Social Engineering vs mchost.ru
Recently, one of the sites hosted by mchost was hacked. The hacking was carried out due to the negligence of hosting technical support, which does not pay due attention to security.
There is nothing supernatural about hacking:
1. By whois learned mail and hoster.
2. Created a similar mailbox and wrote to the technical support request to add it as an additional control.
3. At the request of technical support for a letter from the 1st control sent a letter with the substitution of the sender's address.
4. Tekhsapport, answering about the wrong 1st control box, indicated the domain of the real control box.
5. Sent a letter with the substitution of the address of the sender to the real control and technical support has added a new email to the list of control.
6. Received on the new control data on access to the site.
Theoretically, you can compromise any site hosted on mchost?
At Habré there are mchost employees, I would like to hear their comments.
')
Hacking video:
avi | 1280 x 800 | 47.6 MB
youtube video
PS I have nothing to do with hackers or the affected site, I am interested in security issues.
UPD from McHost.Ru technical support specialist
Michael Ozorovich:
The whole complexity of the situation was that the real client did not indicate the real account registration data and it was very difficult to see that the request was fake, if they were, the pseudo client would be asked to indicate them or send a passport scan.
This situation was resolved promptly by us and we can guarantee that this can not happen again.
In this situation, the client site was not hacked, as the author of this article wrote, and the client continues to post his projects with us.
What are the results and tips? Always specify your real data in the registration information of the accounts, then there will never be such problems. I want to emphasize that this situation is not the rule, but a rare exception, this happens in almost all hosting companies.
McHost recently introduced strict rules regarding the change of account registration data, just so that such situations do not recur and minimize the possibility of account theft.
There is nothing supernatural about hacking:
1. By whois learned mail and hoster.
2. Created a similar mailbox and wrote to the technical support request to add it as an additional control.
3. At the request of technical support for a letter from the 1st control sent a letter with the substitution of the sender's address.
4. Tekhsapport, answering about the wrong 1st control box, indicated the domain of the real control box.
5. Sent a letter with the substitution of the address of the sender to the real control and technical support has added a new email to the list of control.
6. Received on the new control data on access to the site.
Theoretically, you can compromise any site hosted on mchost?
At Habré there are mchost employees, I would like to hear their comments.
')
Hacking video:
avi | 1280 x 800 | 47.6 MB
youtube video
PS I have nothing to do with hackers or the affected site, I am interested in security issues.
UPD from McHost.Ru technical support specialist
Michael Ozorovich:
The whole complexity of the situation was that the real client did not indicate the real account registration data and it was very difficult to see that the request was fake, if they were, the pseudo client would be asked to indicate them or send a passport scan.
This situation was resolved promptly by us and we can guarantee that this can not happen again.
In this situation, the client site was not hacked, as the author of this article wrote, and the client continues to post his projects with us.
What are the results and tips? Always specify your real data in the registration information of the accounts, then there will never be such problems. I want to emphasize that this situation is not the rule, but a rare exception, this happens in almost all hosting companies.
McHost recently introduced strict rules regarding the change of account registration data, just so that such situations do not recur and minimize the possibility of account theft.
Source: https://habr.com/ru/post/60589/
All Articles