Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Whats with the real reasoning behind the conflict between buyVM and SolusVM recently?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Whats with the real reasoning behind the conflict between buyVM and SolusVM recently?

JSCLJSCL Member, Host Rep
edited February 2012 in Providers

Hi all,

So, being the king of causing controversy and not afraid to take criticism, I'll take responsibility for starting this topic.

As we know, BuyVM uses Stallion. I've just been provided with info on trusted grounds that actually, that these are the reasons for friction between BuyVM and Soluslabs:

BuyVM have actually accused SolusLabs of hacking them.
SolusLabs is accusing Stallion of being a decompiled version of SolusVM.
SolusVM apparently attempted to hack from their lisencising server.
BuyVM is accusing SolusLabs of causing drama.

Looking for some clarification from the community....

«134

Comments

  • I would like to know also,

  • @liam said: Interesting, must of missed this. Can anyone link me?

    I think some of it was discussed in the closed DotVPS thread,

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited February 2012

    You can thank @dotvps for starting a shit storm between us and them. What happened was Jack was bugging at least myself and @kujoe to help him decompile/nullify his SolusVM license.

    What we think went on is that when we told him to go away and learn some PHP and build his own like we did, he ran to SolusVM trying to get us in trouble. At one point someone tried to use the exploit that SolusVM had in its system back in September on us, but it didn't work. The exploit was never documented, simply stated 'update please'. Now, the person that tried to attack us - how did they get said exploit? We don't know. Solus claims innocence on the subject and we don't have any reason to try to drag them through the mud over it.

    Now, in February of 2011 we dumped some of the SolusVM variables to work on our own IPV6 RDNS page integration since they were refusing to provide them. They got extremely angry at us and suspended us. After we sent them a copy of our code to show it was not malicious, they left us be. We continued paying them until the start of August when Stallion went live.

    There was a retarded amount of code that was needed to get done so we were looking for shortcuts. Since we had made enough modifications to the frontend SMARTY files, we simply reused them. At this point, Stallion does look like SolusVM 1.7x's skin, but that won't be for much longer as our designer finishes documenting all of the data he needs fed to his code.

    In the end, we sent SolusVM a fairly decent sized sampling of our frontend code to show that we're not BSing them nor using their setup. Stallion was originally spec'd as 'do everything that SolusVM does, but fix the key parts', but we gutted out so many things that we just don't need in the panel itself.

    Francisco

    Thanked by 2djvdorp yowmamasita
  • @Francisco So did SolusLabs log into Stallion to "attempt" to hack?

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited February 2012

    @Daniel said: @Francisco So did SolusLabs log into Stallion to "attempt" to hack?

    SolusVM logged in since Jack seems to have insisted such. The logs have been a mess and we've left the subject at that.

    For what it's worth, someone did try to inject our code, but failed horribly.

    As Jason said, it is drama and we're hoping it'll be done with finally. We've heard nothing new from Phill nor Jason so I dunno. I've simply been too busy to go bother them about it.

    Solus' biggest concern I figure is just that right now stallion is a complete drop in replacement for SolusVM's database and they feel the structure/naming is copyright - fair enough. If Stallion ever goes up for sale it'll have to ship with an update file of sorts that restructures the database enough to null/void that point, or, import it into our own structure.

    Francisco

  • Recently, you had changed username. It was e-mail id before and now it is VMxxx was this changes made due to Hack attempt?

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @liam said: SolusVM realises that few folk have made a much better system/application in a few months than they have for a few years. They feel threatened, what's not to say that you will not charge for stallion if you 'sold' it then they would be out of business.

    Stallion needs a lot of work to be marketable. Could we compete with SolusVM? We wouldn't want to. Our target market would be to target the bigger hosts (people with 20 - 30+ nodes) and are willing to pay a larger one off fee.

    I don't want to deal with monthly licenses because the support is murder. I can't imagine how many people Solus has to have on support just to deal with all of the bone head 'hosts'

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @GeekView said: Recently, you had changed username. It was e-mail id before and now it is VMxxx was this changes made due to Hack attempt?

    Not at all, this was to merge usernames before sales go up. We have a lot of notification & alert systems coming in place and our target is to make it so when we log an abuse case (bad process running, heavy abuse, etc), we not only log an entry in stallion, it would log a ticket as well.

    We needed an easier way to relate our ID's. There was quite a bit of mess from our starter months where lots of the fields weren't filled at all, so we had VM's documented in WHMCS w/o a vserverid for instance.

    Francisco

  • @Francisco said: For what it's worth, someone did try to inject our code, but failed horribly.

    So wait, did they try and inject code into Stallion or SolusVM? Im confused.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Daniel said: So wait, did they try and inject code into Stallion or SolusVM? Im confused.

    Stallion.

    This all happened like...< 2 weeks ago. Now, i'm not naming names of who tried what since, as Aldryic & myself have said, we're tired of that drama.

    The only modification we made to solus was adding our page and that was sent in full to them last February.

    Francisco

  • @Francisco said: Stallion.

    But didn't you say they used a SolusVM exploit though?

  • vedranvedran Veteran
    edited February 2012

    @Francisco said: I don't want to deal with monthly licenses because the support is murder. I can't imagine how many people Solus has to have on support just to deal with all of the bone head 'hosts'

    Where does it say they are even offering support of any kind?

    Edit:

    @Daniel said: But didn't you say they used a SolusVM exploit though?

    Yes, I'm confused with that part too.

  • @vedran said: Where does it say they are even offering support of any kind?

    One provider emailed SolusLabs asking if OpenVZ supported Windows.

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited February 2012

    @Daniel said: But didn't you say they used a SolusVM exploit though?

    Re-read what I said carefully :) I'll explain it again and try not to be so confusing this time.

    • SolusVM had an exploit last year that allowed an SQL injection to happen
    • Stallion was launched in August of last year, before the exploit was reported and patched by SolusVM
    • @dotvps asked myself & kujoe to nullify his license or provide him with a complete code dump if we had one (we don't)
    • @dotvps went to SolusVM likely thinking he was snitching us that we nulled their licensing code
    • SolusVM logged into the account @dotvps provided and confirmed we were using their SMARTY pages (the styling). The filenames are the same as well since we were doing in place replacement of SolusVM pages as I developed along the way
    • < 2 weeks ago someone tried to use the SolusVM SQL injection on us. In the inject was @dotvps' Stallion login multiple times. The injection didn't work, of course.
    • We took the case up with SolusVM to find out WTF was going on
    • SolusVM was provided with a good sampling of our code showing what was going on.

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @vedran said: Where does it say they are even offering support of any kind?

    They provide support if there's bugs. They also likely help guide people if they're a little confused. They have a fairly solid wiki but people are morons.

    Francisco

  • @Francisco

    Thanks for clarifying :). Im just a bit confused if they logged into SolusVM or Stallion, because the login notification from Stallion looks a lot like SolusVMs.

    But theres no copyright over layout I guess.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Daniel said: Thanks for clarifying :). Im just a bit confused if they logged into SolusVM or Stallion, because the login notification from Stallion looks a lot like SolusVMs.

    But theres no copyright over layout I guess.

    They did.

    We simply reused the email templates too since they worked well enough.

    Francisco

  • @Francisco To build Stallion from scratch or partial, SolusVM was reverse Engineered is it true? If it is so, then it is clearly SolusVM TOS violation.

    Folder name, php file name and structure is still Solusvmise.
    http://i42.tinypic.com/n2cy2h.jpg
    http://i41.tinypic.com/okdd74.jpg

    Also, regarding VPS Master is it Stallion pure breed or idea gained by reverse Engineering?

  • vedranvedran Veteran
    edited February 2012

    Ok, so this is what (possibly) happened:

    • You stopped paying SolusVM license before that exploit got reported and patched.
    • SolusVM suspects you're using their code
    • They think you're still using the old and unpatched code (the one you had before you stopped paying their license) so they try the exploit on you
    • It fails since you're not using their code at all
    • You don't want to say it out loud since you have no evidence SolusVM is behind this.

    Makes perfect sense.

    They provide support if there's bugs. They also likely help guide people if they're a little confused. They have a fairly solid wiki but people are morons.

    Yes, but their license agreement does not mention support so support they are offering is "out of courtesy". They are not legally obliged to offer any kind of support for their software (or I'm failing to find their Support Policy).

    @GeekView said: To build Stallion from scratch or partial, SolusVM was reverse Engineered is it true? If it is so, then it is clearly SolusVM TOS violation.

    He already said it's not true, but even if it was (and I do believe when he says it wasn't) he wouldn't admit it here. Duh!

  • @Francisco

    Im still a bit confused to this as well, i thought the whole of SolusVM was encrypted, so how did you modify it without breaking there TOS?

    I must mention that i have absolutely no PHP coding skills (Basic stuff aside)

  • MrAndroidMrAndroid Member
    edited February 2012

    @GeekView said: @Francisco To build Stallion from scratch or partial, SolusVM was reverse Engineered is it true? If it is so, then it is clearly SolusVM TOS violation.

    I also heard that the SolusVM /admincp was left on Stallion and could be accessed till it was moved.

    SolusVM is encrypted with Ioncube (correct me if I'm wrong here), which can be decoded but takes time.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    Nope.

    As I said, we reused all of the folders and such and just replaced with our code as we went along. The only things we've used from solus is the DB & frontend and I guess the filenames. All of those would have to be changed fully before we could market it. The feature set was based on what SolusVM had as I said. They've since then expanded on their feature set but nothing we see of value.

    That box is due for a reinstall the weekend before sales, at which point it'll go to /usr/local/stallion/ like all of the nodes are :) Statistics is still broken for the time being but will be fixed sometime this month whenever I get Collectd how I want it. The biggest issue is how to handle the actual graphing - use rrdtool or pull the data from the rrd's and use flot.

    Francisco

  • @VMPort said: Im still a bit confused to this as well, i thought the whole of SolusVM was encrypted, so how did you modify it without breaking there TOS?

    He didn't, he built Stallion from scratch. Building your own software with the same functionality as other software is not copyright violation (yet).

    Although their TOS forbids any kind of modification, which probably includes templates too.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Daniel said: I also heard that the SolusVM /admincp was left on Stallion and could be accessed till it was moved.

    The admin login uses their skin as the admin side is not a priority at all for us. It works but has lots of stuff that still needs to be ganked since I never coded it.

    @VMPort said: @Francisco

    Im still a bit confused to this as well, i thought the whole of SolusVM was encrypted, so how did you modify it without breaking there TOS?

    I must mention that i have absolutely no PHP coding skills (Basic stuff aside)

    Right, which is my point :) There are sites that claim they can decode it (many claim to have decoded WHMCS), but I doubt it. Back in February I had to spend the better part of a night using include() tricks to try to find out what their lockout variable was.

    @vedran said: - You don't want to say it out loud since you have no evidence SolusVM is behind this.

    Makes perfect sense.

    All SolusVM did was get upset at us (again) and logged in to check the panel. The person that did the calls were reported to the cops as we were able to trace the IP back.

    Francisco

  • Ash_HawkridgeAsh_Hawkridge Member
    edited February 2012

    @vedran

    But if it was built from scratch then why would it be based around SolusVM's folders/file names and theme?

    I'm not accusing Francisco of anything questionable, just struggling to understand this properly.

  • @VMport

    Ioncube encoding can be decoded in about two seconds.

  • @subigo

    Yes im quite aware of that, im asking if that's what has happened and if so, its breaking the TOS of the software.

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited February 2012

    @VMPort said: But if it was built from scratch then why would it be based around SolusVM's folders/file names and theme?

    I'm not accusing Francisco of anything questionable, just struggling to understand this properly.

    To make it easier for me to develop as I went along. After they suspended us in February I started working on the pages slowly and got public testing on the hunks I could. When we did the full roll out there was some major bugs on my part and I botched our bandwidth accounting and was forced to reset everyone early - woops :P

    The skin is still used and was honestly to save time. I was the only developer on stallion up until it released. Aldryic joins in on some of it, along side Nikki, but not all that often as they're both preoccupied with other things.

    Reusing the solusvm names simply saved me time. Maybe that 'time' would have been a few days only, but considering we had the complete move & build out going on at the same time, everything helped :)

    Francisco

  • @VMPort

    I'm just saying that's the most likely case.

    @Francisco

    Come on, if you have the skills to code a virtualization panel from scratch, you definitely know that Ioncube can easily be decoded these days. I'd say 90% of any Ioncube encoded script can be decoded with the latest decoding tools.

  • @Francisco

    Thank you for the explanation, its making a bit more sense to me now :P

    I much prefer there older skin anyway, i cant stand the new one. I was pissed when i found out the old theme couldn't be used any more.

Sign In or Register to comment.