"DirectAdmin Client Message" Email - Scam/Real?
- Thread starter pluk
- Start date
- Joined
- Feb 27, 2003
- Messages
- 561
rmwebs: The client account passwords are one-way encoded with industry-standard encryption methods. However, we'll probably force new password generation to be 100% safe.
Everyone else: Thanks for being so understanding. I must emphasize that DA installations, updates, your clients' servers, etc. are unaffected by all of this. This is a huge pain for you but it will not trickle down to the functionality of your customer's servers.
Mark
Everyone else: Thanks for being so understanding. I must emphasize that DA installations, updates, your clients' servers, etc. are unaffected by all of this. This is a huge pain for you but it will not trickle down to the functionality of your customer's servers.
Mark
I have to say I am positively surprised about the information given by DirectAdmin. Good to see they respond honest en quickly to this.
I hope they get it sorted out asap and, of course, that this will not happen again and/or affect the customers in any way.
Time to go to bed now for me ;-)
I hope they get it sorted out asap and, of course, that this will not happen again and/or affect the customers in any way.
Time to go to bed now for me ;-)
Phenix
Verified User
@Mark
And what about our current software on the servers? - If it has been compromised on your server ........ unless you have a worse compilations of code and configurations than the ones that come with DirectAdmin panel?
And what about our current software on the servers? - If it has been compromised on your server ........ unless you have a worse compilations of code and configurations than the ones that come with DirectAdmin panel?
more details?
I understand you're talking about hashing
can you tell which algorithm and, specially, if salts were used?
Wouter
Verified User
It is possible (and my feeling says it's likely ;-)) the data isn't compromised because of security bugs in software, but (for example) only a bug in the DirectAdmin client section. Let's wait for more information about this and give Mark and John some time to figure it out. All time they spend with reply's on the forum, they can't use to investigate and fix.
Last edited:
do you understand what your asking here? they just dont know that anwer!
there are several ways to hack into a server, give them some time.
imagin you working in a large office building (60+ levels) and on the floor of the building manager there is no power anymore, there could be several problems
- the powerlines are faulty (hardware)
- the switchboard has a software failure (software)
- somebody switched off power supply (user)
we just dont know that answer yet unless somebody investigates why the power is off *thats what they are doing right now*.... do you automaticly assume that the software of the switchboard or could there be something else wrong?
please wait and let the tech guys find it out!
you don't understand what I'm asking, do you?
I wanna know which information hackers got about ME
they already said it wasn't the plaintext password
that's good
but was it a non-salted MD5?
that's almost as bad as plaintext password
was is salted SHA-256? that's pretty safe IMO
if they don't want to answer this question, I guess a good assumption is that it was non-salted... otherwise there's really no reason to NOT be willing to give this information (specially because who already got this data knows what it is)
Phenix
Verified User
I understand everything, but do understand that my clients using DirectAdmin?
- I prefer to ask and get the answer as regards the application of preventive measures than to rebuild the software on all servers and the lack of response.
i fully do
you want to know if somebody might be able to see your directadmin account password by reversing the encryption method.this is a non-issue at this moment in time, i'm sure DA are using correct hashing methods (salts, sha etc). Biggest question right now is, how did they hack into the DA server and can this method be repeated to other DA servers
LawsHosting
Verified User
Mark has said the code/binaries/etc aren't affected.
Although, I would like to understand any significance of hacking the server.
Although, I would like to understand any significance of hacking the server.
I'm not
I'm not unsure also
just asking... and it's a simple question, to which they already know the answer
you made it sound like I'm asking the password for their alarm system
Phenix
Verified User
i fully do
this is a non-issue at this moment in time, i'm sure DA are using correct hashing methods (salts, sha etc). Biggest question right now is, how did they hack into the DA server and can this method be repeated to other DA servers
Exactly what I mean ..... apparently did not understand because of my: bad English.
nealdxmhost
Verified User
I got one of those too as well.
How I wish there was a law sometimes where if we catch the parties pulling this crap we could shoot them on site.
Code:
Delivered-To: [email protected]
Received: by 10.229.222.20 with SMTP id ie20cs142998qcb; Wed, 25 May 2011
13:53:25 -0700 (PDT)
Received: by 10.231.140.81 with SMTP id h17mr46297ibu.47.1306356804621; Wed,
25 May 2011 13:53:24 -0700 (PDT)
Return-Path: <[email protected]>
Received: from jbmc-software.com (jbmc-software.com [216.194.67.119]) by
mx.google.com with ESMTPS id f2si164940ibe.34.2011.05.25.13.53.24
(version=TLSv1/SSLv3 cipher=OTHER); Wed, 25 May 2011 13:53:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected]
designates 216.194.67.119 as permitted sender) client-ip=216.194.67.119;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
[email protected] designates 216.194.67.119 as permitted sender)
[email protected]
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>) id 1QPL66-0006f8-Vy for
[email protected]; Wed, 25 May 2011 14:54:30 -0600
To: [email protected]
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 25 May 2011 14:54:30 -0600How I wish there was a law sometimes where if we catch the parties pulling this crap we could shoot them on site.
I would close this thread or make it private, Mark. It does no one (except the hacker and DA competition) no good to be public.
This is an issue that needs to concern Directadmin and their providers, only.
Just a sugestion and a request, before it really goes public.
This is an issue that needs to concern Directadmin and their providers, only.
Just a sugestion and a request, before it really goes public.
LawsHosting
Verified User
I doubt it was DA that got hacked, it could've been via PHP for all we know.