When youve found a security hole with 'Europes Best' hosting company, how do you tell them?

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
I mean can I make money from this? :evil:

I dont really know what to say, whilst in process of making a code for my business I now have root access to one of their servers :confused:

How do i tell them :Q:confused:
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
I was considering changing my quota to 2gb's or something :evil:

nah I wouldnt do that. Im serious though I feel a bit sorry for them because they pride themselves in security.

I dont know linux debian very well anyway. Whats the equiv dir to windows? :confused:

Oh and anyone know the equiv dir to program files? Or at least the dir where apache would be installed?!
 

ElFenix

Elite Member
Super Moderator
Mar 20, 2000
102,407
8,595
126
maybe they'll send cops to your house and lock you up
 

Double Trouble

Elite Member
Oct 9, 1999
9,270
103
106
I wouldn't go messing around too much in their systems, 'cause not only will it not get you any cash or a job with them, it might end up costing you cash and other problems. I would simply send them an email to notify them (politely) that you have found what appears to be a serious breach in security in their systems, and that if they would like, you would be willing to provide them with the details....
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: tagej
I wouldn't go messing around too much in their systems, 'cause not only will it not get you any cash or a job with them, it might end up costing you cash and other problems. I would simply send them an email to notify them (politely) that you have found what appears to be a serious breach in security in their systems, and that if they would like, you would be willing to provide them with the details....

Nah im not like that, im a white hat typa person (Im NOT a hacker its just an expression, this was an accident)

Im trying to find their contact numbers to see if they have any 24/7 numbers i can call, its 2:54am here you see.

The company is oneandone, dunno if anyones heard of them in the USA.
 

everman

Lifer
Nov 5, 2002
11,288
1
0
I'd just call or send an email, but don't mess around with any config files. Or you could just have unlimited bandwith and storage space ;)
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
How does this sound:
Dear Sir/Madame,
Upon working on a script I have managed to obtain root access to the linux debain server my package is hosted on.

I breif inspection shows access to all htdocs directorys on the server, and root access to the Linux based platform.

As this is a serious security threat, I would appreciate a rapid response either by e-mail or by telephone - 07729464833, for more detailed information and a way to prevent future access like this.

Regards,
Daniel Jeffrey

Should i send that?
 

fatbaby

Banned
May 7, 2001
6,427
1
0
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth
 

GroundZero

Diamond Member
Oct 17, 2002
3,669
1
0
hereis their hotline number:
08708 503 305

and other info:
1&1 Internet Limited
Pegasus Court
25-26 Herschel Street
Slough
SL1 1PA

Telephone: 08708 503 305
Fax: 01753 490444
 

tweakmm

Lifer
May 28, 2001
18,436
4
0
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"
hahahaha:D

 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

PMSL!

Groundzero thanks i make regular trips to their website i know that number and address ;)

I was looking for a 24 hour number :(
 

Wallydraigle

Banned
Nov 27, 2000
10,754
1
0
I wouldn't tell them at all. If you feel that you have to tell them do so in a way that you are sure is totally anonymous. I've heard too many stories of people bringing things like this to someone's attention, the company needs someone to blame, blames it on you, and then you're a cyber terrorist. Not me, let them figure it out on their own.
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: Transition
Originally posted by: DannyBoy
How does this sound:
stupid f00ls,

i just 0wnzered y0urs s3rv3rs!
P4yP4L me 0ne mi||ion doll4r$, N0W!

sup n0w biatches,
Daniel Jeffrey

Should i send that?

Yes, i think you should.

Thanks for teh cute tip but they host my company website and i dont think they will be too happy with me if i send that ;)
 

KeyserSoze

Diamond Member
Oct 11, 2000
6,048
1
81
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth


hahahaha, Nice.




KeyserSoze
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: lirion
I wouldn't tell them at all. If you feel that you have to tell them do so in a way that you are sure is totally anonymous. I've heard too many stories of people bringing things like this to someone's attention, the company needs someone to blame, blames it on you, and then you're a cyber terrorist. Not me, let them figure it out on their own.

Im a completely anti-hack person.

My friend works in their head office in slough so i dont think i would get the blame.

Although perhaps he might decide to screw me over get a bonus and get me in trouble? :( :|
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: KeyserSoze
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth


hahahaha, Nice.




KeyserSoze

KeyserSoze you listen to Digitally Imported too :cool:

Nice :cool:

I have it on right now....as always :cool:
 

GroundZero

Diamond Member
Oct 17, 2002
3,669
1
0
Groundzero thanks i make regular trips to their website i know that number and address ;)

I was looking for a 24 hour number :([/quote]

haven't been able to find a 24/7 numberr sorry...
got a couple friends that use them, they got the number and addy for me.
will check back with them and see if the have any other numbers

 

Send an email that says.. "d00d3r I h4x043d youz!!!!!!!!!!!!!!!!!!!!111111111"
 

KeyserSoze

Diamond Member
Oct 11, 2000
6,048
1
81
Originally posted by: DannyBoy
Originally posted by: KeyserSoze
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth


hahahaha, Nice.




KeyserSoze

KeyserSoze you listen to Digitally Imported too :cool:

Nice :cool:

I have it on right now....as always :cool:


I love this station. I listen to it 90% of the time I'm at my home computer. Exposes me to a LOT of new music.



KeyserSoze
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: KeyserSoze
Originally posted by: DannyBoy
Originally posted by: KeyserSoze
Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth


hahahaha, Nice.




KeyserSoze

KeyserSoze you listen to Digitally Imported too :cool:

Nice :cool:

I have it on right now....as always :cool:


I love this station. I listen to it 90% of the time I'm at my home computer. Exposes me to a LOT of new music.



KeyserSoze

Yeah i know what you mean, my cable modem recieves 1gb a day purely from DI :cool:

Groundzero: Thx for tryin :)

Sammyson: I did NOT hack them, it was purely a fluke in a script I created :)
 

kag

Golden Member
May 21, 2001
1,677
0
76
www.boloxe.com
Are you sure you have read/write access?

Sometimes they just give you read access so you can check php.log or something for debugging your script. Or sometime they just give you permissions to list the dirs but they dont give file access.

Since your don't even know what is the "equivalent" (I don't like that word) of Program Files and Windows directory.. you probably don't have a great deal of knowledge about Linux, so it's probably not a security breech.