Hack Akun Hosting Premium
Untuk kamu yang suka download di file hosting lambat karena memakai akun gratisan. Kali ini Jaka ingin berbagi solusinya. Ini dia Cara download premium gratis di semua file hosting.
I cover security and privacy for Forbes. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals.
I like to hear from hackers who are breaking things for either fun or profit and researchers who've uncovered nasty things on the web. You can email me at TBrewster@forbes.com, or tbthomasbrewster@gmail.com.
If you are worried about prying eyes, here's my PGP fingerprint for the Gmail address: 19A0 3F37 B3B7 4C1E C1D1 9AA4 5E37 654C 1660 B817. Type in “free web hosting” into Google and a variety of options are presented. Near the top is a Lithuanian company called 000Webhost. Its high Google ranking could well be the reason it is believed to have millions of users.
Unfortunately for them, all their usernames and passwords have been leaked, FORBES understands.Earlier this week, I was contacted by Troy Hunt, Microsoft MVP and owner of, a website that sucks in email addresses from significant breaches so users can quickly check whether their data was compromised. Hunt informed me he’d been contacted by an anonymous source who’d passed along a database allegedly belonging to 000Webhost, containing usernames and passwords ostensibly belonging to just more than 13.5 million users. They didn’t appear to have been leaked online before and the database looked legitimate, piquing Hunt’s interest.Hunt and I subsequently tested various emails in the database, attempting to sign up new accounts using the leaked addresses only to be told in auto-generated responses those emails were already in use by customers; a big clue indicating the database contained real user data.Hunt spoke with five 000Webhost users, who confirmed their passwords matched with those he’d been handed.
He also found his own email address in the database. It appeared someone had registered an account in Hunt’s name and could do so because 000Webhost didn’t do any validation using the email. He subsequently took control of the account by issuing a password reset.Convinced this looked like a real breach, I tried to contact and warn 000Webhost.
The company, however, has been almost impossible to engage in any dialogue about a possible breach. Over Monday, Tuesday and Wednesday, FORBES made numerous attempts to contact 000Webhost through its online form – the only obvious way to make contact.I then tried a Lithuanian, which is the owner of hosting24.com – the premium service offered on the 000Webhost homepage. I believe Cyprus-based Hostinger to be the parent company for both, though it’s not made obvious on its various web domains.A spokesperson yesterday refused to put me through to anyone who might help, recommending I submit more queries through the 000Webhost website. That was despite the warning that 13 million customers’ usernames and passwords may have leaked. Emails were also sent to abuse contact addresses provided by Hostinger and hosting24.com, going unanswered. I finally attempted to contact Hostinger chief Arnas Stuopelis on LinkedIn but had not received a response at the time of publication.Hunt also tried to contact the company over the weekend and throughout this week but to no avail; you can read about his travails on his. Though he received responses to one request, no one connected him with a contact to discuss the breach in a secure manner.
He passed along a number of the email addresses from the database to support the claim the leak was real, but that still didn’t convince the company to talk.Password reset and still no public warningThen on Tuesday, Hunt discovered user accounts had their passwords reset, but without any direct notice to customers. When Hunt tried to login with his own email address, an auto-generated response told him his password had been reset by 000Webhost “for security reasons”, advising him to change his credentials before continuing. There was no public notification. Attempts to login to 000Webhost led to warnings of password resets for unspecified security reasons.The same happened for other email addresses FORBES obtained from the leak, using made-up passwords that wouldn’t allow access to the actual account. One user raised the issue with 000Webhost directly on (another place your reporter tried to contact the company). That customer hadn’t responded to my requests for comment.But Lewis Kimber, a UK-based computing student based in York, said he’d been given the same warning on the two accounts he had with 000Webhost. Kimber, who is planning for a career in information security, described the breach as “extremely worrying” given none of the data was encrypted.“I am more angry than worried, simply because the data was in plaintext, no matter how secure your password is or how many combinations of symbols, numbers and capital letters you’ve used; it’ll be there for anybody to see as it wasn’t even encrypted,” Kimber said.Facebook and forum complaintsThere has been no public admission from 000Webhost.
But today, users started to complain on the site forum they could not access FTP servers used to host their website files.One user, who appeared to be a customer, not a website admin, wrote: “Due to security check on 000webhost platform and your own safety, FTP access to your account is disabled until 2015 November 10. Please use file manager to upload/edit your files or upgrade the account to premium using the upgrade section below and enjoy the feature rich premium services.”I managed to speak briefly with a Hostinger representative today, who gave his name as Alec (he declined to provide a surname as he did not want to disclose private data over the phone). He confirmed FTP access had been cut, but would not say why. Alec also confirmed he had seen my emails and said the firm “might” respond if they had any comment to provide. “We are not at the capacity to comment at the moment.”Shortly after that call 000Webhost started removing Facebook posts from your reporter and customers that referenced the security issues.
Fortunately, Hunt grabbed a screenshot. 000Webhost hasn’t taken down a post asking why it took down other posts.Meanwhile, as the forum post above indicated, 000Webhost continues to try to upsell to its “partner” services. Hunt highlighted an email he’d received today from 000Webhost advertising Hostinger as “the biggest free web hosting provider in United Kingdom”. Again, there was no warning of any possible security issue.The company has tried various tactics to get users to move over to other Hostinger services before. On its homepage it promotes hosting24.com as a premium $4.84 a month service. A number of users have also complained their websites carried for the parent company.
It would appear 000Webhost is the free-of-charge hook used to acquire customers, before they’re reeled in for, apparently, better and safer products.000Webhost’s security weaknessesIt’s unclear how or when any apparent breach took place. Hunt put me in touch with an anonymous contact who claimed to have knowledge of an attack on 000Webhost in March that used leaked credentials of a 000Webhost admin. FORBES could find no way to verify these claims. Hunt said he was also contacted by a separate source who’d indicated the database was for sale on unspecified forums for $2,000.Regardless of what happened to the hosting firm, a cursory look at the site shows it’s carrying a number of potentially exploitable security weaknesses. FORBES found the 000Webhost forum site ran off an old, vulnerable platform: vBulletin Version 3.8.2.
Hack Akun Hosting Premium Password
That version was released in 2009. The latest and likely most secure version is 5.1.9.Whilst the usernames and passwords are all stored in plain text, the signup page is not protected by web encryption either, meaning any hacker able to intercept communications between the user and the web server can quickly grab the login details entered by fresh registrants. And, when signing up for a 000Webhost account, the username and password are spelt out in plaintext in the address bar, meaning anyone with access to the website logs would have access to the credentials too.“Many things surprised me about this incident, not least of which was just how hard it was to get in touch with 000Webhost. As of now, I’ve still had no response about the breach report itself even though they’ve clearly acknowledged it by resetting everyone’s passwords,” said Hunt.“I never cease to be amazed at just how badly wrong an organisation can get security.
Hack Akun Hosting Premium 2016
It was only this week we learned of having been carried out by a 15-year-old using free tools, now we’re seeing how 000Webhost stored over 13 million passwords in plain text which is simply unforgivable.”000Webhost evidently went with the cheap and easy sell when it launched in 2007. It decided to forego security measures, promising better protections, including web encryption, for those who signed up to premium accounts on hosting24.com. But that decision could well have cost a vast number of users’ their private data.Anyone who believes they are affected can check if their 000Webhost logins were leaked by using Hunt’s site, which, depressingly, has collected records of 226,449,378 leaked accounts to date. If your name is in there, get changing those passwords and maybe think about using hosting services with better promises on security.UPDATE: 000Webhost has. “We have witnessed a database breach on our main server,” the firm wrote. “A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.“We removed all illegally uploaded pages as soon as we became aware of the breach.
Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress.“We apologize for this hassle but it has to be done to ensure your data is safe. We are going to upgrade our systems step by step and will be aiming to be super-careful in future.”It recommended users change their passwords. The company has still not responded to FORBES’ request for comment.UPDATE 2: Hostinger chief Stuopelis responded to my requests for comment on LinkedIn, saying that it would be calling in law enforcement to investigate.
He wrote: “At Hostinger and 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn’t manage to live up to that. In an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved.“Our users sites will stay online and will be fully functional during this investigation. We will fully cooperate with law enforcement authorities once our internal investigation has been completed. We advise our customers to change their passwords and use different passwords for other services.“We became aware of this issue on the 27th of October and since then our team started to troubleshoot and resolve this issue immediately. We are still working 24/7 in order to identify and eliminate all security flaws.
Additionally we are going to upgrade our systems in a close future. We hope we get back the service to our users soon.“Our other services such as Hosting24 and Hostinger are not affected by this security flaw.”Got a tip? Get me on Signal on +20 or use. Email at TBrewster@forbes.com or tbthomasbrewster@gmail.com for. RECOMMENDED BY FORBES.