Zamfoo users, Your Server’s ROOT Password is not SAFE!

hi,

i can assure that we have not hacked any servers. in fact zamfoo.com is hosted with hostgator.

there are many reasons why someone would know your password. i am not the person who hacked your machine. this was not even an issue until 3.3 which .......you have said.......... you stopped using our software.

all previous versions for all architectures are publically available at http://www.zamfoo.com/downloads for public download, installation and inspection to prove that your problems were not caused by anything that we have done by intention or mistake in version 3.3 and prove that this problem did not exist prior to 3.3.

can someone please investigate my claims about this if necessary to prove this to him/report back?

if you would like i will ask hostgator to investigate our software and server, copy them and you on an email and provide a direct hostgator link to the full thread outline on their investigation of our server code and software if necessary. say the word and it is done. you can monitor the date of the files at the link above to show that i have not modified anything being investigated.

if i might add to this thread that you have a level of animosity towards me because of a previous post about whmreseller so i take, of course in the worst of times, what you say with the absolutely largest grain of salt. however..... i am willing to walk a hundred miles to prove every one of my claims. say the word and i will do so. until then....let the thread die.....so said the psalm.

kevin

 

i apologize. i confused you with coolstuff0000. my previous offers of proof to you that i did not wreck your machines still stands.

kevin

 

i apologize. i confused you with coolstuff0000. my previous offers of proof to you that i did not wreck your machines still stands.

kevin

 

But I do not see any reason root password is needed to be sent to email even during testing

 

hi,

i clearly mentioned it was outputed with all of the rest of the environment variables. i didn't sit there and write code to select that single variable.

kevin

 

I think we can put this down to an honest mistake, we have never used any master reseller script due to various reasons but at least in this incident, the software developer has publically apologised and has resolved the issue.

In todays world, that goes a long way.

 

Kevin is the nice and helpful man, Yes, It may be my mistaken and may not an attempt to hack.
If the software developer has publicly apologized and has resolved the issue then we need to give him a chance.
You can use the following method to block further email sent to zamfoo,

First off we need to create a special log file for these filters do this:

touch /var/log/filter.log
chmod 0644 /var/log/filter.log

Now open up the configuration file

nano /etc/cpanel_exim_system_filter

add this to your existing file, save the changes and they take effect instantly.

## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if      (
         $received_protocol is "local"          or
         $received_protocol is "esmtpa"
        ) and (
         $header_from contains "@zamfoo.com"
)
  then
     logwrite "$tod_log $message_id from $sender_address is fraud"
     seen finish
  endif

Code (markup):

This will block all email sent to @zamfoo.com
you can check log file by type at root ssh
tail /var/log/filter.log

 

I recommend all zamfoo users to create a domain zamfoo.com then create an email from cPanel "support@zamfoo.com" Maybe you will safe. Any email for updating purpose should be stay in your own server. But it was terrible thing we are not secure with any Master Reseller software :s. Both Zamfoo and Deasoft having same things i.e. collecting root passes.

 

I am not saying that you hacked my server.
But was my root pass sent back to you ? it must have been.

I changed my root pass at least every other day, I never changed it after a zamfoo update..

The first time i was hacked was after a zamfoo update and my clients will back me up on that, As at the time i thaught the update had gone wrong as that was the only change made to the server that day.
The hole home dir was wiped and backups wiped and login logs removed..

Second time was same
Third time was same

Now if my password was sent back to you who would see the password?
Why would they see the password?
Why did you get my password?

This was a major security issue what you did with this piece of code..
I had to close my server due to the 3 hacks as i lost to many clients to maintain it..

 

If you wanted the password for any test, you could have requested for it. But you took by cheating. We have lost trust in you. So, I have unsubscribed your plugin.

 

He already clearly stated about it. Don't you read most of hist post? I don't mean to defends him by any chance, but please do understand the cons.
Kevin is very helpful and I don't think he have the guts to hack any server that use Zamfoo.

 

Please read guys!

Kevin has always been very helpful with all kind of issues and constatly developing his software. Not many knows that cPanel acts this way. And to the facts we have seen, it is impossible that coldgangsta could have been hacked by Zamfoo. Please read the thread in full before complaining on Kevin.

With all Respect!

 

I have read the thread in full, i have not said that zamfoo hacked my server and i dont think they did.

But the emails back to zamfoo could have been intercepted by anyone.
And i am not complaining to late for that for me.
I am just adding what happened to me.

 

Its like this if i come to your house and look inside your wallet...what do i need From it???????????? Maybe your baNK info ,etc

But best of all you dident invite me in...i stole a FRIGIN key

 

I am agree with you.

 

Having read this thread from start to finish I must agree with coldgangsta. I was indirectly affected by this and lost a lot of money through it. Regardless of whether it was a design feature or flaw, it should have been picked up on very quickly. I believe confidence has now been lost in this plugin. And unfortunately, once people lose confidence it's really hard to make it work.