Alert! Notice To Hosting Members! Urgent!

[Saint_Michael 3]

I have another problem. When I try to create an email address, it tells me that I have exhausted my maximum limit for email addresses whereas I haven't created any and the cpanel shows 0/unlimited!!!!

Don't know whether this problem was persistent before the hack so I'm not saying this topic has anything to do with it. But please help me out.

That might be account related as each hosting account should have only 99 and not unlimited, you will have to send in a support ticket, however, the end results might be the same and that is you would have to terminate your hosting and re-register for a new one. I could be wrong about that though, but either way just send in a support ticket about your email account being set to unlimited.

[angad619 0]

Is unlimited something like -1??Heres a screenshot of my cpanel

[BuffaloHelp 24]

You know what's surprising even after this ordeal?1) some hosting members are still not aware of this situation and have not request any help on their hosting accounts. I cannot perform the proper course of action unless I have hosting members' permission or request. My hands are tied until then.2) even after resetting their cpanel password, their contact email addresses are still not of their own--which makes my effort of resetting and regaining control of hijacked accounts meaningless--hackers can request your current password since your cpanel contact email address is set to hackers! This is ridiculous.I need every hosting members to double check your cpanel to see every information relating to your private information is all correct and updated.I do not mind administrating your hosting accounts due to Xisto's security issues but I do mind administrating for hosting member's disinterest and lack of urgency when it comes to checking and updating a simple thing as cpanel contact email address.

[delivi 0]

I've double checked my cPanel and all my settings are secure.I've updated the email and has set a very difficult password. So rest assured.I regulary monitor the last login IP so that I can make sure that one one else has accessed my cPanel.Thanks a lot BH for the concern.

[Soby 0]

Like I put up a thread in the suggestion area, people should use complex password rather than easily crackable passwords. Even though special case characters are not allowed, there are way to set up passwords that are not easily crackable until someone has access to your brain lol.my thought would be to use an alph-numerice with uppercase and lower case character. Thats equal to a middle case security, max security obviously to include special case characters.

[hitmanblood 0]

Probably even my password was affected. But I managed to pool up some credits and got my password changed.Let me bring to your notice that while doing so, after I had put my forum username and pass, the page said something to the tune of:
Account verified.....
Changing Password.....
Do not reload.....
could not change password...
But then my password did change to the new one.
When I then logged into my cpanel my disc space usage was 20/20MB. I haven't uploaded anything in the past few weeks. How did the disc usage increase now??

I am now trying to pile up more credits to request for a hosting upgrade

Hmm I was experiencing similar problem that is exactly the same problem as I have forgot my password, and then tried to reset it, however now it is OK. However I though and assumes that this is in fact some sort of glitch in the Xisto script and so on.

I assume that this might have affected all those members who use Xisto to host their real files and web sites will have most problems. Eventhough everz member probably cares a lot about their security.

And thanks for info about this problem.

Also I would like to know whether it is possible that this guy is trying to hack into all system or he is targeting particular users. That is if webmasters and admins of Xisto are aware of intentions of this hacker and can he be traced.

[leoncreations 0]

Thanks for the warning and advice. I think I have to be extra careful of my hosting account and password from now on. One more thing is I hope the admin side can allow those affected to change their passwords right away without the need for hosting credits so that they can solve their problem asap.

[BuffaloHelp 24]

Yes. Members who are affected by brute force FTP hacking can contact me ASAP so that I can regain their accounts.I still see 8 accounts with yahoo.com.vn as their cpanel contact email address. This is the very hacker's email address that caused all this. Please check the contact email address in your cpanel if you already have not done so.

[Galahad 0]

Jeez! Didn't even notice this topic until today... I was lucky though, that my account was not affected by this, probably due to a fact that I don't use dictionary words, and like to make my p4S5w0rDs a bit complicated

 

It appears to me, that the hacker wanted to use someones bandwidth, or something, to host those files found in that directory... I got curious (as I always do), and checked a whois on that domain... Here's what I got:

 

Visit AboutUs.org for more information about 9xyenbai.com

<a href="http://www.aboutus.com/9xyenbai.com: 9xyenbai.com</a>

 

Registration Service Provided By: Google, Inc.

Contact: apps-support@google.com

Visit: https://www.google.com/enterprise/apps/business/

 

Domain name: 9xyenbai.com

 

Registrant Contact:

 

Ban Me Corp (banmecorp@gmail.com)

+1.3215488754

Fax:

21 wall

alaska, as 32515

US

 

Administrative Contact:

 

Ban Me Corp (banmecorp@gmail.com)

+1.3215488754

Fax:

21 wall

alaska, as 32515

US

 

Technical Contact:

 

Ban Me Corp (banmecorp@gmail.com)

+1.3215488754

Fax:

21 wall

alaska, as 32515

US

 

Status: Locked

 

Name Servers:

ns1.10sec.com

ns2.10sec.com

 

Creation date: 23 Jul 2007 02:06:39

Expiration date: 23 Jul 2008 02:06:39

And, copied from AboutUs, containing this sites' description:

 

Entertainment, Free Music Online, VietNam, thatlong,9xYenBai.Com,thatlong

I suppose this guy (or girl, or many of them ) are trying to perform large scale bandwidth theft from Xisto members, obviousely succeeding in that for a short period... Lucky for us we have such vigorous admins that keep an eye for us...

 

I would also join the appeal to disclose perpetrators IP's, in order to include them in my scripts, and effectively ban them from my websites, to prevent any future hassle with them...

 

Also, because of this, my password just doubled in length, so now, crackers would have about 12,401,769,434,657,526,912,139,264 combinations to go trough... So I guess, in about 39,325,752,900.35 years, they could reach the solution yay me...

 

Check these pages for some info on passwords... Calculate your password strength, and Calculate time needed to crack you password

[Sprnknwn 0]

Oh, I'm in the same situation. I've just noticed this. Fo tunately I haven't had any problem yet but I'm going to change my password right now just in case...

[hitmanblood 0]

Also maybe good thing would be to place all the accounts that weere affected on certain list so people can check it out.Well, I certainly would like to see whether I am on the list or not.

[angad619 0]

Ban Me CorpThe guy doesn't want to disclose his identity! But what's the use of having a domain name like 9xYenBai.Com??Whoever can remember a name like that??Even though he hacked my account, I can't remember his URL!!But he was considerate not to delete my stuff. He just put his illicit MP3s in the ramaining space available in my account. Did he expect he won't get caught??