UnderHost - scammers and insecure Servers

[m3th]

Yo, I discovered something about UnderHost and I would like to share it with you and let everyone know they are fucking scammers which are selling you the idea they have secure servers although they got hacked and lost your data multiple times. They are backdoring their own forum, take a look at http://pastebin.com/m496172c and http://pastebin.com/m6593eb79. At the end they got rooted like every other scamm company, they got what they asked for - http://nopaste.org/p/aMd0zMK8gb/txt

 

[mourya]

Thanks for sharing..

 

[Danny.M]

this related with http://underhost.us/forums/archives...site-external-backup-servers-compromised.html

??

 

[thizzladen]

Offshore hosting is like buying drugs, you can't buy crack from a crackhead.

 

[SuicidalMedia]

m3th , BlackBay ?

 

[Mareshal]

this related with http://underhost.us/forums/archives...site-external-backup-servers-compromised.html

??

Is not related to that. I just studied the SSH text and found this:

Last login: Tue Sep 1 22:42:35 2009


So is almost now.

 

[Danny.M]

that thread post on sep 3rd server hacked in sep 1st/second

the threads match up its all same servers in thread got hacked in here..

 

[Phozon]

FUCK THIS IS REAL :o I FOUND THERE ADMIN PASS !

 

[teamhonor]

LOL! wow... i heard they sucked, but i didnt know they failed completely....
that is why i just stick with good ol my365host.com

 

[xmsax]

Moderator, if you we're able to provide the OP IP to abuse@underhost.ca, it will be helpfull.

You customers affected already got email about this and there nothing new those breach has been now fixed and affected servers are also secured to prevent the phpshell which have caused this issue, 4 servers affected on 15 on shared hosting, again no VPS customers or dedicated servers other than shared was affected.

We are not scam and there no insecure servers, 0days can affect anyone, same day we got those servers compromised "Enotch Solutions'' and ''JetNetHost'' got also the same problem with compromised servers due to this kernel hack.

It's fully possible our forum get backdoor'ed before the events and the site was restored with the backdoored vbulletin script, our main site are isolated on one machine without any data from our client or any client on it, to ensure stability we use another servers only for our support/billing system there nothing to worry about that and we will simply upgrade our vbulletin to the lastest build. (forums has been disabled until, newest vbulletin build has been installed)

Since the hacker come from here, we we're not monitor this forums anymore you can bash us like you want and do self promotion for your hosting compagny.

We are on hosting industry to stay and jealous people will always exists

 

[Phozon]

yes the page has gone hope you don't get any more trouble

 

[xmsax]

yes the page has gone hope you don't get any more trouble

Just hope to be able to get the OP IP without legal court documents via wjunction, his parent will be a bit worried with a lawsuit.

Logs on last login on those compromised box, we're already investigating and we we're able to find IP with the Santrex founder help and paypal to be able to locate this person (who used a sentrex box to hack our servers) hacker will be also in trouble in a couple of week.


Have a nice day, again moderator please sent OP IP to abuse@underhost.ca if you are able, talk with staff they will surely give you the authorization to do it.

 

[3ROk3N]

Ya mods should help em out giving the IP. Cause we should find out those skiddies as soon as possible.

 

[m3th]

xmsax, let me ask you. Can you read and understand what I'm saying? Kindly look at my post. Where did you see I rooted your servers? I'm just letting everyone know what I found in the web and what is happening and you are a big scammer who can't secure the servers nor speak clean english. Where are you from? You claim to be from Canada so you probably know warez(linking) would be illegal in Canada. Are you prepared to handle a civil suit? I can virtually guarantee you, the court, in the end, will shut your company down.

 

[Loget]

I don't think the OP was the one rooted you and you won't be getting his IP as far as I've seen hes done nothing wrong and he doesn't deserve your pissed off ass trying to get him in trouble in real life. If you can get proof hes the one who hacked you then you might be able to get his IP from an admin.

 

[iKnow]

@xmsax
Stop giving him problems at real life. It's the internet, learn to secure your shit.

 

[Kruno]

Honestly, you are running a hosting company and it's your responsibility to secure the server and ensure the data of customers is safe. What went wrong?

 

[M]

Hey,

We're not allowed to provide users IPs to anyone, even if they've hacked you. You'll have to speak to the ''higher ups'' (i.e the admins). I hope everything goes well.

Thank you.