13:09 Social Engineering vs mchost ru | |
Recently been cracked one of the sites have hosting your mchost. Hacking has been carried out due to the negligence Support hosting do not pay enough attention to safety. Breaking into nothing supernatural: 1. According to whois learned email and hosting. 2. Create a similar e-mail and written in tehsapport request to add it as an additional control. 3. At the request tehsapporta about the letter from the 1 st control sent the message from the sender address spoofing. 4. Tehsapport by responding to an incorrect 1-meter control box have a real domain of the control box. 5. Sent a letter to the substitute address of the sender's actual control and tehsapport has a new email to the list control. 6. Received on a new reference data on access to the site. Theoretically it is possible to compromise any site for hosting your mchost? At present staff Habre mchost, I would like to hear their comments. Videos hacking: avi | 1280 x 800 | 47.6 MB videos on youtube PS I have no relationship to either attackers or to the affected site, I'm interested in security issues. UPD from a specialist technical support McHost.Ru Michael Ozorovich: All the complexity of the situation was that the real client did not specify the actual registration data account, and it was very hard to see that the request is phony, if they were, then psevdoklienta would be asked to specify them or send a scan of the passport. The situation was resolved quickly by us and we can guarantee that this can not be repeated anymore. In this situation the client's site was not hacked, as the author wrote this article, both the client and puts us on their projects. What are the results and advice? Always indicate your real data in the registration information of accounts, then never have such problems. I want to emphasize that this situation is not usually a rare exception, it happens in almost all hosting companies. Company McHost recently introduced stringent rules regarding registration data accounts, just that would not be repeated this kind of situation and to minimize the possibility of theft of your account. | |
|
Total comments: 0 | |