Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ChicagoVPS hacked - Page 7
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ChicagoVPS hacked

145791012

Comments

  • ashworthashworth Member
    edited June 2013

    @SegmentationFault said:
    4shared pulled the original pretty quickly but there were some mirrors posted on IRC and other forums this morning - try snipped

    Thanks for posting that. I was curious as well.

    I'm one of the customers that had node data deleted. This sucks to all hell, and I'm pissed that CVPS isn't providing proactive updates to clients. It's incredibly lame that I need to find out here and on the other forums.

    To be fair, Chris has responded personally to my ticket a couple of times, but he's just one guy. The "company" needs to take ownership of the current situation and report to their customers in the form of regular status updates (ie., every hour?).

    Leaving us in the dark isn't going to fly, and will hurt them long term.

  • upsetcvpsupsetcvps Member
    edited June 2013

    @SegmentationFault said:
    4shared pulled the original pretty quickly but there were some mirrors posted on IRC and other forums this morning - try snipped

    thanks. What irc network/channels can I join to stay up to date?

  • SpiritSpirit Member

    @fhneric said:
    Yes, so if SolusVM keeps making the same mistake, why dont providers try an alternate option such as Virtualizor?

    Because this isn't really solution?

    Virtualizor is sort of a scary solution. The solusvm exploit allowed the escalation of privileges due to a suid binary.. while Virtualizor actually runs most of the frontend php as the root user so an exploit in it from a file modification to executing commands is potentially bad news.

    http://www.webhostingtalk.com/showpost.php?p=8730152&postcount=68

  • @ashworth said:
    I'm one of the customers that had node data deleted.

    How do you tell if node data was deleted? How does this affect the actual data on the VPS?

  • CVPS_ChrisCVPS_Chris Member, Patron Provider
    edited June 2013

    You guys have to realize that WHMCS can only send emails so quick. With over 10,000 emails sent out it takes hours.

    Also, there is not much to update from what I have sent out in the email, who ever is down will have to wait until we fix it.

  • Word Up!

  • @CVPS_Chris said:
    You guys have to realize that WHMCS can only send emails so quick. With over 10,000 emails sent out it takes hours.

    It only takes a few minutes to do something like this:

    You could post what was in the email here. How long is it estimated to restore services? Was any data lost?

    You could update with which nodes have been restored as you go, which ones you are working on next..

    Horrible communication...

  • @CVPS_Chris said:
    You guys have to realize that WHMCS can only send emails so quick. With over 10,000 emails sent out it takes hours.

    When did you send this e-mail? I haven't received anything.

    And for the record, my vps has been down for about 9 hours now.

  • isalemisalem Member
    edited June 2013

    Not everyone (me included) received that email as well .. Maybe its still being sent out ... but still guys, you should post updates ... at least in the client area if you don't want to do them publicly

  • zulualphazulualpha Member
    edited June 2013

    @CVPS_Chris said:
    Also, there is not much to update from what I have sent out in the email, who ever is down will have to wait until we fix it.

    It's understandable that there isn't much substantial info to update, but it's also understandable that there a lot of panicked customers right now - especially the ones who aren't as dedicated at making local backups.

    Even if you just keep posting regular Twitter & FB updates every 30 minutes telling people that you're working on with maybe a bit of info on how it's going, I think that would go a long way toward letting all of your customers know that you guys are working on it. I really appreciate the quick personal response at 5AM to my email, but there are still people waking up and checking their website and finding it down who haven't gotten any email notice yet and are going to CVPS's Facebook or Twitter to look for an update.

  • Here is the email for those who haven't received it yet:

    Around 3am Eastern Standat Time (EST) today, there was a security breach, due to a vulnerability in SolusVM that allowed a command line to be run to dump the ChicagoVPS SolusVM client database and attempt to delete all data from our nodes. Our staff is working tirelessly to get everything back online, along working with SolusVM to address the root issue and no furthur impact is expected.

    Now what does this mean for the customer? All passwords should be changed, this includes passwords for SolusVM control panel and your VPS. This data leak does not include billing information or credit card information. Thus far we are having great success in getting nodes back online with no data loss, however, there are a few that were not recoverable and will be restored using our offsite backups.

    Once the situation is 100% complete and back to normal we will send another email out. We understand the sevarity and importance to get everything back online quickly. With that in mind, please try to refrain from opening a ticket or replying to an old one as it only slows us down even more. We are doing our best, and hope to have this fully resolved within 24 hours.

    Thank you for your patience and understanding.

    Regards

    Your ChicagoVPS Team

  • To be honest, I am not that bothered about the [lack of] communication from CVPS in this instance as the security fault doesn't seem to have been avoidable by themselves.

  • Please stop posting links to the database here. I don't care for it being shared elsewhere but I'd rather not have the links up here. Thanks.

  • akzakz Member

    sigh, is chicagovps at least looking into replacing solus with a different panel?

  • CVPS_ChrisCVPS_Chris Member, Patron Provider

    yes

  • @akz I think many of us are at this point. This has become crazy on multiple levels, SolusVM that is, not CVPS.

  • akzakz Member
    edited June 2013

    @Holoshed said:
    akz I think many of us are at this point. This has become crazy on multiple levels, SolusVM that is, not CVPS.

    @CVPS_Chris said:
    yes

    that is good to know cause it seems like the response from Solus regarding this issue has been less than stellar and it seems they are full of holes and refuse to acknowledge.

  • dnwkdnwk Member

    Maybe build a fronted only use SolusVM API. So whatever exploits there are, you can simply block it using firewall.

  • I think I'm going to start shopping around for companies that don't use solusvm...i hope chicagovps drops solusvm after this latest debacle, and starts looking for an alternative.

  • MunMun Member

    Bluevm.com uses hypervm for openvz

  • I think the lowend community should be united and develop an open source alternative all in one solution to replace WHMCS and SolusVM

  • @Mun said:
    Bluevm.com uses hypervm for openvz

    Plus they shut down their SolusVM panel KVM and are handling requests via WHMCS tickets (a bold move)

    @CoolMoon said:
    I think the lowend community should be united and develop an open source alternative all in one solution to replace WHMCS and SolusVM

    I don't see that happening, mainly because someone's gonna want to cash in.

  • liviuliviu Member

    @Jack said:
    Soluslabs Your income is going to drop drastically.

    good

  • EvoEvo Member

    Remember, Kloxo and HyperVM are out there, open sourced, waiting for someone to continue the work on them :)

  • AnthonySmithAnthonySmith Member, Patron Provider

    Just had a confirmation from SolusLabs that no further vulnerable code is known about and that the only known exploitable code was the centralbackup.php file.

    What that means is that either CVPS is not being truthful or SolusLabs are not being truthful.

    @CVPS_Chris over to you Solusvm have made their statement.

  • lnxlnx Member, Patron Provider

    Interesting how SolusVM came to prominence after another large hack and now the same is happening to them. Maybe a new contender will emerge.

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    Just spent 1 hour reading 8 pages, wow... just wow...

  • mpkossenmpkossen Member
    edited June 2013

    @AnthonySmith said:
    Just had a confirmation from SolusLabs that no further vulnerable code is known about and that the only known exploitable code was the centralbackup.php file.

    What that means is that either CVPS is not being truthful or SolusLabs are not being truthful.

    CVPS_Chris over to you Solusvm have made their statement.

    I've seen some code allegedly from SolusVM and if they can say it's secure this fast, I doubt they did a thorough search. The code I saw, well, was quite horrible and had a lot of potential security issues. Besides, mysqli_real_escape_string was a concept unknown to the person that wrote that code. That's PHP/MySQL 101 and even in the PHP docs. Also, they escaped every variable manually rather than using a centralized function, making it even harder to test/check.

  • zulualphazulualpha Member
    edited June 2013

    Not really the biggest issue in all this, but looking at the data leak, there are some REALLY bad passwords.

  • @Bluevm uses Hypervm and didn't hear any bad thing going...

Sign In or Register to comment.