New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Veesp.com Warning
i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!!
i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!
Comments
Lord have mercy...
This is going to be fun.
Erm - what makes you think it's the administration? More likely you just got hacked. Reinstall your server, I'll bet it's not there.
OP probably used a cracked Windows ISO with malware.
OP did not secure their OS and got pwned.
Tinfoil hats.
Server 2008 r2 without latest updates will be hacked in 5-10 min max.
Ooh. Can I order a combo?
$7
>
then 4. install Debian thx
If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.
Screen: https://image.prntscr.com/image/G5gSOW9ER5mknhWgAXJLhQ.png
That's pretty rich for my blood.
no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !
Reinstall from where.
from the backend of veesp.com ! if you are interested you can take a look via teamviewer and we can do a reinstallation !
We hear what you're saying but we're saying that it's far more likely one of these things happened:
It really does not make much sense for VPS operators to hack into your account to install a miner. It wouldn't be the most efficient way to get income, keeping in mind that they also sent you an abuse message.
I sure hope that it isn't pre-installed in their official templates.
that makes sense, but as i said, i did not use my own iso, the reinstallation was from the veesp.com backend !
Did you immediately secure the server and get it patched up?
Fresh installed Server 2008 R2 hacked in 5-10 min IF YOU DON'T CLOSE ALL SMB PORTS 137,138 UDP and 139,445 TCP.
Joined 5:14PM
@veesp
Who uses Windows Server 2008? I'd be using 2016 if I were him.
why would they do this, and THEN send YOU abuse for it?
They can run on the host. Or create a new VPS for it. Using a customer VPS makes zero sense, actually MINUS as it WILL cause more issues.
Sounds like a unpatched windows machine.
Amazing - -...i think the system iso have been hacked ....
Come on, this is ridiculous) We are an official Microsoft SPLA partner and using only the official licensed OS. As it was said before, there is no sense in installing miners on customers' servers, we have the whole data center full of hardware)
You're really really stupid.
the same happend to me
they told me that Im using the server for sending spam emails
while the server is fresh Ubuntu server and there's not Apache or anything on it and I don't even use it, then they told me that If I did that again they will terminate the server then I turned off the server since I don't use it at all !!
another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong
Why would they install it on your VPS when they could just install it on the hypervisor.
No. It is simply impossible to login and update to a status where it is safe if the thing is on public internet directly. This is not their problem, at all.
The ISOs are normal, verified by checksum, Microsoft ISOs. They are absolutely fine.
You selected an insecure root password and got bruteforced. This is trivial to verify with access to the system; not doing so is your fault - you cannot blame them retroactive now.
Turned off servers are started if the HV is rebooted in certain systems. So your hacked box got turned on again on the next system update they ran.
You got hacked again. 100% usage is always a cryptominer.
I use their auto generated password that contains numbers and dumb characters and also its a fresh install server nothing changed on it and no viruses at all.