Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPMI vulnerability wipes out 8 systems in LA URPad/RootTechnology
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPMI vulnerability wipes out 8 systems in LA URPad/RootTechnology

Just been told the root cause of a long outage.

Quote ... "Vulnerability with IPMI on our LA systems, as a result of this vulnerability 8 systems were wiped which caused our website to go down as well as many VPS."

How many other providers out there are vulnerable?...

Comments

  • wychwych Member

    Source?

  • @wych said:
    Source?

    RFO mail.

  • epaslvepaslv Member

    @wych - straight from the horses mouth! emailed from [email protected]

  • KrisKris Member

    You most likely are already aware of the current issues with URPad.net and its services. If you aren't then congratulations on avoiding service disruption.

    We have, unfortunately, been targeted with an attack. Specifically a vulnerability with IPMI on our LA systems, as a result of this vulnerability 8 systems were wiped which caused our website to go down as well as many VPS'. Rest assured that no data has been stolen.

    We were aware of the vulnerability and we took recommended action to temporarily block it until there was an update for the firmware. However this wasn't enough and a person was able to get into the IPMI access panel and reset our systems. We managed to catch it while it was happening and completely locked all our systems to prevent any further damage.

    Backups of your VPS' are being loaded as we type so your data is not lost forever. But due to the extent of the damages it has resulted in multiple days of restoring. At this current point in time, we are restoring "LAB4". Once it is fully restored we will be moving onto the next system and so on.

    Time frames are difficult at this point because the damages are so severe, we have to restore multiple hundred VPS'. An estimate for every single system to be restored is going to be 2-3 days. We should be able to give a closer estimate on your service uptime if you contact support.

    For those affected by this we will provide compensation in the form of 2 extra weeks on your service. Please contact support to arrange this.

  • So... why did nobody head my warning and patching explanation thread?

  • KrisKris Member
    edited June 2014

    So... why did nobody head my warning and patching explanation thread?

    heed*

    https://www.google.com/search?q=heed&oq=heed&;

    Second, you posted an hour or two after the Hosting Sec List did, and they posted 12 or so hours after it was already known.

    Surprisingly enough, LowEndTalk isn't the 'go to' for security updates for sys admins.

  • @Kris said:
    Surprisingly enough, LowEndTalk isn't the 'go to' for security updates for sys admins.

    Of course not, I simply provided actual "how to fix" on top of the original release, I don't claim to be the first to report.

  • @GoodHosting said:
    So... why did nobody head my warning and patching explanation thread?

    i test my servers and none where accesible, so thanks for your thread =)

  • geekalotgeekalot Member
    edited June 2014

    It appears this affected SemoWeb as well (not sure if they are under the same umbrella company), based on an email they sent out today.

  • MicrolinuxMicrolinux Member
    edited June 2014

    Jesus Christ, did these geniuses have their IPMI interfaces on public IPs?

  • LeeLee Veteran

    @Microlinux said:
    Jesus Christ, did these geniuses have their IPMI interfaces on public IPs?

    It would certainly appear so.

  • MicrolinuxMicrolinux Member
    edited June 2014

    @W1V_Lee said:
    It would certainly appear so.

    I'm hoping against hope their system admins are not that grossly incompetent and someone got access to a VPN or something . . .

    If they did use public IPs, I would advise anyone with services with them to run and run as fast as you can . . . I can only imagine what sort of other utterly stupid system and network management practices they embrace . . .

  • LeeLee Veteran

    No idea to be honest I stopped using them a while ago. I am sure that Randal is no longer with them and he seemed at least the most competent.

  • jarjar Patron Provider, Top Host, Veteran

    Well props to them for honesty at least. Those willing to admit their mistakes are far more likely to learn from them in my experience.

    Thanked by 2Lee Mark_R
  • CoreyCorey Member

    @Jar said:
    Well props to them for honesty at least. Those willing to admit their mistakes are far more likely to learn from them in my experience.

    You're always so optimistic :)

    Thanked by 1jar
  • kyakykyaky Member
    edited June 2014

    stopped using them after 1 week purchase half year ago.

Sign In or Register to comment.