New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Two of three down.
I have 3 of the birthday specials, my LA is down for sure and the other two I am not sure about as I have lost the IPs to them and can't login to check :P
I'd also hate to be SolusVM right now.
If you can still access your VPS I'd advise you to download your files immediately if you don't have an offsite backup
@ihatetonyy Not much to worry about, I got backup
For your information one VPS at "Los Angeles VPS3" node is under pressure and likely going down any time. Another VPS at "Chicago VPS52" is healthy and running smooth.
Shut the solusvm masters down completely to avoid being hit, this is just messed up.
Any word from SolusLabs yet?
Unfortunately, there's the possibility that their SolusVM was hacked with the same centralbackup.php exploit, but the intruder delayed the "attack".
The same could've happened with a lot more providers, and the hackers to just wait for the right moment to wipe out the nodes.
Also, even with SolusVM shut down, what is the possibility that the nodes were already compromised ?
Didn't the exploit from a few days ago allow them to run any command on the nodes?
If this one did, too, it's excessively, blindingly high, if they were malicious enough to get a way into each one of the nodes.
Also, even with SolusVM shut down, what is the possibility that the nodes were already compromised ?
That is an interesting question...
At first I thought about the same thing, that the attacker planted the exploit and acted later.
After this is sorted one way or the other (the exploits go out or there is a conclusion there are none), everyone should do a clean reinstall of solus master machine.
@Zen tell him to GTFO, that's probably one client you don't want anyway.
By the way providers that shutdown their SolusVM should proably also set their stock to zero, because some customers might try to order and imagine the anger when the VPS can't be provisioned.
Eh, if the provider has it set for manual review, (which is usually smart), the server won't try to provision until accepted.
>
>
Let's let @CVPS_Adam do the talking.
I honestly hope that @CVPS_Chris has his ban removed as soon as possible, just so that he can keep people up to date with what's happening. Personally I think the importance of clients being up to date and aware with what is going on is more important than a silly ban at the moment (plus I believe Chris requested to be banned?). Is this likely to happen at all @Liam?
What I can say, is that one line of code is collapsing an entire market segment.
HyperVM anyone?
@Magiobiwan, lol, BlueVM is like the only company that's made HyperVM work for them.
Yes, and it works quite nicely too. And hasn't been hacked. cough Unlike SolusVM. cough
Did you ever read the big hack many years ago? There was like 10 - 20 exploits released at once that allowed complete root of everything. They never bothered patching them during the "inform the vendor" period.
Francisco
Per @Jack's request I proposed this to Liam and he told us to let @CVPS_Adam do the talking.
We've also taken down our Solus panel. If anybody needs any actions done, just contact us via a ticket.
Nope, sorry. I'd have to build a new frontend, etc.
Francisco
I've always liked the old HyperVM - seems that it still have more features than SolusVM and is free.
I've heard rumors that it does have vulnerabilities too, even the lastest version, but the software is open source, you can always take a look and change what you do not like.
@Francisco My understanding is that we've patched said exploits. Otherwise we wouldn't be running HyperVM. As for the VPS Host that had been hacked, the CEO used the same password for ALL his node's root passwords, and for his WHT account. WHT account got cracked, password unhashed, and... nodes wiped.
No it is not. DMEhosting is using HyperVM as well.
Ok, thanks for the info.
HyperVM is nice though. It has this nice button to migrate a VPS easily and stuff. Unlike SolusVM. And it gives nice, descriptive (VERY descriptive) error messages if/when a VPS doesn't want to boot.
Did that straight after shutting down Solus. I'm glad I remembered to remove the plan from my sig as well.
Do we still have the "chief" excuse? Who is this mythical creature?
We had patched the centralbackup.php almost immediately on Sunday morning, and per a post on LEB ( http://www.lowendbox.com/blog/solusvm-vulnerability/#comment-121070 ) - there may be more problems with SolusVM. We've been told that other code besides the originally exploited centralbackup.php also utilizes the PHP exec function, and I personally do not believe it is safe as of right now for any provider to have their SolusVM install on right now until we have a better understanding of things. SolusVM's management staff are engaged and working closely with us.
Further updates will be posted shortly as we work through this ordeal.
@CVPS_Adam I'm not sure anyone cares about you being hacked, why did you lie about being kevin?