Security Incidents mailing list archives
Re: *MAJOR SECURITY BREACH AT CCBILL**
From: Dayne Jordan <djordan () completeweb net>
Date: Thu, 20 Dec 2001 17:26:12 -0500
CCBILL just sent this email to all their customers...essentially backing up everything we informed them of. It appears that CCBILL is in agreement with our initial findings. I will still argue the actual numbers of accounts that have been compromised. But this is a step in the right direction. D. Jordan CompleteWeb.Net ======================= ------------------------------------------- On 12/20/01 at 1:59 PM support () ccbill com <support () ccbill com> wrote:
CCBill has had an incident that compromised a minimal percentage of our customer's
hosting server user names and passwords. While we are investigating the circumstances, as an added precaution, we feel it is important that all of our customers consider the following:
In order for your account to have been potentially affected, your setup must meet the
following criteria:
1. Unix/Linux box. 2. Submitted ftp/telnet/ssh information about your current server to CCBill. At this time we are asking all of our CCBill clients to take the following steps: 1. Please change your server password(s) or have your host do so. 2. Please have your host scan your server(s) for an installation of 'eggdrop' and to
see if port 9872 is open.
3. If the instance does occur and your host is unfamiliar with how to disable the
installation, please have them contact eggdrop () ccbill com with the Subject line - Eggdrop removal - and someone in our support department will contact them immediately.
We want you to know that: 1. We have corrected the source of the problem. 2. We are working diligently to discover who was behind this. 3. No other systems at CCBill were affected and only hosting passwords need to be
changed.
Any other questions may be addressed to your sales person at CCBill. Ron Cadwell, CEO
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: *MAJOR SECURITY BREACH AT CCBILL**, (continued)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Robert van der Meulen (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Rick Darsey (Dec 19)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Damir Rajnovic (Dec 21)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Matthew S. Hallacy (Dec 24)
- RE: *MAJOR SECURITY BREACH AT CCBILL** NESTING, DAVID M (SBCSI) (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** robh (Dec 20)
- RE: *MAJOR SECURITY BREACH AT CCBILL** jlewis (Dec 20)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 21)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Sparro, Dave (Dec 21)