New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SSH Signature on my LEB changed, no networking
Hi all,
I'm wondering if anyone's seen this before and might know what it is. I have a LEB from one of the providers on lowendbox.com. Here's what happening shortly after getting the box:
- The website it's hosting goes down
- I SSH in to see what's happened but the SSH signature has changed (Putty warns)
- I use the serial console to get in. From the console I check the signature, indeed the signature when SSHing in is not what it should be
- From the console I have no networking out (GET google.com just hangs)
- I can shut the VM down and yet it still responds to pings (and SSH)
Really weird. Any ideas what could be going on here?
Thanks!
Comments
You've been hacked, bro.
^ that or your ip is assigned to two accounts..
Did you bother to raise a ticket before posting here?
Or you are just not using the correct IP (IP of your VPS)
Probably the IP somehow got assigned to a different VM. Ticket your provider.
Thanks guys.
I think the dual IP assignation is more likely. Yeah I posted a ticket but they ran a SolusVM networking script and rebooted the VPS, which fixed things initially. Now, however, rebooting the VPS doesn't fix it. As I mentioned I can have the VM totally shut down and still SSH over (and get the signature warning).
I will ticket them again with this further info!
Please state the providers name so the rest of us can avoid it.
Sometimes when OpenVZ node has high load, solusvm does not do stuff such as delete container or IP properly, so sometimes you get an IP that someone else is using
@varwww it's ****. I'm still waiting on a reply to the ticket.
I'll let you know what happens
There is no point shaming a provider, they might not even be aware the IP is being used by more than 1 container.
@Ishaq OK, well let's wait and see what happens and I'll give the full report. I removed their name in the meantime
Not sure if funny or sad.
If it is OpenVZ it is 99% likely that the same IP has been assigned to 2 containers, if Xen/KVM they dont have ebtables running and someone is spoofing your IP probably.
Indeed, this was a mess created on our end.
The IP assigned to the OP's VPS appears to have still been attached to another VPS (not fully removed).
In other words, while SolusVM showed it as removed, it wasn't completely removed as we did not correctly restart the networking / VPS itself. As a result, the IP was still assigned to that VPS, even though it was not really in use.
Anyways, to prevent this issue in the future, I will follow up with each IP address change / ticket to ensure everything is properly done. I have also compensated the OP for the whole mess which should not have happened in the first place.
Hi,
Just to follow up - the host fixed the problem which was indeed a dual IP assignment. It seems to have been a uncommon situation. Pros and cons of this experience with the host:
Cons
Pros
Overall, this seems to be a one off that they were unable to diagnose initially because they'd never seen it before. All dealings with them were excellent, if a little slow.
I'd still recommend them overall. (You can find out the host by stalking @Coastercraze ;-)
@d60eba Just tell the name seriously
It makes no difference, this can happen to any host using solusvm or virtualizor, they both leave behind 'ghost' VM's on occasion I have been writing about this for 2 years and still find them from time to time myself.
It happens when the terminate takes to long or the LVM is busy, there is no validation so it gets removed from the solusvm/virtualisor database but the VPS itself is left behind as a relic.
I've only had this happen once for me, and it was taken care of in 5 minutes by support. The explanation they gave was the same as given by AnthonySmith.
Would I be correct in guessing this was Host Mist?
If I were running a provider and absolutely had to use software that was prone to doing this, you can be sure I'd set up a cron job to watch for duplicate assignments.
Yes.
IPs are in a pool
IP was assigned to a KVM based VPS previously. User requested to remove IPs and we did, but we did not reboot their VPS, so that IP was still there.
OP's VPS is an OpenVZ VPS (different server). That IP was automatically assigned upon creation.
Anyways, it's fixed now. I've made appropriate policy changes to ensure it doesn't happen again.