New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
So you are saying that you have a working PoC for the security hole that has been verified against a fresh SolusVM install?
Not an excuse, but I can bet a lot this is what happened.
You would lose.
At least you admit that you also lost the backups 3 weeks ago.
I logged in specifically BECAUSE I received the email that you managed to lose the backups last month (on the 10th). Although there is no doubt I double checked and this is clear because I have login notifications and both your "backups lost email" and "log-in notification" are in my inbox, in this order with plenty of time in between (and I log in very very rarely).
So backup was done after the email about losing the backups. I checked and I have logs showing the backup was completed. However now the backup is unavailable and impossible to recover. As is the VPS itself.
Whatever happened it is unknown to me. Whether you lost the backup during the last days together with the hack, or you didn't have the system properly running when the email (about backups lost, please make new backups) was sent or some backups were lost between 10th and this week really doesn't matter now. Point is: you had multiple failures and all these statements about backups and knowledge base mean nothing, in fact customers are worse off using the backup you offer because they think there is some safety offered when in fact there is none. Just simply state the facts right that we're on our own and that's the end of it.
I continue to be amazed at what complexity a vanilla Debian 6 x64 install is on ChicagoVPS.
The image installed is bloated. 44MB consumed at boot time.
locales package not installed in the bloat image by default, even though everyone needs to go config that at setup.
And another point of concern perhaps.
In Solus control panel, the API key and hash is autocreated and enabled by default.
Is this typical with other providers?
@pubcrawler Debian works perfect for me.
Strange install to say the least.
I should do a video screen capture to drive the points home. Minor stuff, but clearly a goofball image that stands to trip up newer users.
Where do these images folks all use come from anyways? Need to see what else is available via such to recommend more sanity to some providers.
Couple friends of mine used the central backup but are being told that no backups anyways as you had to replace the backup node. That was a reply from Mr Ayotte.
So even people who took the time to use the central backup are SOL.
Oh, so your vps was hacked because of you used a hacked OS Templates?
@soluslabs
any update? Is we're using a insecure solusvm?
@DewlanceVPS You're an idiot. Not even your AutoBoot will save you now.
So far, I am amazed by the way chris and Jeremiah handled this situation. Bravo guys! And yes, this is not sarcasm. I am being honest.
@Dewlancevps hacked what? WTF!
A couple of things, First I know @CVPS_Chris was a jerk before, but give him a break. If you have nothing critical to say then shut up. I have already it 20 times over, and it isn't adding to the conversation. Technically what ever you are doing should have multiple backups that you define as necessary. Amazon s3 maybe? However, I will admit I have seen a change in chris's behavior over the past few days, as otherwise I wouldn't still be with the company.
@pubcrawler That debian issue isn't limited to CVPS, rather I have the issue on many many hosts, but I haven't run into any issues. I will note that yes it is bloated and would love a minimal install such as just debian, ssh, and nano. I can install the rest with apt-get install.
@DewlanceVPS Now your just being stupid, if you know anything about Most vps providers providing debian at this point that issue with the apt-get update is there, and no it isn't hacked. It is more likely to do with something @soluslabs.
Though I will admit this accident would not have been good for me, if I hadn't moved all critical databases off about a month ago to intovps.com because of the stability of my node in the first place.
On the bright side, now that everything is gone it runs like a champ....
That's true, probably mostly everything is idle with people who don't know their box is down, people who can't be buggered to restore everything over the weekend or people who moved off to better providers (which right now as I said is basically anybody else who isn't in panic mode and as long as they didn't lose your data three times over the last 3 weeks).
It isn't so much that is why I am still with the company, rather the things that I run are applications and losing them is just one reinstall away, so really doesn't kill me. On the other hand my website and stats databases, that would really suck to lose.
My boxes always worked very good, I dont know why you complain.
Will try central backups btw
@netomx The issue was a process that takes 20 minutes on one servers takes over 240 minutes on CVPS. Please don't say I have no right to complain and if you want the full story just pm and I will send you the link.
No thank you. I got 3 with him on different nodes... maybe the node had an abuser?
Already Checked with CVPS months ago and no.
Weird. Anyways, u have good stories. No downtimes so far, speed good and speed excelent.
@netomx, is the backups still there for you?=-O
@Mun
what type of issue with solusvm?
what type of issue with solusvm?
Nothing to do with solusvm. Something to do with performance.
@DewlaneVPS can you read?
Yep, @Mun, I've seen the VPS performance issue with CVPS too. Stopped running anything CPU intensive, including MySQL on there.
In all fairness, issue has been hit or miss. Performance seems to come and go. Who knows why -- abuse? oversubscribed? Resource sharing settings? I just quit trying since time is valuable and the more I monitor and babysit the VPS, the more I frown.
I'm mixed on CVPS at this point. Didn't like the attitude and some of what I've seen poking other providers. Backups were umm, yeah, useless. So it's a question of how worth it is a $7 2GB VPS without the CPU performance to fulfill my needs. Makes the issue of 2GB rather unimportant sort of.
Yeah I have backups
Pain in the arse though since the backups have backups and other copies just in case. Expensive endeavor that probably is better served with a dedicated server instead. Bet other folks are on the same treadmill 
@pubcrawler Fully agree, who knows what the full context, and the more I think of it Jeremiah may have been giving me the answer all along, maybe in a rude context, but yet the same that he knew what the issue with the slow servers were, but could do nothing about it. This attack has rattled some nuts and bolts loose that help show what really CVPS is all about. These things I will probably compile into one post, but yet the same. The more and more I have looked the more and more I understand why I have the issues that I do.
In any context, I think the reason why there has been no response to @soluslabs is something of internal issues at cvps and nothing fully due to the fact that they don't want it getting published to the world.
To continue my statement from earlier I would not be so happy this week if it wasn't for the fact that I really was really lucky and had a moment of anger to push my main database off of cvps. Fuller context: http://www.didyoutryrestartingit.com/index.php/an-offsite-database-best-locations/
Jeremiah is She, not He ;-)
Not sure if your serious but Jeremiah is not a she (despite the stock picture of NWNX site)
You have great information. Where did you find this out?
http://nwnx.net/The-Team.html
If we assume the pictures are real, jshinkle sure looks like She.
Don't blow your beverage out your nose:
Nice being housed in a fortress with a trojan horse inside.