New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Thanks for posting that. I was curious as well.
I'm one of the customers that had node data deleted. This sucks to all hell, and I'm pissed that CVPS isn't providing proactive updates to clients. It's incredibly lame that I need to find out here and on the other forums.
To be fair, Chris has responded personally to my ticket a couple of times, but he's just one guy. The "company" needs to take ownership of the current situation and report to their customers in the form of regular status updates (ie., every hour?).
Leaving us in the dark isn't going to fly, and will hurt them long term.
thanks. What irc network/channels can I join to stay up to date?
Because this isn't really solution?
http://www.webhostingtalk.com/showpost.php?p=8730152&postcount=68
How do you tell if node data was deleted? How does this affect the actual data on the VPS?
You guys have to realize that WHMCS can only send emails so quick. With over 10,000 emails sent out it takes hours.
Also, there is not much to update from what I have sent out in the email, who ever is down will have to wait until we fix it.
Word Up!
It only takes a few minutes to do something like this:
You could post what was in the email here. How long is it estimated to restore services? Was any data lost?
You could update with which nodes have been restored as you go, which ones you are working on next..
Horrible communication...
When did you send this e-mail? I haven't received anything.
And for the record, my vps has been down for about 9 hours now.
Not everyone (me included) received that email as well .. Maybe its still being sent out ... but still guys, you should post updates ... at least in the client area if you don't want to do them publicly
It's understandable that there isn't much substantial info to update, but it's also understandable that there a lot of panicked customers right now - especially the ones who aren't as dedicated at making local backups.
Even if you just keep posting regular Twitter & FB updates every 30 minutes telling people that you're working on with maybe a bit of info on how it's going, I think that would go a long way toward letting all of your customers know that you guys are working on it. I really appreciate the quick personal response at 5AM to my email, but there are still people waking up and checking their website and finding it down who haven't gotten any email notice yet and are going to CVPS's Facebook or Twitter to look for an update.
Here is the email for those who haven't received it yet:
Around 3am Eastern Standat Time (EST) today, there was a security breach, due to a vulnerability in SolusVM that allowed a command line to be run to dump the ChicagoVPS SolusVM client database and attempt to delete all data from our nodes. Our staff is working tirelessly to get everything back online, along working with SolusVM to address the root issue and no furthur impact is expected.
Now what does this mean for the customer? All passwords should be changed, this includes passwords for SolusVM control panel and your VPS. This data leak does not include billing information or credit card information. Thus far we are having great success in getting nodes back online with no data loss, however, there are a few that were not recoverable and will be restored using our offsite backups.
Once the situation is 100% complete and back to normal we will send another email out. We understand the sevarity and importance to get everything back online quickly. With that in mind, please try to refrain from opening a ticket or replying to an old one as it only slows us down even more. We are doing our best, and hope to have this fully resolved within 24 hours.
Thank you for your patience and understanding.
Regards
Your ChicagoVPS Team
To be honest, I am not that bothered about the [lack of] communication from CVPS in this instance as the security fault doesn't seem to have been avoidable by themselves.
Please stop posting links to the database here. I don't care for it being shared elsewhere but I'd rather not have the links up here. Thanks.
sigh, is chicagovps at least looking into replacing solus with a different panel?
yes
@akz I think many of us are at this point. This has become crazy on multiple levels, SolusVM that is, not CVPS.
that is good to know cause it seems like the response from Solus regarding this issue has been less than stellar and it seems they are full of holes and refuse to acknowledge.
Maybe build a fronted only use SolusVM API. So whatever exploits there are, you can simply block it using firewall.
I think I'm going to start shopping around for companies that don't use solusvm...i hope chicagovps drops solusvm after this latest debacle, and starts looking for an alternative.
Bluevm.com uses hypervm for openvz
I think the lowend community should be united and develop an open source alternative all in one solution to replace WHMCS and SolusVM
Plus they shut down their SolusVM panel KVM and are handling requests via WHMCS tickets (a bold move)
I don't see that happening, mainly because someone's gonna want to cash in.
Remember, Kloxo and HyperVM are out there, open sourced, waiting for someone to continue the work on them
Just had a confirmation from SolusLabs that no further vulnerable code is known about and that the only known exploitable code was the centralbackup.php file.
What that means is that either CVPS is not being truthful or SolusLabs are not being truthful.
@CVPS_Chris over to you Solusvm have made their statement.
Interesting how SolusVM came to prominence after another large hack and now the same is happening to them. Maybe a new contender will emerge.
Just spent 1 hour reading 8 pages, wow... just wow...
I've seen some code allegedly from SolusVM and if they can say it's secure this fast, I doubt they did a thorough search. The code I saw, well, was quite horrible and had a lot of potential security issues. Besides, mysqli_real_escape_string was a concept unknown to the person that wrote that code. That's PHP/MySQL 101 and even in the PHP docs. Also, they escaped every variable manually rather than using a centralized function, making it even harder to test/check.
Not really the biggest issue in all this, but looking at the data leak, there are some REALLY bad passwords.
@Bluevm uses Hypervm and didn't hear any bad thing going...