Hostress.net (Former GVH/TacVPS) - Data loss, multiple locations at the same time.

Lee

@XFS_Duke

Stop putting yourself back into the middle of this, walk away. People know what is going on here and it does not involve you so don't try and make it.

Nekki

Lee said: People know what is going on here and it does not involve you so don't try and make it.

But I thought Duke was behind the hack?

Lee

@Nekki said:

Well if that's true, @XFS_Duke, come back, you're fucked.

Nekki

@Lee said:
Well if that's true, XFS_Duke, come back, you're fucked.

In all fairness, it's very unlikely to be true as I just made it up.

Lee

Nekki said: n all fairness, it's very unlikely to be true as I just made it up.

Really, OMG I would never have guessed. I so fell for it...

raindog308

Nekki said: But I thought Duke was behind the hack?

You are hereby granted a black belt in LowEndDrama Fu.

Nekki

@Lee said:
Really, OMG I would never have guessed. I so fell for it...

Just call me the puppet master!

Traffic

Nekki said: Just call me the puppet master!

So you hacked it using mind control!

Nekki

Traffic said: So you hacked it using mind control!

Pfff, that's for amateurs. I used mind control to make someone else hack it, then made them forget they did it. It's the perfect crime!

SNetworks1

So I just got this e-mail (No, I do not have any VPS Services with them just to say)

As you are aware on June 28th 2015 our VPS nodes had complete data loss. I am sending the final report on what surrounded the issues and the final events.

On June 28th 2015 between 12:00pm -1:15pm GMT -4:00 SolusVM started reporting VPS Nodes offline. Upon further review we realized there was data loss on these nodes. Shortly after investigating the issue we came to the conclusion that all data was lost on the nodes. We have tried to recover the data however the data was lost in a way that we could not get it back.

On June 28th 2015 Between 3:00pm – 10:00pm GMT -4:00 We started to reinstall the affected VPS Nodes and started recreating the VPS containers with a fresh install of the OS you last had installed.

On June 28th 2015 around 8:00pm GMT -4:00 I sent out an email stating Data Corruption. We were still investigating the root cause and I felt this was the best way to inform you without any facts besides the Data has been lost.

Between June 28th and July 1st 2015 we have been investigating the issue. We have had other people from the industry help us investigate the root cause on how the data loss happened. The truth is the GVH and TacVPS infrastructure had so many entry points / open exploits and without the logs we cannot come to a definitive answer on how this happened.

July 1st 2015: Today we have started taking FTP backups on ALL VPS NODES. This is free of charge to you and will happen weekly. It will take a few days for all nodes to back-up to the FTP server. We have secured all of the exploits that were on the infrastructure to ensure this type of loss does not happen in the future.

I would like to remind everyone while this did happen while you were under the care of Hostress, LLC. I only have had access to this infrastructure for a period of less than 10 days. It would be impossible for me to know exactly what was open and what was running on each individual VPS Node. I have been busy at work since day one trying to get all of these services online and working the way they should be. GVH came with a lot of issues, a lot of abused nodes, tons of servers that some people didn’t even know what they were for at the time.

I can promise you from this minute forward that as a hosting provider Hostress, LLC will do everything in its power to keep your data and information safe. We can safely say that only the VPS nodes were exposed due to issues within the infrastructure prior to receiving the servers during the purchase of the assets of GVH/TacVPS.

Anyone that wants to speak directly to me regarding these series of events can open a support ticket and ask to speak to me. Due to the massive amounts of tickets, response times to support and billing tickets are delayed at this time. Please do not bump your existing tickets as it will take longer to respond to you. Please try to refrain from opening multiple tickets at this time as this will make our support responses slower for other customers.

Thank you,

The Hostress Team

So yeah, take what you will from that.

Lee

sniff sniff, I smell bullshit. Oh there it is, in that email up there.

tdale

@Lee There isnt any bullshit in there that is the truth. The truth of the matter is @Francisco and I went over every node together and there was a list of stuff wrong with all of them. So if you think its all bullshit you can ask him. There was snmp issues, ipmi issues and probably other issues that were never addressed the entire time these nodes were online. The truth is the infrastructure was too large for me to cover every server by myself in the time i had between getting the infrastructure and this happening. So if you don't want to believe me than fine. However, Fran is my witness and he attempted to help me with it so if you want to call bullshit on him too i'd like to see it.

SNetworks1

I will say, I do think the whole "Yeah, its out company, our servers, but because another company gave them to us its not our fault" line was a bit shitty... Like if you took a service over, you're expected to at least have reviewed the security and setup of said servers before you even took them over, and made securing them, backing data up etc your first priority before sending all the "Yeah, we just took over XYZ" e-mails went out... At least then if the shit hit the fan it really would be the previous owners fault or at least you could play it off better, because right now it looks like "We're going to get bad publicity if we admit that we screwed up, so lets blame it on a company that no longer exists".

Lee

tdale said: Fran is my witness and he attempted to help me with it so if you want to call bullshit on him too i'd like to see it.

I would have no issue calling BS on @Francisco if required, grow a pair and stop hiding behind someone else.

That said if he confirms all this then that is likely to appease more people here, because let's face it, with your past lies I am not sure you know the truth.

Bruce

@SNetworks1 said:

we all guessed there was zero due dilligence done. no need to fan the flames

a-super-random-user

I'm not backing them up. But this weird shit came into my mind. After selling GVH to Hostress. Jhonny hacked the servers and wiped the data so he can start his GVH v 4 or what ever again with the old client base stating the hostress mistake.

I've nothing to do with GVH or hostress vps's. But similar thing happened here once with a startup company. They've sold the company and manipulated the data and let it to corrupt. Then they have started some shit again. Instant profit for them

Bruce

no-one will run back to nuggets as a result of this. they just won't renew at ho-stress

Lee

Bruce said: no-one will run back to nuggets as a result of this.

They will for the right deal.

Francisco

@Lee said:

m'lord,

I went through his boxes and the only box we were able to recover the partition on was of no use since someone did an rm -rf inside /vz/root/*, nuking all the data from within the ploops.

Originally i was really excited since it looked like we had recovered a box, but only once we loaded an OpenVZ kernel (originally did our repairs/testing with gparted) did we realize the ploops were empty.

The whole thing was a gongshow.

Francisco

Bruce

@Francisco said:
Francisco

hacked?

Lee

@Bruce said:
hacked?

If the door is left open, is it a hack? If the doors were left open for a while I am surprised it only just came to light in the last few days. Sounds more like someone knew the door was open.

Clusterfuck nonetheless!

Bruce

@Lee said:

you're suggesting that previous owner/employee did this?

MarkTurner

If the boxes were hacked, then you should inform the FBI and let them carry out an investigation. Your hosting provider should be able to provide flow data as well to show which IP was accessing the server's primary IP and go from there.

KwiceroLTD

@Lee said:

GVH probably put it in, then when sold exploited it.

AnthonySmith

MarkTurner said: If the boxes were hacked, then you should inform the FBI and let them carry out an investigation. Your hosting provider should be able to provide flow data as well to show which IP was accessing the server's primary IP and go from there.

@tdale You really should do this, it is willful destruction and sabotage, I find it impossible to believe that the timing of this is just a coincidence.

Francisco

@Bruce said:
hacked?

Nope? I help out lots of hosts, many of the high placing ones as well.

I'm the host your hosts all go to when they need to fix their screw ups.

Francisco

jar

@Francisco said:
I'm the host your hosts all go to when they need to fix their screw ups.

Damn straight. I'm not even ashamed of it. Knowing Francisco is better than me is step one to greatness.

Dillybob

Francisco said: I'm the host your hosts all go to when they need to fix their screw ups.

TIL - All roads lead to the Stallion.

Lee

@Bruce said:
you're suggesting that previous owner/employee did this?

This place is such a rancid pool of shit. So many people constantly looking for exploits in hosts setups and generally digging where they are not welcome. Example, I set up a limited company a while back for the purchase of a host in the UK, all private not disclosed to anyone. I got a pm on WHT and here within a week of opening it asking me what it was for? I was like WTF.

So I closed it and put it offshore, nosey fuckers. I even have to host all my personal stuff with BuyVM, dediserve and others so I can't be connected to anything I am involved in.

Anyway I digress

If those GVH nodes were so open someone would have found it before this event, yet it appears, just appears mind, that as soon as @tdale takes over they take a dive within what, a week?

I said earlier in this thread that I would not be surprised if it was a malicious event and can't totally hold @tdale to account, however proper due diligence should have been carried out.

Anyway, done with this one now.

Bruce

@Francisco said:

I'm not suggesting YOU hacked them. I'm asking you to confirm that this was hacking by someone