New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
So security vulnerabilities should just be ignored until they're in widespread use? How many people need to be affected before you start to care? This is a chance to prevent anyone else from experiencing the same problems as ChicagoVPS.
@NickM Why don't you ask same question to Solus?
Because they've repeatedly stated that the guys have not shared the details with them and that they're unaware of any way this could have happened as described. Not taking a side, but they've been asked and responded on this forum.
That's all you're doing, right now. Try reading, and comprehending, the entirety of people's comments before you start posting like a hysterical conspiracy theorist, @NickM.
Here's a response to the content of your post.
I'm glad that you are fully aware of the mindset of this alleged hacker. Do you know something we don't? Maybe they're letting their tracks cool down a bit and preparing new channels for the next attack. If you wanna cover your tracks like a pro and leave no similar trails each time, it's not something you can pick up and swap in an hour. You need to plan well.
We can all make random assumptions. All we know is that he has said that every other provider here should be worried. We are trusting enough to take that seriously.
And if you had thoroughly read all of my comments, @jarland, you'd know that the whole point of the thread of comments is that you need not be a hysterical fool about the issue. It will be resolved with the relevant parties - those being Chris and Solus - when it is resolved.
If you are worried, monitor your servers and take some extra precautions.
LowEndDrama
The problem with that is that without knowing what the exploit is, how can anyone take the necessary precautions? Sure, there are standard best practices that you can follow, but those don't necessarily cover everything, and again, it's impossible to know if you're protected if you don't know what the exploit is and have no way to try to run it on yourself.
What Chris conveniently failed to mention is that they are also closing tickets using just the email from the first post, I suspect (just suspect, without proof) "en masse".
While losing the data and the backups might be acceptable as something unavoidable that happened closing the support tickets with canned messages in which you (pretend to) offer help is hypocritical and unacceptable.
@NickM So Ask Solus..what's the problem, if there is problem, they will tell you so, if not, they won't.
Since you're obviously not paying attention...
@NickM Why don't you ask Solus like "Did you guys hear anything from CVPS?"
Is there any explots thru Solus Panel?
they will say one way or the other, rather than posting here about weird imagination.
c32, you obviously did not read the message then. If you need help, ASK. If the ticket stays closed then obviously that person does not want help or has moved on. We are trying to clean up the ticket desk so we know what needs to get attention and what does not.
We really are trying hard here, and hope you can see that. If you need help with something just reply to the ticket.
We are eagerly awaiting
Well believe it, because it is!
I can say that Chris is being sincere in his support this time. I have been a customer with them for more than 8 months, and i can see a significant shift in the level of support and flexibility with the customer.
This is a great start and in my experience this exactly was lacking with CVPS in the past. Losing customer data isn't a great thing, BUT it happens quite a lot in this industry and how they take this and move forward makes all the difference. The first thing is to accept what has happened and then offer quick logical solutions. The next thing is how they handle customer emotions and peculiar issues they have and offer out of the box solutions and service credits to restore faith and smile in their faces.
In my case, they have done all they can, out of their league considering their history of handling things. I see CVPS putting their best foot forward in this issue and hence I support them for their provocative approach.
I really appreciate @CVPS_Chris for his +1 approach, and sincerely hope this is not short-term redressal but something customer can expect from CVPS in the coming days.
Thanks @peppr I really appreciate it. This will stick as we believe customers should have a great experience.
I haven't look @CVPS_Chris but our VPS there is still offline.
Going to log into control panel land and see if we can start the container or not.
Believe we are on server #29...
LET isn't the ChicagoVPS Support Forum, you'll probably get faster response by submitting a ticket.
Oh I know @mojeda.
Other folks stuck in the dark should realize they aren't alone. There obviously are folks still offline and everyone hasn't been setup on new empty containers.
Just logged in and our VPS won't boot.
Well that is false, everyone has been given a new container. Please try installing a new image and see if it fixes the issue.
I'll give it a spin. Semantics
New empty container vs. new container.
Going to spin ours up now and see what happens.
So we installed new OS. Of course empty as can be
At this point, I take it folks like us are out of luck about any full restore of the VPS from backups?
If you didnt use central backup before the attack, then unfortunately yes
If you did plan on reconfiguring anything and want us to do anything for you just let us know and would be happy to help get you back on your feet.
So I just ran standard Debian x64 install. Then apt-get update and apt-get upgrade.
Pedestrian babysteps I do dozens of times a week.
Yeah, well it bombs over there:
update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... Generating /boot/grub/default file and setting the default boot entry to 0
entry not specified.
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-2.6.32-5-amd64.postinst line 799, line 2.
dpkg: error processing linux-image-2.6.32-5-amd64 (--configure):
subprocess installed post-installation script returned error exit status 128
configured to not write apport reports
Errors were encountered while processing:
linux-image-2.6.32-5-amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
So default Debian image you have is problematic. Beyond my payscale to say why
Have to run this to fix:
More bumps along the road.
If you didnt use central backup before the attack, then unfortunately yes
If you did plan on reconfiguring anything and want us to do anything for you just let us know and would be happy to help get you back on your feet.
Seems like an easy fix, Ill have Jeremiah make sure thats fixed. Thanks for the help.
You REALLY need to promote the "central backup" feature in the introductory email package.
Went and looked at all emails we received at account creation time and ZERO mention of backups. Nothing. Nada.
You might want to revisit this:
Automatic Backup's
At this time we do not automatically backup our client's VPS's. This may change in the future. If you require a backup please utilize the central backup feature from within the SolusVM control panel.
Based on what happened, you want to start doing backups by default for customers. It is a matter of pro activity and faith in provider.
This is concerning also:
Each additional backup is $5 per month. Please open a support ticket for additional backup's.
Backup's are provided as-is and are not gaurenteed.
Beyond the typo on the word guaranteed
The rest of it is vague and kind of scary.
When do central backups run? Only when the VPS is created?
Just a small detail everybody seems to forget here: central backup is gone as well
Yes, opened ticked, can't do a thing, we do everything for you, ticked closed, good bye and good luck.
I think some of you people are putting too much emphasize on the exploit issue. For all we know it was probably something much simpler, like Chris using the same password for WHMCS and his Solus account or so
when did you run your central backup? If it was more than 3 weeks. Then of course its not there because of the backup failure which we sent out an email stating that everyone run it AGAIN.
Not an excuse, but I can bet a lot this is what happened.
Wrong
Wish it was so then everyone didnt have to worry about it happening to them