Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Veesp.com Warning
New on LowEndTalk? Please Register and read our Community Rules.

Veesp.com Warning

i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

«1

Comments

  • Lord have mercy...

    This is going to be fun.

  • johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    Erm - what makes you think it's the administration? More likely you just got hacked. Reinstall your server, I'll bet it's not there.

    Thanked by 2bersy Fusl
    1. OP probably used a cracked Windows ISO with malware.

    2. OP did not secure their OS and got pwned.

    3. Tinfoil hats.

    Thanked by 2Fries Fusl
  • Server 2008 r2 without latest updates will be hacked in 5-10 min max.

    Thanked by 1Aidan
  • WSSWSS Member

    @mikewazar said:
    1. OP probably used a cracked Windows ISO with malware.

    1. OP did not secure their OS and got pwned.

    2. Tinfoil hats.

    Ooh. Can I order a combo?

  • @WSS said:

    @mikewazar said:
    1. OP probably used a cracked Windows ISO with malware.

    1. OP did not secure their OS and got pwned.

    2. Tinfoil hats.

    Ooh. Can I order a combo?

    $7

  • Shot2Shot2 Member
    edited August 2017

    @mikewazar said:

    >

    1. OP probably used a cracked Windows ISO with malware.

    2. OP did not secure their OS and got pwned.

    3. Tinfoil hats.

    then 4. install Debian thx

  • @johnwayne said:
    i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
    i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

  • WSSWSS Member

    @mikewazar said:
    $7

    That's pretty rich for my blood.

  • @teamacc said:

    @johnwayne said:
    i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
    i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

  • @johnwayne said:

    @teamacc said:

    @johnwayne said:
    i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
    i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Reinstall from where.

  • @teamacc said:

    @johnwayne said:

    @teamacc said:

    @johnwayne said:
    i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
    i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Reinstall from where.

    from the backend of veesp.com ! if you are interested you can take a look via teamviewer and we can do a reinstallation !

  • caracalcaracal Member
    edited August 2017

    We hear what you're saying but we're saying that it's far more likely one of these things happened:

    1. The .iso you used has the miner software already pre-installed.
    2. Your server is unsecured and is hacked within minutes.

    It really does not make much sense for VPS operators to hack into your account to install a miner. It wouldn't be the most efficient way to get income, keeping in mind that they also sent you an abuse message.

    I sure hope that it isn't pre-installed in their official templates.

  • @caracal said:
    We hear what you're saying but we're saying that it's far more likely one of these things happened:

    1. The .iso you used has the miner software already pre-installed.
    2. Your server is unsecured and is hacked within minutes.

    It really does not make much sense for VPS operators to hack into your account to install a miner. It wouldn't be the most efficient way to get income, keeping in mind that they also sent you an abuse message.

    that makes sense, but as i said, i did not use my own iso, the reinstallation was from the veesp.com backend !

  • johnwayne said: that makes sense, but as i said, i did not use my own iso, the reinstallation was from the veesp.com backend !

    Did you immediately secure the server and get it patched up?

  • johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Fresh installed Server 2008 R2 hacked in 5-10 min IF YOU DON'T CLOSE ALL SMB PORTS 137,138 UDP and 139,445 TCP.

  • quickquick Member
    edited August 2017

    Joined 5:14PM

    @veesp

  • @ngstargate said:

    johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Fresh installed Server 2008 R2 hacked in 5-10 min IF YOU DON'T CLOSE ALL SMB PORTS 137,138 UDP and 139,445 TCP.

    Who uses Windows Server 2008? I'd be using 2016 if I were him.

  • johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    why would they do this, and THEN send YOU abuse for it?

    They can run on the host. Or create a new VPS for it. Using a customer VPS makes zero sense, actually MINUS as it WILL cause more issues.

  • NeoonNeoon Member, Community Contributor
    edited August 2017

    Sounds like a unpatched windows machine.

    Thanked by 2WSS Aidan
  • Amazing - -...i think the system iso have been hacked ....

  • WSSWSS Member

    @johnwayne said:

    Thanked by 3BBTN sanvit jvnadr
  • VeespVeesp Member, Host Rep

    @johnwayne said:
    i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
    i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    Come on, this is ridiculous) We are an official Microsoft SPLA partner and using only the official licensed OS. As it was said before, there is no sense in installing miners on customers' servers, we have the whole data center full of hardware)

  • RhysRhys Member, Host Rep

    You're really really stupid.

    Thanked by 1Aidan
  • the same happend to me
    they told me that Im using the server for sending spam emails
    while the server is fresh Ubuntu server and there's not Apache or anything on it and I don't even use it, then they told me that If I did that again they will terminate the server then I turned off the server since I don't use it at all !!

  • another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

  • MikeAMikeA Member, Host Rep

    Why would they install it on your VPS when they could just install it on the hypervisor.

    Thanked by 1Aidan
  • WilliamWilliam Member
    edited August 2017

    cxcool said: Amazing - -...i think the system iso have been hacked ....

    No. It is simply impossible to login and update to a status where it is safe if the thing is on public internet directly. This is not their problem, at all.

    The ISOs are normal, verified by checksum, Microsoft ISOs. They are absolutely fine.

    Jorbox said: told me that Im using the server for sending spam emails while the server is fresh Ubuntu server

    You selected an insecure root password and got bruteforced. This is trivial to verify with access to the system; not doing so is your fault - you cannot blame them retroactive now.

    Jorbox said: then I turned off the server since I don't use it at all !!

    Turned off servers are started if the HV is rebooted in certain systems. So your hacked box got turned on again on the next system update they ran.

    Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    You got hacked again. 100% usage is always a cryptominer.

  • @William said:

    cxcool said: Amazing - -...i think the system iso have been hacked ....

    No. It is simply impossible to login and update to a status where it is safe if the thing is on public internet directly. This is not their problem, at all.

    The ISOs are normal, verified by checksum, Microsoft ISOs. They are absolutely fine.

    Jorbox said: told me that Im using the server for sending spam emails while the server is fresh Ubuntu server

    You selected an insecure root password and got bruteforced. This is trivial to verify with access to the system; not doing so is your fault - you cannot blame them retroactive now.

    Jorbox said: then I turned off the server since I don't use it at all !!

    Turned off servers are started if the HV is rebooted in certain systems. So your hacked box got turned on again on the next system update they ran.

    Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    You got hacked again. 100% usage is always a cryptominer.

    I use their auto generated password that contains numbers and dumb characters and also its a fresh install server nothing changed on it and no viruses at all.

    Thanked by 1johnwayne
Sign In or Register to comment.