Jump to content

[Important] Beware Of Blesta Phishing Scam


Michael

Recommended Posts

If you received an email like this, ignore it. The email contains an encoded admin_login.php file, DO NOT UPLOAD IT TO YOUR SERVER.

 

From: Blesta Support <blesta.com@gmail.com>
Date: 2014-09-24 18:26 GMT+02:00
Subject: Zero-day exploit \ Hotfix

 

Hi First Last!

A hotfix has been released for Blesta that addresses a bug discovered in
3.2.2.

This hotfix is very IMPORTANT and should be installed immadiately, because
otherwise your admin area is not secure.

We are sorry that we cannot give more information about this hotfix, but it
is very safety-critical.

You can find the hotfix in attachment, please upload it to /app/controllers
and replace the existing file.

Please logout after installing it and login again into the staff area,
because the hash algorithm changed.

As usual, a big thanks to everyone who reported and confirmed this bug, we
appreciate your help.

Best Regards
Paul Phillips
Blesta CEO

 

Link to comment
Share on other sites

If you received an email like this, ignore it. The email contains an encoded admin_login.php file, DO NOT UPLOAD IT TO YOUR SERVER.

 

 

I have not recived to peak at the code. If anyone uploads that file, what does it do?

If we "fingerprint" the code we can trie to see the source of the malware (underground foruns, blogs, irc, etc..) and know whois responsible for this :)

Link to comment
Share on other sites

I have not recived to peak at the code. If anyone uploads that file, what does it do?

If we "fingerprint" the code we can trie to see the source of the malware (underground foruns, blogs, irc, etc..) and know whois responsible for this :)

 

I have the file, but my attempt to decode it using a popular service failed. My guess is that it probably captures your login credentials and emails the attacker.

Link to comment
Share on other sites

Lol, used to see such kiddies trying to get Facebook accounts using phishing ...  but now it is Blesta, i suppose the users of such software are not that naive to fall for this one ... most of them are hosting providers ... I guess.

 

It is also not hard to check the sender email address if it is Blesta's official email address then go for it otherwise it is an obvious scam

Link to comment
Share on other sites

Lol, used to see such kiddies trying to get Facebook accounts using phishing ...  but now it is Blesta, i suppose the users of such software are not that naive to fall for this one ... most of them are hosting providers ... I guess.

 

It is also not hard to check the sender email address if it is Blesta's official email address then go for it otherwise it is an obvious scam

 

It's easy to spoof from addresses. You should never trust emails like this, regardless of who they look like they're from. We will never send patches via email.

Link to comment
Share on other sites

This is how to tell it is a fake:

"We are sorry that we cannot give more information about this hotfix, but it is very safety-critical."

I don't know any developer that would NOT give the reason for a hotfix.

 

It's like WHM** they and cPanel do a fix and release more information two weeks later so people don't get effected. What the idiot who sent it forgot was Blesta doesn't send emails and they announce what it sort of is and who found it if someone did outside the team.

Link to comment
Share on other sites

If you received an email like this, ignore it. The email contains an encoded admin_login.php file, DO NOT UPLOAD IT TO YOUR SERVER.

It takes balls to sign your name to their scam. heh...

I am glad that we have to log in to our blesta account to get patches, betas and new versions. This keeps them safer.

Link to comment
Share on other sites

It takes balls to sign your name to their scam. heh...

I am glad that we have to log in to our blesta account to get patches, betas and new versions. This keeps them safer.

 

The patches and new versions are public and can be downloaded by anyone, ourselves we upload them to our download manager to save customers time if they wish to use them, but they are only for logged in users as the best place to get them is direct. Except beta's which are closed to Blesta customers only.

Link to comment
Share on other sites

×
×
  • Create New...