Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Is this email from Wishosting legitimate?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Is this email from Wishosting legitimate?

user123user123 Member
edited November 2019 in General

Edit: I posted because didn't see any mention of their apparently compromised control panel on LET and such things are usually discussed here. If I didn't post asking about it, I assume that someone else would have.

I opened my inbox this morning to find an email from the Wishosting support address with email subject "Update to Ticket #". I have a server with them, but did not open a ticket. The email below was followed by another email update to the same ticket sent at the same time that included Control Panel login details. I used the amazing LET search function, but didn't see anything posted here, yet.

Hello,

We regret to inform you that our OpenVZ control panel has been compromised and some VMs has been deleted. Unfortunately, it is not possible to recover the data.

We are running intensive security checks to diagnose the source of the problem.

In order to compensate for your troubles, you will have another service period for free.

Sorry for the inconvenience.

Comments

  • Oops, I forgot to tag @exception0x876

  • Well are you short an OpenVZ vps? If yes it's legit, if not no.

  • @AtlantiaCloud_Alex said:
    Well are you short an OpenVZ vps? If yes it's legit, if not no.

    Good point. I saw the email and panicked. Almost all of my VPS are idlers (some with data, while others have never been logged into), so I will have to dig up my login credentials from an old laptop.

  • @user123 said:

    @AtlantiaCloud_Alex said:
    Well are you short an OpenVZ vps? If yes it's legit, if not no.

    Good point. I saw the email and panicked. Almost all of my VPS are idlers (some with data, while others have never been logged into), so I will have to dig up my login credentials from an old laptop.

    It may have been best to check this before running to start a thread

  • user123user123 Member
    edited November 2019

    @angstrom @AtlantiaCloud_Alex
    I was also curious since I didn't see any mention of their compromised control panel on LET and such things are usually discussed here.

    Edit: I didn't title the thread "ZOMG WISHOSTING HACKED?!" because that wouldn't have been very nice.

  • you tell me

  • @user123 said:
    @angstrom @AtlantiaCloud_Alex
    I was also curious since I didn't see any mention of their compromised control panel on LET and such things are usually discussed here.

    Well, if true, it sounds like a serious incident. So do you have an OpenVZ service with them or not?

  • @angstrom said:

    @user123 said:
    @angstrom @AtlantiaCloud_Alex
    I was also curious since I didn't see any mention of their compromised control panel on LET and such things are usually discussed here.

    Well, if true, it sounds like a serious incident. So do you have an OpenVZ service with them or not?

    I do and my account shows that they extended the renewal date by one year. Maybe I should have gone with a more clickbaity thread title.

  • As far as I know @exception0x876 uses OpenNebula and KVM.

  • @poisson said:
    As far as I know @exception0x876 uses OpenNebula and KVM.

    I've had my OpenVZ plan with them for several years. At the very least, they used to offer OpenVZ plans.

    Thanked by 1poisson
  • man, did they get hacked or not?

  • @user123 said:

    @angstrom said:

    @user123 said:
    @angstrom @AtlantiaCloud_Alex
    I was also curious since I didn't see any mention of their compromised control panel on LET and such things are usually discussed here.

    Well, if true, it sounds like a serious incident. So do you have an OpenVZ service with them or not?

    I do and my account shows that they extended the renewal date by one year.timate

    So it does sound like the mail was legitimate.

    Happily, in your case, you didn't lose anything.

  • @tgl since my account shows that the renewal date was extended by 1 year, I would have to guess that they were.

    @angstrom I still haven't found my VPS login credentials, but I hope not :)

  • @user123 said:
    @tgl since my account shows that the renewal date was extended by 1 year, I would have to guess that they were.

    @angstrom I still haven't found my VPS login credentials, but I hope not :)

    maybe also their control panel was hacked and this is why it says that

  • exception0x876exception0x876 Member, Host Rep, LIR

    The email is legimate. There is a security vulnerability in Opennebula installation that was used to compromise our OpenVZ control panel. In order to exploit it, the attacker must have a control panel account. The vulnerability affects all Opennebula versions and I've been in touch with their team about fixing it.

    KVM control panel was not compromised since the hacker did not have KVM service.

    Both our control panels are already patched and not exposed to this vulnerability anymore.

    I won't disclose vulnerability details before the patch is released publicly.

  • angstromangstrom Moderator
    edited November 2019

    @poisson said:
    As far as I know @exception0x876 uses OpenNebula and KVM.

    If you go back to BF/CM 2016, he also offered a small OpenVZ plan:

    https://www.lowendtalk.com/discussion/98088/wishosting-kvm-vps-linux-windows-ssd-hdd-plans

    Thanked by 1poisson
  • @exception0x876 said:
    The email is legimate. There is a security vulnerability in Opennebula installation that was used to compromise our OpenVZ control panel. In order to exploit it, the attacker must have a control panel account. The vulnerability affects all Opennebula versions and I've been in touch with their team about fixing it.

    KVM control panel was not compromised since the hacker did not have KVM service
    Both our control panels are already patched and not exposed to this vulnerability anymore.

    I won't disclose vulnerability details before the patch is released publicly.

    Thank you for the explanation.

Sign In or Register to comment.