⚡️ Virtualizor Support System Breach: Technical Details Virtualizor has released the technical details regarding the recent wave of attacks on Cloudcone, HostSlick, and others. The breach was not a direct software exploit, but a session hijacking attack on their support ticket system. Attackers gained access to approximately 1,500 tickets where providers had carelessly sent plain-text root credentials via email instead of using secure forms. The compromised providers were vulnerable because they failed to rotate these passwords after support cases were resolved - some credentials were over a year old - and did not have IP whitelisting enabled for their Admin Panels or SSH. Virtualizor is urging all admins to immediately rotate any root passwords previously shared in tickets and to restrict Admin Panel access to trusted IPs only. Source: Hosteroid on LET

Virtualizor 公布了近期 Cloudcone、HostSlick 等公司遭受攻击的技术细节。此次攻击并非直接利用软件漏洞，而是针对其支持工单系统的会话劫持攻击。 攻击者获取了约 1500 个工单的访问权限，这些工单的提供商此前曾不慎通过电子邮件发送了明文 root 凭据，而未使用安全表单。 这些受影响的提供商之所以容易受到攻击，是因为他们未能在支持案例解决后轮换这些密码（部分凭据已超过一年），并且未在其管理面板或 SSH 中启用 IP 白名单。 Virtualizor 敦促所有管理员立即轮换之前在工单中共享的任何 root 密码，并将管理面板的访问权限限制在受信任的 IP 地址范围内。 https://t.me/lowendweb/5416