Social engineering vs mchost.ru
Recently one of the sites hosted by mchost was hacked. Hacking was carried out due to the negligence of technical support of the hosting, which does not pay due attention to security.
There is nothing supernatural in hacking:
1. By whois they found out mail and a hoster.
2. We created a similar mailbox and wrote to Techsupport a request to add it as an additional control.
3. At the request of the technical support for the letter from the 1st control, a letter was sent with the substitution of the sender's address.
4. Techsapport, responding about the wrong 1st control box, indicated the domain of the real control box.
5. We sent a letter with the substitution of the sender's address for the real control and technical support entered a new email in the list of control.
6. Received a new control data for access to the site.
Theoretically, can any site hosted on mchost be compromised?
At Habr there are mchost employees, I would like to hear their comments.
Hacking video:
avi | 1280 x 800 | 47.6 MB
video on youtube
PS I have nothing to do with hackers or the affected site, I'm interested in security issues.
UPD from McHost.Ru technical support specialist
Mikhail Ozorovich:
The whole complexity of the situation was that the real client account information was not indicated by the real client and it was very difficult to see that the request was fake, if they were, then the pseudo-client would be asked to indicate them or send a scan of your passport.
This situation was resolved promptly by us and we can guarantee that this can not happen again.
In this situation, the client’s site was not hacked, as the author of this article wrote and the client continues to place his projects with us.
What are the results and tips? Always indicate your real data in the registration information of the accounts, then such problems will never occur. I want to emphasize that this situation is not the rule, but a rare exception, this happens with almost all hosting companies.
McHost recently introduced stringent rules regarding the change of account registration data, just to avoid repeating this kind of situation and minimize the possibility of account theft.
There is nothing supernatural in hacking:
1. By whois they found out mail and a hoster.
2. We created a similar mailbox and wrote to Techsupport a request to add it as an additional control.
3. At the request of the technical support for the letter from the 1st control, a letter was sent with the substitution of the sender's address.
4. Techsapport, responding about the wrong 1st control box, indicated the domain of the real control box.
5. We sent a letter with the substitution of the sender's address for the real control and technical support entered a new email in the list of control.
6. Received a new control data for access to the site.
Theoretically, can any site hosted on mchost be compromised?
At Habr there are mchost employees, I would like to hear their comments.
Hacking video:
avi | 1280 x 800 | 47.6 MB
video on youtube
PS I have nothing to do with hackers or the affected site, I'm interested in security issues.
UPD from McHost.Ru technical support specialist
Mikhail Ozorovich:
The whole complexity of the situation was that the real client account information was not indicated by the real client and it was very difficult to see that the request was fake, if they were, then the pseudo-client would be asked to indicate them or send a scan of your passport.
This situation was resolved promptly by us and we can guarantee that this can not happen again.
In this situation, the client’s site was not hacked, as the author of this article wrote and the client continues to place his projects with us.
What are the results and tips? Always indicate your real data in the registration information of the accounts, then such problems will never occur. I want to emphasize that this situation is not the rule, but a rare exception, this happens with almost all hosting companies.
McHost recently introduced stringent rules regarding the change of account registration data, just to avoid repeating this kind of situation and minimize the possibility of account theft.