Vat happened yesterday ah? Sammyboy tio hacked and held ransom?

Saw some weird message asking for 0.1btc to restore the site.....

Les grossman said:

Saw some weird message asking for 0.1btc to restore the site.....

Click to expand...

the blackout was pretty long.... wasn't able to visit.....

So scary...

Same same

Insouciant said:

So scary...

Click to expand...

I know! I was like hokay, time to find a new hobby.

Very grateful boss Sam got it sorted out.

Ddos attack by PAP IB? Shanmugam trying to cover his tracks?

I thought the whole site went kaput

Boss sam paid 0.1 BTC to unlock this site?

zhihau said:

I thought the whole site went kaput

Click to expand...

I thought the authorities had done something to the site and are investigating into all the anti-Pappies' comments.

anyone jumps off hdb?

Leongsam FTW! Managed to recover faster than DBS APP/ATM downtime LOL.

If this site is compromised, then your passwords possibly too. Better change them before something untoward happens.

The site was not compromised and the database is intact. However a zero day vulnerability in Cpanel enabled hackers to wipe the site off the face of the earth.

ccp hackers?

**Yes, there's a major ongoing wave of compromises hitting cPanel/WHM servers right now, tied to a critical vulnerability (CVE-2026-41940).**

This is a pre-authentication bypass (via CRLF injection in the login/session flow) that lets unauthenticated attackers gain full control of exposed cPanel & WHM (and WP Squared) instances. It affects all versions after 11.40. Exploitation has been happening in the wild since at least late February (as a zero-day), but it exploded after public details and PoCs dropped around April 28–29, with a massive surge on May 1.

### Key details on the scale and impact:
- **Thousands of servers hit quickly**: On May 1 alone, there was a huge spike — ~15,300 new malicious/compromised cPanel hosts (making up ~80% of new compromises that day in some tracking). Multiple campaigns are active.
- Attackers are deploying **Mirai botnet variants** (e.g., "nuclear.x86") for DDoS/IoT-style abuse on some servers.
- Others are hit with **".sorry" ransomware**, which encrypts files (often visible in open directories) and affects thousands more.
- Targets concentrate on VPS/cloud providers (DigitalOcean, Contabo, OVH, etc.). Roughly 1–1.5 million cPanel instances are exposed on the internet, making mass scanning/exploitation easy.

cPanel released emergency patches on April 28. CISA added it to the Known Exploited Vulnerabilities catalog, urging quick action.

### What you should do if you run or use cPanel/WHM servers:
- **Patch immediately** — Use the updater (`/scripts/upcp --force`) or your host's tools. Check your version.
- Rotate credentials, review logs for suspicious auth/activity (especially around late April–May 1), and scan for indicators like the ".sorry" files, unusual binaries, or Mirai C2 traffic.
- If unpatched and internet-exposed, assume compromise and rebuild if possible.
- Hosting providers have been blocking ports temporarily and pushing updates.

This isn't the earlier Stryker incident (March 2026 Iran-linked wiper attack on ~80k–200k devices via Microsoft Intune abuse) — that's weeks old. The current buzz is specifically this cPanel wave.

If you're seeing this on specific servers or have more details (e.g., error messages, hosting provider), I can help narrow it down further. Stay safe and patch!

Thanks getting the forum online again

The hackers's bitcoin account increased by 2 usd only, no victim paid. They are so smart, must be unvaccinated and women-free.

Are user credentials and personal data secure?