Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ChicagoVPS hacked - Page 6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ChicagoVPS hacked

13468912

Comments

  • @BradND said:
    http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/

    we are aware of the current rumours regarding a further security issue with SolusVM as well as some snippets of code. We have been working hard to audit all of the SolusVM code to find any further potential security issues that may pose a threat.

    At this moment we have been unable to locate any problems however we are continuing to search for any possible attack vectors. We have received a few blocks of code from some customers that are currently being reviewed. Should any issues be identified a patch will be released immediately along with further announcement.

    Lol'd

  • @fhneric said:

    The thing is, Microsoft makes millions, has a large dev team but just makes bad decisions. Windows XP was topper, Vista a flop, 7 topper, 8 a flop, Blue is supposedly going to be a topper

    SolusVM are a bunch of students who dropped out of school, call their room an office and just put together a bunch of 1st-year-in-PHP code.

    Microsoft actually tries patching it (redesigning the security would be better). SolusVM just acts like everything is flawless and perfectly fine

  • nikcubnikcub Member
    edited June 2013

    "Windows is insecure" is a line from the 90's, when it ran on DOS, had no protected memory, no permissions in the file system, no auditing, no security rings, etc.

    Microsoft sent all their developers to intensive security training in the late 90s and instituted security audits and testing as part of their development workflow. They also adopted the POSIX model and security rings in NT (plus NTFS) into Windows. XP was the first result, as was Windows 2000 (a pretty damn good operating system for its time)

  • markmark Member

    @nikcub said:
    XP was the first result, as was Windows 2000 (a pretty damn good operating system for its time)

    Which was somewhat of a downfall for them as 12 years later, people are still happy using XP and have little motivation to upgrade.

  • Yes, so if SolusVM keeps making the same mistake, why dont providers try an alternate option such as Virtualizor? And, I can confirm they are looking into it according to what management told me.

    image

  • SPSP Member

    My website hosted with them went down about 2am PST. When I logged in, Apache wouldn't start because the log files dir has been wiped. Just great.

  • netomxnetomx Moderator, Veteran

    My node seems fine with apache, but haven't tried to ssh

  • I have 4 vps on ChicagoVPS (2 Chicago, 1 Atlanta, 1 LosAngeles) But only Chicago locations give only ping response. Atlanta and LosAngeles gone. My customers very angry for this subject. I have no backup I hope ChicagoVPS keep backups.

  • fapvpsfapvps Member

    @BlackKnight How do you you now keep your own backup? Even if the hosts takes backups you also need to have proper working backups at all times.

  • @fapvps said:
    BlackKnight How do you you now keep your own backup? Even if the hosts takes backups you also need to have proper working backups at all times.

    I know I know. I'm very upset right now :(

  • BlazeMuisBlazeMuis Member
    edited June 2013

    This is the reason i make daily backups of my vps's

  • InfinityInfinity Member, Host Rep

    @AnthonySmith said:
    Exploitable code?

    Yup, same old thing too. exec() too.

  • IshaqIshaq Member

    sigh

  • fapvpsfapvps Member

    VPS plans give you more than enough month transfer to backup important data daily. backup it up nightly to your house automatically...Not having backups is just lazy IMHO.

  • Has anyone heard anything from ChicagoVPS yet? Nothing on their twitter, no response to tickets.. Are they even working on this?

  • @lennierb5 said:
    Has anyone heard anything from ChicagoVPS yet? Nothing on their twitter, no response to tickets.. Are they even working on this?

    There's like 3 comments buried in this thread.

  • MunMun Member

    @lennierb5 said:
    Has anyone heard anything from ChicagoVPS yet? Nothing on their twitter, no response to tickets.. Are they even working on this?

    Yes they are, they have posted here and vpsboard.com. Also it seems like they posted an email, not sure though.

    Mun

  • Just when you thought it was safe to buy another VPS :/

  • @Rallias said:
    There's like 3 comments buried in this thread.

    Ah I see the comment now, missed it on my first read through. Still, that was around 4 hours ago. I'd expect them to put out an update at least once an hour on the status..

  • MunMun Member

    Relevant

  • @lennierb5 said:
    Has anyone heard anything from ChicagoVPS yet? Nothing on their twitter, no response to tickets.. Are they even working on this?

    nope. It's almost 8 hours and no contact initiated by cvps. How pathetic. The least they can do is send an e-mail to all of their customers. But I imagine since some are still up, they don't want to let them know about their incompetence. I'm disappointed but not too surprised with such cheap and oversold plans.

    Does anyone have a mirror of the database leaked so I can check if my credentials were exposed?

  • I kind of feel like building my own VPS panel. With blackjack. And hookers.

    They (Solus) really seem like they're turning our back on us and everyone who puts their trust in them daily.

  • MannDudeMannDude Host Rep, Veteran

    @upsetcvps said:
    Does anyone have a mirror of the database leaked so I can check if my credentials were exposed?

    If you were a customer, then it was exposed. From what I've gathered it was a full DB leak just like their last one that was leaked earlier this year. Just because your provider has failed to give you proper warning of what this could mean for you, change your password immediately.

    You'd think CVPS would update their clients this time, and not just expect them to find out via LET and vpsboard.

  • MunMun Member

    Everything in Solus was leaked, so First name, Last name, hashed password for loging into solus, root ssh password from initial creation or changed password when using solus, and a few other things as well.

    So if you do have access to your VM then change the SSH password.

  • edited June 2013

    @upsetcvps said:
    Does anyone have a mirror of the database leaked so I can check if my credentials were exposed?

    4shared pulled the original pretty quickly but there were some mirrors posted on IRC and other forums this morning - try snipped

  • I will be definitely out of cVPS this time.

  • I am not a CVPS customer, but I would recommend:
    1. Change root password
    2. Change SolusVM password
    3. Reinstall vps

    Or will anyone keep his vps without reinstall?

  • AnthonySmithAnthonySmith Member, Patron Provider

    Can You post the php file names please?

  • Any other providers with decent reviews and decently priced VPS?

  • InfinityInfinity Member, Host Rep
    edited June 2013

    @AnthonySmith said:
    Can You post the php file names please?

    The examples I gave to SolusVM were all from the admincp login.php. I'm sure there are many others I haven't seen.

Sign In or Register to comment.