Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ChicagoVPS hacked, bunch of VPS customers offline - Page 5
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ChicagoVPS hacked, bunch of VPS customers offline

1235716

Comments

  • SpencerSpencer Member
    edited November 2012

    @Jack said: Hi,

    All I can say at this stage is thy haven't contacted us about it so I'm doubtful it's an actual exploit through SolusVM at all, however it's too early to tell at the minute.

    --

    Kind Regards,

    Jason Smith

    Management

    As I said before, let Shinkle take care of it since he actually knows what happens.

  • @Spencer said: I was write

    WHAT?

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    He was write!

  • @Alex_LiquidHost said: He was write!

    Immagine that.

  • joepie91joepie91 Member, Patron Provider
  • @JoePie91 Thanks.. ;)

  • I don't see the need for harsh comments that Chris is currently receiving. He's got his priorities right in putting his customers first. He has no obligation whatsoever to inform anything to anyone except his clients and I am sure those can contact him through appropriate support channels. And the "conspiracy theories" that people are speculating are seriously ludicrous, "cover up", seriously? What's there to cover up? The people's reactions to this issue are just ridiculous, and I personally think Chris is doing the right thing by focusing on his clients first and dealing with solus later. Solus is not going anywhere anytime soon, his clients might if this is not handled promptly. No offense to anyone, just my 2 cents. Best of luck to @CVPS_Chris & team.

  • Got couple of question, why other nodes weren't affected assuming they have a single solus master and this is a "solus" hack. Also what does lighttpd has to do with admin login? Also if someone or something accesses a node, don't the admin receives notification?

  • @Randy said: LOL. hosted on chicagovps?

    Yes.

  • @Taz by the sounds of it it was an API hack; so the lighttpd web server may not be restricting certain IP's etc; or some exploit to get around a .htaccess or something like that.

    There's lots that can be happening; and ofcourse a notification was sent' but who says they werent locked out of their own nodes? it's not uncommon for something like that to happen; and if it was an API hack being brute forced; most likely it was told to just 'terminate' X Y Z amount of vps's following CID's from 101 -> 999.

    This poses the question, is it just CVPS that has been targetted? Or has others been targetted / affected? It's worrying to think that this sort of thing is still rogue and there's no light on it as of yet.

  • DamianDamian Member
    edited November 2012

    @Victor said: I don't see the need for harsh comments that Chris is currently receiving

    Same here. Chris's personality is abrasive; it's his style. Not everyone is sunshine and rainbows and puppy dogs. It's the yin/yang of the universe. Just because his personality doesn't mesh with yours doesn't validate others being evil too.

  • TazTaz Member
    edited November 2012

    If I were to hack,why should I care about number and not use wildcard? Also, afaik API infos, just like admin/clients info are stored on SQL. I am pretty sure lighty doesn't control any SQL or any such login that connects to DB. Is it something similar to linode hack web have seen last year? Also as chris mentioned another host was affected, who is that other host?

    I remember when whmcs had the eval code exploit, 100s if not 1000s were affected and there were threads all over. Why aren't we seeing the same in this situation?

  • 24khost24khost Member
    edited November 2012

    Is the other host EOR

  • @24khost said: Is the other host EOR

    AHHH NO THANKS MAKES HOMER MAD.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    @Victor said: I don't see the need for harsh comments that Chris is currently receiving. He's got his priorities right in putting his customers first. He has no obligation whatsoever to inform anything to anyone except his clients and I am sure those can contact him through appropriate support channels. And the "conspiracy theories" that people are speculating are seriously ludicrous, "cover up", seriously? What's there to cover up? The people's reactions to this issue are just ridiculous, and I personally think Chris is doing the right thing by focusing on his clients first and dealing with solus later. Solus is not going anywhere anytime soon, his clients might if this is not handled promptly. No offense to anyone, just my 2 cents. Best of luck to @CVPS_Chris & team.

    Well, on the other side if this happened to me I'd inform solusvm immediately. It would take what? 10 minutes to include logs and explaination? As far as I know, Chris claims that there are a lot of people behind Chicagovps, if they have the proper disaster recovery plans already setup, for sure someone would be able to spend the 10 minutes needed to inform solusvm, to fill the hole. At the end, they are still using it, this exploit can lead to another one, affecting the rest of their nodes.
    How would you feel if this indeed is some exploit, beeing distributed around the hacking networks at the moment of speaking and if the next hosting provider targeted by it is exactly your host?

    I have no problem with Chris's atitude really, neither do I care, however I think that somoeone from there, should have explained solusvm if a bug/exploit indeed exists, just cause it is the right thing to do, atleast in my eyes.

  • can anybody confirm EOR is the other host that is down.

  • WTF is EOR, it's the first time i hear this name.

  • Spotvps and comforthost is up and running from here.

  • Not for me LAKid.

  • Up to this point they have NOT contacted us about any of the so called exploit/issue they have had. We sent them an email when we were pointed to this thread. ChicagoVPS are very active on our support system so i see no reason why they wouldn't contact us via it.

    I have personally checked over the API code and can't find an issue where anyone can run any functions until they have passed all the checks. This includes the ID/KEY and IPaddress (if you enabled IP checking)

    There is no chance of an SQL on verification of the submitted API details because all the Active API users are retrieved from the database before the details are compared. This authentication system was introduced in early 2011.

    -- Phill

  • comforthost is up but spotvps seems to be down now.

  • @soluslabs maybe its something to do with whmcs' solus module?

  • Does this means some one is hiding something @soluslabs ?

  • @soluslabs said: Up to this point they have NOT contacted us about any of the so called exploit/issue they have had. We sent them an email when we were pointed to this thread. ChicagoVPS are very active on our support system so i see no reason why they wouldn't contact us via it.

    I have personally checked over the API code and can't find an issue where anyone can run any functions until they have passed all the checks. This includes the ID/KEY and IPaddress (if you enabled IP checking)

    There is no chance of an SQL on verification of the submitted API details because all the Active API users are retrieved from the database before the details are compared. This authentication system was introduced in early 2011.

    -- Phill

    Thank you Phill. Just confirming what we all thought already.

  • @LAKid said: comforthost is up but spotvps seems to be down now.

    SpotVPS seems fine to me.

  • I really can't comment until they have given us details as to what has happened. Obviously they are not obliged to tell us anything.

    All i can say is the code has been checked and no exploitable bugs have been found.

  • MaouniqueMaounique Host Rep, Veteran

    @GetKVM_Ash said: Thank you Phill. Just confirming what we all thought already.

    grabs popcorn
    M

  • @Nekki Ah, with I.E, it shows, with firefox, it doesn't, that's why.

  • @LAKid said: Ah, with I.E, it shows, with firefox, it doesn't, that's why.

    Works fine for me on FireFox also, odd that it doesn't for you...

This discussion has been closed.