Security breach via a mail forwarder
We have an discreet account for tech admins for our dedicated server customers, this way our dedicated customers have limited access, discreet logging, and important messages can be easily forwarded to our helpdesk.
Unfortunately, this e-mail account also had e-mail forwarded to the same ex-employee who took action in late November against us, his forwarded was the only one. This allowed the attacker to change login password for this tech account. Access was made 14:03 GMT from IP 123.243.98.195, and access again limited at 15:50 and all servers taken off from this tech account by 16:30 GMT.
Unfortunately during this time he had sufficient time to put several dozen dedicated servers to be reinstalled. Restoration has already begun for those dedicateds which has been reinstalled, but this process is going to take a little bit of time. So far it seems roughly 20 servers were reinstalled.
Restoration will be done as swiftly as possible, but if in case is a dedicated seedbox or windows server, those are very slow to reinstall.
Please contact support if you suspect your server was a victim of this attack, the process is first to do a hard reboot if there is no reinstallation ticket on file, and to verify the state.
All users affected will be compensated for the loss of service time.
Vineri, Februarie 17, 2012
