Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hosts: How many of you have enabled SolusVM Access?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hosts: How many of you have enabled SolusVM Access?

jakejake Member

Between the VPS company's I use, I'm noticing some have disabled SolusVM access in light of the security vulnerabilities and the incomplete security audit with Solus. Those have enabled WHMCS API access for basic functions but SolusVM access blocked. On the other hand, some have been brave enough to leave direct facing SolusVM access available to their clients.

I'm curious, how many of you hosters here have enabled SolusVM access, how many haven't? If enabled, why? The external audit is not even complete yet as far as I can see from the blog updates, so personally I would be paranoid to leave direct access open for the public.

Just figured this would be an interesting topic to discuss with all the vulnerabilities and exploits being released lately (Summer is here!). Looking back at the trending threads here... it really is scary how an attacker can wipe out a company's servers and its clients by using a security exploit of SolusVM.

Comments

  • From what I have seen, it is safe enough right now to enable it. SolusVM are fixing the issues as they find them and as we saw, even the WHMCS module had an issue and needed to be upgraded so nothing, unless 3rd party, was completely safe.

  • The vulnerabilities I know about still exist so we've left it disabled --> client access, that is. Regardless of the security audit, they need to fix those first.

  • @concerto49 said:
    The vulnerabilities I know about still exist so we've left it disabled --> client access, that is. Regardless of the security audit, they need to fix those first.

    Have you reported it to SolusVM yet? If so did they respond about working on it yet?

    Thanked by 1rds100
  • jakejake Member

    @concerto49 said:
    The vulnerabilities I know about still exist so we've left it disabled --> client access, that is. Regardless of the security audit, they need to fix those first.

    Well done :-) As a customer I would be concerned for my data integrity and safety, which is why I applaud those who disable SolusVM access until at least the external audit is complete...

    Have you reported the vulnerabilities that you know of to SolusVM so they can fix that?

  • Reported what I can. Told others that know about other exploits to also report it, but that's out of my hands.

  • jakejake Member

    Sounds like a trainwreck and a massive case of lazy coding at its finest. How many exploits are there out there right now for Solus would you say, including yours and what others have said?

Sign In or Register to comment.