When youve found a security hole with 'Europes Best' hosting company, how do you tell them?

DannyBoy · May 18, 2003

I mean can I make money from this? :evil:

I dont really know what to say, whilst in process of making a code for my business I now have root access to one of their servers

How do i tell them :Q

everman · May 18, 2003

oh the many ways you can tell them... :evil:

iamme · May 18, 2003

maybe you can blackmail your way into a new job.

j/k

DannyBoy · May 18, 2003

I was considering changing my quota to 2gb's or something :evil:

nah I wouldnt do that. Im serious though I feel a bit sorry for them because they pride themselves in security.

I dont know linux debian very well anyway. Whats the equiv dir to windows?

Oh and anyone know the equiv dir to program files? Or at least the dir where apache would be installed?!

ElFenix · May 18, 2003

maybe they'll send cops to your house and lock you up

Double Trouble · May 18, 2003

I wouldn't go messing around too much in their systems, 'cause not only will it not get you any cash or a job with them, it might end up costing you cash and other problems. I would simply send them an email to notify them (politely) that you have found what appears to be a serious breach in security in their systems, and that if they would like, you would be willing to provide them with the details....

DannyBoy · May 18, 2003

Originally posted by: tagej
I wouldn't go messing around too much in their systems, 'cause not only will it not get you any cash or a job with them, it might end up costing you cash and other problems. I would simply send them an email to notify them (politely) that you have found what appears to be a serious breach in security in their systems, and that if they would like, you would be willing to provide them with the details....

Nah im not like that, im a white hat typa person (Im NOT a hacker its just an expression, this was an accident)

Im trying to find their contact numbers to see if they have any 24/7 numbers i can call, its 2:54am here you see.

The company is oneandone, dunno if anyones heard of them in the USA.

everman · May 18, 2003

I'd just call or send an email, but don't mess around with any config files. Or you could just have unlimited bandwith and storage space

DannyBoy · May 18, 2003

How does this sound:

Dear Sir/Madame,
Upon working on a script I have managed to obtain root access to the linux debain server my package is hosted on.

I breif inspection shows access to all htdocs directorys on the server, and root access to the Linux based platform.

As this is a serious security threat, I would appreciate a rapid response either by e-mail or by telephone - 07729464833, for more detailed information and a way to prevent future access like this.

Regards,
Daniel Jeffrey

Should i send that?

fatbaby · May 18, 2003

put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

GroundZero · May 18, 2003

hereis their hotline number:
08708 503 305

and other info:
1&1 Internet Limited
Pegasus Court
25-26 Herschel Street
Slough
SL1 1PA

Telephone: 08708 503 305
Fax: 01753 490444

tweakmm · May 18, 2003

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

hahahaha

Transition · May 18, 2003

Originally posted by: DannyBoy
How does this sound:

stupid f00ls,

i just 0wnzered y0urs s3rv3rs!
P4yP4L me 0ne mi||ion doll4r$, N0W!

sup n0w biatches,
Daniel Jeffrey

Click to expand...

Should i send that?

Yes, i think you should.

DannyBoy · May 18, 2003

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

PMSL!

Groundzero thanks i make regular trips to their website i know that number and address

I was looking for a 24 hour number

Jhill · May 18, 2003

Just dont download any garbage files or you might find a conspiracy.

Wallydraigle · May 18, 2003

I wouldn't tell them at all. If you feel that you have to tell them do so in a way that you are sure is totally anonymous. I've heard too many stories of people bringing things like this to someone's attention, the company needs someone to blame, blames it on you, and then you're a cyber terrorist. Not me, let them figure it out on their own.

DannyBoy · May 18, 2003

Originally posted by: Transition

Originally posted by: DannyBoy
How does this sound:

stupid f00ls,

i just 0wnzered y0urs s3rv3rs!
P4yP4L me 0ne mi||ion doll4r$, N0W!

sup n0w biatches,
Daniel Jeffrey

Click to expand...

Should i send that?

Click to expand...

Yes, i think you should.

Thanks for teh cute tip but they host my company website and i dont think they will be too happy with me if i send that

KeyserSoze · May 18, 2003

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

hahahaha, Nice.

KeyserSoze

DannyBoy · May 18, 2003

Originally posted by: lirion
I wouldn't tell them at all. If you feel that you have to tell them do so in a way that you are sure is totally anonymous. I've heard too many stories of people bringing things like this to someone's attention, the company needs someone to blame, blames it on you, and then you're a cyber terrorist. Not me, let them figure it out on their own.

Im a completely anti-hack person.

My friend works in their head office in slough so i dont think i would get the blame.

Although perhaps he might decide to screw me over get a bonus and get me in trouble?

:|

DannyBoy · May 18, 2003

Originally posted by: KeyserSoze

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

Click to expand...

hahahaha, Nice.

KeyserSoze

KeyserSoze you listen to Digitally Imported too

Nice

I have it on right now....as always

GroundZero · May 18, 2003

Groundzero thanks i make regular trips to their website i know that number and address

I was looking for a 24 hour number

[/quote]

haven't been able to find a 24/7 numberr sorry...
got a couple friends that use them, they got the number and addy for me.
will check back with them and see if the have any other numbers

May 18, 2003

Send an email that says.. "d00d3r I h4x043d youz!!!!!!!!!!!!!!!!!!!!111111111"

KeyserSoze · May 18, 2003

Originally posted by: DannyBoy

Originally posted by: KeyserSoze

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

Click to expand...

hahahaha, Nice.

KeyserSoze

Click to expand...

KeyserSoze you listen to Digitally Imported too

Nice

I have it on right now....as always

I love this station. I listen to it 90% of the time I'm at my home computer. Exposes me to a LOT of new music.

KeyserSoze

DannyBoy · May 18, 2003

Originally posted by: KeyserSoze

Originally posted by: DannyBoy

Originally posted by: KeyserSoze

Originally posted by: fatbaby
put on some gloves and cut and paste letters from magazines (like in those movies with ransom notes) and write "i r h4x0r1ng j00. g1mm3 313v3nty b1ll10n d011ar$ or j00r a$$ i$ m1n3"

edit: and can you post the hole here? i'm in need of a free webhost with unlimited space and bandwidth

Click to expand...

hahahaha, Nice.

KeyserSoze

Click to expand...

KeyserSoze you listen to Digitally Imported too

Nice

I have it on right now....as always

Click to expand...

I love this station. I listen to it 90% of the time I'm at my home computer. Exposes me to a LOT of new music.

KeyserSoze

Yeah i know what you mean, my cable modem recieves 1gb a day purely from DI

Groundzero: Thx for tryin

Sammyson: I did NOT hack them, it was purely a fluke in a script I created

kag · May 18, 2003

Are you sure you have read/write access?

Sometimes they just give you read access so you can check php.log or something for debugging your script. Or sometime they just give you permissions to list the dirs but they dont give file access.

Since your don't even know what is the "equivalent" (I don't like that word) of Program Files and Windows directory.. you probably don't have a great deal of knowledge about Linux, so it's probably not a security breech.

When youve found a security hole with 'Europes Best' hosting company, how do you tell them?

Diamond Member

Lifer

Lifer

Diamond Member

Elite Member

Elite Member

Diamond Member

Lifer

Diamond Member

Banned

Diamond Member

Lifer

Banned

Diamond Member

Diamond Member

Banned

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Golden Member