Re: *MAJOR SECURITY BREACH AT CCBILL**

From: Dayne Jordan (djordanat_private)
Date: Thu Dec 20 2001 - 14:26:12 PST

Next message: Damir Rajnovic: "Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"

Previous message: Tony Langdon: "RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
Next in thread: Sparro, Dave: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CCBILL just sent this email to all their customers...essentially
backing up everything we informed them of.

It appears that CCBILL is in agreement with our initial findings.
I will still argue the actual numbers of accounts that have
been compromised. But this is a step in the right direction.

D. Jordan
CompleteWeb.Net
=======================


-------------------------------------------
On 12/20/01 at 1:59 PM supportat_private <supportat_private> wrote: 

>CCBill has had an incident that compromised a minimal percentage of our customer's
hosting server user names and passwords. While we are investigating the circumstances,
as an added precaution, we feel it is important that all of our customers consider the
following: 
> 
>In order for your account to have been potentially affected, your setup must meet the
following criteria: 
> 
>1. Unix/Linux box. 
>2. Submitted ftp/telnet/ssh information about your current server to CCBill. 
> 
> 
>At this time we are asking all of our CCBill clients to take the following steps: 
> 
>1. Please change your server password(s) or have your host do so. 
>2. Please have your host scan your server(s) for an installation of 'eggdrop' and to
see if port 9872 is open.   
>3. If the instance does occur and your host is unfamiliar with how to disable the
installation, please have them contact eggdropat_private with the Subject line -
Eggdrop removal - and someone in our support department will contact them immediately. 
> 
> 
> 
>We want you to know that: 
> 
>1. We have corrected the source of the problem. 
>2. We are working diligently to discover who was behind this. 
>3. No other systems at CCBill were affected and only hosting passwords need to be
changed. 
> 
>Any other questions may be addressed to your sales person at CCBill. 
> 
> 
> 
>Ron Cadwell, CEO 
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Damir Rajnovic: "Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL}"
Previous message: Tony Langdon: "RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
Next in thread: Sparro, Dave: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 21 2001 - 08:51:57 PST