New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS hacked, bunch of VPS customers offline
This discussion has been closed.
Comments
Kind Regards,
As I said before, let Shinkle take care of it since he actually knows what happens.
WHAT?
He was write!
Immagine that.
@JoePie91 Thanks..
I don't see the need for harsh comments that Chris is currently receiving. He's got his priorities right in putting his customers first. He has no obligation whatsoever to inform anything to anyone except his clients and I am sure those can contact him through appropriate support channels. And the "conspiracy theories" that people are speculating are seriously ludicrous, "cover up", seriously? What's there to cover up? The people's reactions to this issue are just ridiculous, and I personally think Chris is doing the right thing by focusing on his clients first and dealing with solus later. Solus is not going anywhere anytime soon, his clients might if this is not handled promptly. No offense to anyone, just my 2 cents. Best of luck to @CVPS_Chris & team.
Got couple of question, why other nodes weren't affected assuming they have a single solus master and this is a "solus" hack. Also what does lighttpd has to do with admin login? Also if someone or something accesses a node, don't the admin receives notification?
Yes.
@Taz by the sounds of it it was an API hack; so the lighttpd web server may not be restricting certain IP's etc; or some exploit to get around a .htaccess or something like that.
There's lots that can be happening; and ofcourse a notification was sent' but who says they werent locked out of their own nodes? it's not uncommon for something like that to happen; and if it was an API hack being brute forced; most likely it was told to just 'terminate' X Y Z amount of vps's following CID's from 101 -> 999.
This poses the question, is it just CVPS that has been targetted? Or has others been targetted / affected? It's worrying to think that this sort of thing is still rogue and there's no light on it as of yet.
Same here. Chris's personality is abrasive; it's his style. Not everyone is sunshine and rainbows and puppy dogs. It's the yin/yang of the universe. Just because his personality doesn't mesh with yours doesn't validate others being evil too.
If I were to hack,why should I care about number and not use wildcard? Also, afaik API infos, just like admin/clients info are stored on SQL. I am pretty sure lighty doesn't control any SQL or any such login that connects to DB. Is it something similar to linode hack web have seen last year? Also as chris mentioned another host was affected, who is that other host?
I remember when whmcs had the eval code exploit, 100s if not 1000s were affected and there were threads all over. Why aren't we seeing the same in this situation?
Is the other host EOR
AHHH NO THANKS MAKES HOMER MAD.
Well, on the other side if this happened to me I'd inform solusvm immediately. It would take what? 10 minutes to include logs and explaination? As far as I know, Chris claims that there are a lot of people behind Chicagovps, if they have the proper disaster recovery plans already setup, for sure someone would be able to spend the 10 minutes needed to inform solusvm, to fill the hole. At the end, they are still using it, this exploit can lead to another one, affecting the rest of their nodes.
How would you feel if this indeed is some exploit, beeing distributed around the hacking networks at the moment of speaking and if the next hosting provider targeted by it is exactly your host?
I have no problem with Chris's atitude really, neither do I care, however I think that somoeone from there, should have explained solusvm if a bug/exploit indeed exists, just cause it is the right thing to do, atleast in my eyes.
can anybody confirm EOR is the other host that is down.
http://www.spotvps.com/ is down?
WTF is EOR, it's the first time i hear this name.
Spotvps and comforthost is up and running from here.
Not for me LAKid.
Up to this point they have NOT contacted us about any of the so called exploit/issue they have had. We sent them an email when we were pointed to this thread. ChicagoVPS are very active on our support system so i see no reason why they wouldn't contact us via it.
I have personally checked over the API code and can't find an issue where anyone can run any functions until they have passed all the checks. This includes the ID/KEY and IPaddress (if you enabled IP checking)
There is no chance of an SQL on verification of the submitted API details because all the Active API users are retrieved from the database before the details are compared. This authentication system was introduced in early 2011.
-- Phill
comforthost is up but spotvps seems to be down now.
@soluslabs maybe its something to do with whmcs' solus module?
Does this means some one is hiding something @soluslabs ?
I have personally checked over the API code and can't find an issue where anyone can run any functions until they have passed all the checks. This includes the ID/KEY and IPaddress (if you enabled IP checking)
There is no chance of an SQL on verification of the submitted API details because all the Active API users are retrieved from the database before the details are compared. This authentication system was introduced in early 2011.
-- Phill
Thank you Phill. Just confirming what we all thought already.
SpotVPS seems fine to me.
I really can't comment until they have given us details as to what has happened. Obviously they are not obliged to tell us anything.
All i can say is the code has been checked and no exploitable bugs have been found.
grabs popcorn
M
@Nekki Ah, with I.E, it shows, with firefox, it doesn't, that's why.
Works fine for me on FireFox also, odd that it doesn't for you...