Can't log in OR reset password

[jabbaonthedais]

My friend called me saying he couldn't log into his JagPC account and wondered if I had any problems. My cPanel works, but I can't log into my account. I read the notice about the password-changes, so I reset my password, but the password I was e-mail did not work. Neither did it work for my friend. I am unable to log-in to make a support ticket since my password was changed. For some reason, my cPanel still logs in with my old password.

The 800 number goes straight to voicemail. Would it have been possible to send out an e-mail a week, day, hour, or even 5 minutes before this was done to inform people they would be locked out of their accounts, instead of just posting a notice on the forum after the fact in a section where users cannot reply?

[Vin DSL]

I'm not sure exactly what you're resetting, but...

Go to the 'Client Login' page (linked at the top of this page), click 'Lost Password?', then enter your PRIMARY mail addy.

A confirmation mail will be sent to you. When you receive this mail... click on the link...

Then, finally, another mail will be sent to you containing the new password. Login using the new password.

Is this what you're doing?

[jabbaonthedais]

I'm not sure exactly what you're resetting, but...

Go to the 'Client Login' page (linked at the top of this page), click 'Lost Password?', then enter your PRIMARY mail addy.

A confirmation mail will be sent to you. Click on that...

Then, finally, another mail will be sent to you containing the new password. Login using the new password.

Is this what you're doing?

Yep, thats what I did. It worked for me the second time (I think because of some kind of delay on Jag's end), but it has yet to work for my friend. The instructions are simple, yet clearly the process is not working.

It doesn't reset your cPanel password apparently, so there is definately some confusion.

I just don't understand how any business with so many clients could just do something so drastic and not give any warning whatsoever and then just disappear. I made a ticket on my friend's behalf 20 or so minutes ago and still waiting so he can fully access his account.

[Vin DSL]

Is your friend receiving a confirmation mail?

If not, perhaps the PRIMARY mail addy that's being used is incorrect.

You need to use the PRIMARY mail addy that JagPC has on record (I assume)...

[jabbaonthedais]

Is your friend receiving a confirmation mail?

If not, perhaps the PRIMARY mail addy that's being used is incorrect.

You need to use the PRIMARY mail addy that JagPC has on record (I assume)...

Yeah, thanks for the assistance. At least someone is around when Jag decides to affect every user's account at the same time. He is getting the confirmation e-mail, then after he confirms, he is getting a reset password notification (including a new password). That password is not working as of yet. I am sure it will be resolved whenever support gets around to the ticket.

Again, I am just frustrated at the lack of warning. (To Jag) If you are going to modify my account in the future without my permission, at least give me the decency and respect of just sending me an advanced warning.

[Vin DSL]

Again, I am just frustrated at the lack of warning. (To Jag) If you are going to modify my account in the future without my permission, at least give me the decency and respect of just sending me an advanced warning.

Dire situations demand drastic measures, yes?

Hacker Attack

Are you aware of this situation?

[jabbaonthedais]

Dire situations demand drastic measures, yes?

Are you aware of the situation?

To be honest, no. I don't check the forum that often. Which I guess is why I am frustrated. I did not receive any notification of this problem, or the change of my password. I think the e-maiil would have taken a matter of minutes to send out basically stating what Greg said on the thread, and it probably would have avoided tons of support requests, e-mails, and phone calls of people like myself who were unsure why they could not log in to their account.

But I am glad Jag is trying to stop this problem. I think the lack of notification and warning was a bad decision. I will have to watch this closer in the future.

[Vin DSL]

To be honest, no. I don't check the forum that often. Which I guess is why I am frustrated. I did not receive any notification of this problem, or the change of my password. I think the e-maiil would have taken a matter of minutes to send out basically stating what Greg said on the thread...

That's exactly what the Chief did!

Would you like me to copy n' paste the mail here?

[jabbaonthedais]

That's exactly what the Chief did!

Would you like me to copy n' paste the mail here?

You saying they sent out an e-mail? Neither I, nor my friend, received it. And I get the Jaguar newsletters and support notifications.

[Vin DSL]

To be honest, no. I don't check the forum that often. Which I guess is why I am frustrated. I did not receive any notification of this problem, or the change of my password...

You saying they sent out an e-mail? Neither I, nor my friend, received it. And I get the Jaguar newsletters and support notifications.

My bad!

Sorry, I'm doing 10 things at once, here and elsewhere...

I meant to say, there was notification at the top of the 'Client Login' page, whether or not you are logged in...

The notification is linked to this page: http://forum.jaguarpc.com/showthread.php?t=18106

I agree with you, however...

Had instructions been given on resetting the password, it would have saved me this embarrassing moment!

Hey, notification was given, but it wasn't via mail - nobody's perfect right?

Um...

Are you and your friend perfect?

[jabbaonthedais]

Hey, notification was given, but it wasn't via mail - nobody's perfect right?

Um...

Are you and your friend perfect?

Thanks man. And you're right! I see the notification. And to answer your question, yes, we are both perfect.

I'm reading all about this "hacker attack" but is there a good post that would summarize it? I'm reading the begining and the end and I see a lot of confusion. I see that iframes and javascript are being added to people's sites, but what I don't see is how it is being added. It is a server-side exploit, or does it have to do with passwords? I don't see how they could have accessed so many passwords at once. I am still reading though and do not wish to create another thread on the subject. Just curious if they was a summary.

Thanks again Vin!

[Vin DSL]

Thanks man...

And you're right! I see the notification. And to answer your question, yes, we are both perfect...

LoL! Some say I'm a perfect pecker!

No comment on the worm...

Anyway, my pleasure!

Hang in there! It ain't over 'til the fat lady sings...

[Tim]

I also feel that Jaguar should have (and still could) emailed a courtesy notice to everyone to let them know about the hacker attacks and that all the passwords were reset. I noticed the forum notice after a few unsuccessfull login attempts, however it wasn't until I went to the forums to find a discussion about the password changes that I found this thread and found out about the hacker attack. I don't appreciate not being alerted by Jaguar to check my account to see if it had been hacked.

Is it mentioned anywhere in that currently 16-page thread how changing the password every 90 days (or even at all) would in any way prevent this attack? If the attacker was able to access the account and edit files without directly being given the password, how is changing the password going to do anything? I would imagine that the method of attack would work just the same.

[CFusion]

I also feel that Jaguar should have (and still could) emailed a courtesy notice to everyone to let them know about the hacker attacks and that all the passwords were reset. I noticed the forum notice after a few unsuccessfull login attempts, however it wasn't until I went to the forums to find a discussion about the password changes that I found this thread and found out about the hacker attack. I don't appreciate not being alerted by Jaguar to check my account to see if it had been hacked.

Is it mentioned anywhere in that currently 16-page thread how changing the password every 90 days (or even at all) would in any way prevent this attack? If the attacker was able to access the account and edit files without directly being given the password, how is changing the password going to do anything? I would imagine that the method of attack would work just the same.

If hackers got our passwords not far they got our fainancial info too!!!!!!

but i think the worm issue is strang to be password related.... till now i got it in only two websits of same client...

[jason]

OK, here's the Cliff Notes version of the "hacked" thread.

About a week ago now several people noticed that their sites had been defaced. The actual defacement was an added <script> tag inserted into any pages named index.*, home.*, main.*, default.*--basically any possible default page. The script would generate an
<iframe> with, as I understand it, advertising in it.

Defacements are not uncommon (anyone who has been running websites for more than a few months knows that), but the hackers usually get in through vulnerabilities in scripts. This time, though, even sites that contained nothing but static html were defaced.

Because of the widespread nature of the problem, Masood went to work on the problem. He discovered that the hackers were accessing the sites by FTP, downloading the entire site, inserting the scripts on target files, and then re-uploading those files back to the site. Many, but not all, of those hit were still using the default passwords set by JPC when the accounts were set up.

JPC started using a script to scan for sites that had been defaced and quickly reset the passwords on those sites. I think the reason for changing all passwords in NixCore was actually done to protect people's account info--I'm sure there were many people using the same passwords for their sites as for Nixcore.

How the hackers got the passwords in the first place has not been disclosed, though several people have their hunches.

The thread is also dotted with bits of security advice--don't use the same password on multiple accounts, don't use unsecure FTP (use SCP or SFTP via a program like WinSCP or FileZilla instead), use secure connections for email, change passwords regularly.

Hope this helps...

--Jason