the login details i had by default when my account was set up i'm still in danger?
In any case, i had changed those twice, once then and once today after i read here, i changed paypal mail, accounts passwords, acc mail pass, security question, etc..
but i wanna know if a hacker could enter in my sborg with only knowing the adress, because this is the only thing i cannot change.
Thank you.

No, noone can access your sBorg without the username and password that you have entered.


.

 

[Sp32]

Yes... it's too late for some clients.

Using the information in your database I've managed to gain access to one of your clients personal websites. Don't worry. I've done this before when boxhead used to hack websites and helped his victims secure and fix their sites and have already contacted the client in question.

Unfortunately unlike when boxhead hacked a site it only affected one person not a few hundred in this case so it's impossible for me to help every client.

I recommend some compensation for your clients would be in order considering the magnitude of this what I can only describe as "fuck up".

If any of your other clients have questions about security I'd be happy to help them.

You're a good guy Mr Happy. <3

 

[cgworld]

access to different vps is confirmed!! SOMIK raped you guyz.
he is responsible for all these shits, its not nice to have clients email in spammer's list !

 

[GoPantheoN]

I managed to get access to many filehost premium accounts. Notify the users to change their passwords for their email ids and filehosts asap!

 

[ProtoWorker]

I'll stay on sBorg's side. Its the "client's" responsibility to use a random password on each of his accounts, change his passwords whenever a problem is sorted out. The administration can't be held responsible for everything. I appreciate the way of Mr. happy and I hope to see more action from sBorg team to solve this issue ASAP and prove their clients' privacy with them now onward. I'm one of the very first users/resellers of sBorg and I always am a fan of how sBorg team solve any problems. So, I'm pretty sure this isn't gonna be any worse.

 

[cgworld]

it's too late for that!

 

[awaiz007]

filehost premium accounts i guess there are many of them i too have the db

 

[BlaZe]

Are you all retards ? Get a life and stop sitting in front of the computer from morning 7:30 to night 1:00 (thats what most of the people here do).

The guy got hacked, its a shameful moment for him, so why try to create more trouble for him ? Give him some time, let him do whatever he thinks is *good* and supplementary to the actions done.

Even if he is not ashamed, then why to argue ? Its not that he murdered someone or raped a child. He has accepted that his server was breached and that the data is stolen. He might have emailed all his clients to change/modify their passwords.

END OF STORY.

For a moment, just keep yourself in his shoes. Feel what he might be going through right now. If you can't help him, then atleast don't worsen the things for him.

 

[pi0tr3k]

I'd love to like your post like 1000x Balze, too bad we can only like it once

Get a life and stop sitting in front of the computer from morning 7:30 to night 1:00

 

[innocent_kid]

IN total only point is he shall just once mail to all his clients that server is hacked and ask them to change pass nothing else.....
u guys are trolling like this is first site ever got hacked
FGS if u think he shouldnt create a website guys u cud have not used it? not like he forced to register?
and its not possible to make a unhackable site is it?
there are always new exploits around...
so stop like killing him and try to jsut work it out?

 

[JoomlaZ]

Well i was using sborg for sometime and i used all the licenses which i bought too. I changed my servers after i stopped using the licenses. well anybody tell, hacker can coz anything to me as my email id is still there in the db. Thanks

 

[vizoomer]

IN total only point is he shall just once mail to all his clients that server is hacked and ask them to change pass nothing else.....
u guys are trolling like this is first site ever got hacked
FGS if u think he shouldnt create a website guys u cud have not used it? not like he forced to register?
and its not possible to make a unhackable site is it?
there are always new exploits around...
so stop like killing him and try to jsut work it out?

trolling is what has got people to know about what has happened specially because of happy... because of just that i guess sborg finally e-mailed everyone about the things..

well i can guess what kind of a thing sborg people might be in right now and i ain't saying if anyone is right or wrong but atleast this thread is leading to good for our fellow wj users ?

 

[Smith]

Shit happens. No need to flame his ass. No one is perfect. However, so many info got leaked.

 

[CJ]

Like smith, blaze already said. Shit happens. No need to go for kill against sborg. First of all Somik or say sborg developers didnt expected this ever. They would have never thought the breach was so big. It was very unfortunate. Just help them to get over it. And for the users I would say they should have random passwords for every site which would be better for them for such instances

 

[Fulano]

With all due respect, I think some of you guys are missing the point Mr. Happy made. He is not criticizing the Sborg team for getting hacked, what he (and some of us too) doesn't like is the way this was handled.

If I got your paypal account, server info and other sensitive information stored in my server and my server gets raped, the right thing to do is to immediately warn all my clients and urge them to change every piece of info they ever gave me as to prevent the damage from expanding.

Instead the Sborg team minimized the seriousness of the problem and if it wasn't for Mr. Happy's posts, they would have probably never sent an email to their client base.

They got hacked, big deal, even Sony got hacked. The problem here is what they did after that. It is not right to try to cover your arses and minimize a huge problem while your client info is quickly propagating through the Internet.

Thank you Mr. Happy for doing what you did. Please be sure your work is greatly appreciated.