New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
This discussion has been closed.
Comments
You'll be fine as long as you aren't "winning"
Chris is pure gold
Confirmed: I am in the dump
I want to see how many VPSes they actually have, someone maybe PM or email at bronzebyte[at]gmail[dot]com
@Mun, can you PM me the dump?
I don't have the dump.
59? select COUNT(name) FROM nodes; returns 56.
@Mun you said you saw yourself.
@fisle Check your PMs.
So here is the describe of the table so you all know what info is being thrown around: CREATE TABLE clients (
clientid int(11) NOT NULL AUTO_INCREMENT,
resellerid int(11) NOT NULL DEFAULT '0',
username varchar(40) NOT NULL,
password varchar(100) NOT NULL, <-- Encrypted
emailaddress varchar(100) NOT NULL,
firstname varchar(50) NOT NULL,
lastname varchar(50) NOT NULL,
company varchar(50) NOT NULL,
level varchar(20) NOT NULL DEFAULT 'Client',
status varchar(20) NOT NULL DEFAULT 'Active',
vcode varchar(64) NOT NULL,
loginalert int(1) NOT NULL DEFAULT '1',
created int(100) NOT NULL,
lastlogin varchar(100) NOT NULL DEFAULT '0',
rsmaxvps int(11) NOT NULL DEFAULT '0',
rsmaxdisk varchar(250) NOT NULL DEFAULT '0',
rsmaxmemory varchar(200) NOT NULL DEFAULT '0',
rsmaxuser varchar(200) NOT NULL DEFAULT '0',
rsmaxipv4 varchar(200) NOT NULL DEFAULT '0',
rsmaxipv6 varchar(200) NOT NULL DEFAULT '0',
rsmaxburst varchar(200) NOT NULL DEFAULT '0',
rsnodegroup varchar(255) NOT NULL DEFAULT 'none',
rsopenvz int(1) NOT NULL DEFAULT '0',
rsxen int(1) NOT NULL DEFAULT '0',
rsxenhvm int(1) NOT NULL DEFAULT '0',
rskvm int(1) NOT NULL DEFAULT '0',
rsnodegroups text NOT NULL,
rsmaxbandwidth varchar(200) NOT NULL DEFAULT '0',
unameprefix varchar(20) NOT NULL,
mediagroups text NOT NULL,
lang varchar(30) NOT NULL DEFAULT 'English',
dnsid int(11) NOT NULL DEFAULT '0',
rsdefcpu int(6) NOT NULL DEFAULT '4',
PRIMARY KEY (clientid)
) ENGINE=MyISAM AUTO_INCREMENT=6170 DEFAULT CHARSET=latin1;
Chance you can get the specs and the typical amount of 2GB's per node?
@fisle Check your PMs.
For only mine, I didn't see the whole dump.
He isn't going to send it to someone with 36 comments if he's right minded.
Not 150? Think they posted that number on some thread...
he did in the cvps lost mind thread
I think they meant 150 (VPS's) and not 150 Active clients.
At the time of the dump I had 4.
Table vservers has 3968 rows, though.
56 in that DB.
And no, I don't feel comfortable tossing the DB around.
So passwords are just hashed without a salt? What kind of hash is it?
I can't fully determine with the info I got, but it isn't in plain text.
From the IRC HTML paste spam, some stats:
2042 clients, 2509 VMs, 35 nodes
Seems like all VM root passwords are in there, and about 35% of the solus web login password hashes are bruteforced
http://www.lowendtalk.com/discussion/comment/199748#Comment_199748
2042 clients, 2509 VMs, 35 nodes
In that db dump, the one I was shown had nothing about the root password of the server.
..... anyway you might be able to check against a said value for me?
2042 clients, 2509 VMs, 35 nodes
According to this it is 2859 clients, 3968 VMs, 56 nodes
VM data are in another table, not in the 'clients' but 'vservers'. There are hostnames, encrypted root passwords, IP addresses. I just noticed this. Woah.
Root passwords are also hashed I hope?
Also, why is solus even storing root passwords?
No, cleartext all of them. The only "encrypted"/hashed data is the solusvm web login password, which is sha1
Convenience; it attempts to re-assign the root password after it reinstalls the OS. I would really prefer that it did not; i've actually thought about linking the rootpassword column to a BLACKHOLE-powered table.
@fisle if that link is indeed from November, it very well is possible they have 150 NOW
@Damian
best practice would dictate that they are randomized on creation. Provided to the user and then subsequently not stored.
Well, true best practice would be that they're randomized, but then not provided to the user either; the user must enter their desired root pass, which never gets stored. This way it never appears in emails, etc.
Heh, might be so :-)
The root passwords are all hashed in the database OP linked. Atleast in vservers table. Am I missing something?