New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS hacked
did chicagovps just get hacked
Comments
(sarcasm) No. That's just their new control panel. (/sarcasm)
Yes, it appears they did indeed get hacked.
Oh fucking hell.
Really tragic event!
Let see what happen here. in ramnode somebody get blamed. but now may chicagovps will be blamed not somebody.
Jesus !!!
I dont think this is just the solusvm thing.
It might be another exploit that is used against them, maybe the same as last time they were hacked.
@soluslabs any idea about this ???
As far as I can tell it might have been the same one. Unless someone has a treasure chest full of SolusVM Exploits waiting to be used. In which case, HyperVM is looking pretty good right now.
my putty sessions died and i went to their panel and got the lolololo page
What's up with people these days...
Well, I'm sure whoever hit CVPS was just testing the exploit. You know, like Robert was on Ramnode.
I find it hard to believe ChicagoVPS didn't patch their SolusVM. Chris knew of the issue and was even working together with BuyVM regarding Robert's logs.
Does anyone know if any customer information is in the linked DB?
I see my info. Sad.
Like I said in the first thread, if you didn't patch it within the first hour, you were most likely already compromised. Start mass changing your passwords.
Huh, weird. I don't believe it if they haven't patched their SolusVM install.
I see the summer season has officially arrived.
@ihatetonyy All client names, emails client ID's, hashed password.
Looks like original vps root passwords, host names, IP, OS, VZ type.
As I understand it ramnode was exploited almost immediately after the exploit was 'released'.
How long has it been now, and yet CVPS is hacked?
All three of my servers with them are slow as balls and have high load (they don't run anything that generates load)
This doesn't look good.
Actually someone might have a "treasure chest full of exploits" because earlier today on the LEB post "SolusVM Vulnerability" someone named "LOL" promised to release more Solus exploits in about 12 hours and the timing of this hacking is almost exactly 12 hours from when they posted.
their post:
Attention providers:
In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm.
I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored.
They stated the vuln is “not important at this time”
Good luck.
http://www.lowendbox.com/blog/solusvm-vulnerability/#comment-121148
edit: their first post:
Wait till you see the login vuln and admin panel vuln. Ill release those later
Could be another exploit of course. Or they didn't patch it, but I find that hard to imagine.
From IRC someone said:
-- Dump completed on 2013-06-17 7:48:33
Looks like the server is probably still rooted
Well, at least we solved the Kevin/Adam thing: http://vpsboard.com/topic/758-cvps-hacked/#entry11028
Seems like i can't access SSH, but i can access my website hosted on a VPS from CHVPS
That would be a nasty trick.
It took VERY DAMN LONG for me to log into mine. I advise you wait at least five minutes.
If the above is true, then soluslabs is seriously screwed.
Any panels you know which are more secure ?
We took solus down just for safety.
There is some very deep, deep irony in this statement, but HyperVM may well be more secure at this point in time.
Also, maybe OVZ Web Panel.
And Stallion, of course.
I'm getting "ls: cannot access filename: Input/output error"
It seems some of the files were corrupted
Better backup then turn the vps off if your vps still on, and "passwd root" doesn't work anymore
And however before the hack centralbackup.php isn't there so it should be the other client and/or admin vuln exploit.
In Chicago, not sure what node:
Pulled our solus, seriously suggest everyone else does also