New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
This discussion has been closed.
Comments
Go for it. If providers need a customer service guy, PM me. :P
So true. But we were all noobs once
Beautiful letter! You may be called upon at some time to do some writing for me as that was very well written in my personal opinion
+1. Please pm me your email address so I can have you on my contact list.
OK, one thing to be fair (and I am not saying I completely think what CVPS has done is perfect) is at least they are willing to force customers to change their password. I am wondering how many providers will just "let go" if similar situation happens and hope nothing will blow up in the end.
@Soylent you just earned your position a press release writer!
@Nick_A what means: iirc ??
IIRC If I Recall/Remember Correctly
IIRC Interactive Illinois Report Card
IIRC If I Read Correctly
IIRC If I Really Cared
IIRC Image and Identity Research Collective
IIRC If I Recollect Correctly
IIRC Impedance Imaging Research Center (Korea)
IIRC If It Really Counts
IIRC International Internet Recruiting Consultants, Inc.
IIRC International Inter-Society Research Committee (on Nuclear Codes and Standards)
IIRC Internet Information Research Center
IIRC Iraqi Islamic Reconciliation Conference
IIRC Immunity and Infection Research Centre
IIRC Interstate Insurance Receivership Compact
IIRC In Internet Relay Chat
IIRC Information Integrity Research Centre (UK)
IIRC International Interpretation Resource Center
IIRC International Interdisciplinary Research Colloquium
IIRC Inactive Item Review Code (US DoD)
IIRC Isn't It Really Cool
IIRC IVF & Infertilty Research Centre (Calcutta, India)
or is IRC ?
i see it on many post, but dont know what that means.
template error, examine fetch() result
whats wrong
justwanna reset my passwd
This one mostly.
When exactly is the db dated? I've seen November 2012, but what day? I joined near the end of Nov 2012
Either way, changed root etc.
CVPS isn't in the UK market?
I wasn't talking about that US company :P
Ash is a guy. Always has been always will be. Now back on topic.
@DestroyeRCo LowEndDrama / LowendProviderBullying.
INTERNETGOLD.
Well if nothing else, this clusterfuck of a thread has made me get off my arse and properly secure my containers where I'd only done the bare minimum.
Massively disappointed in ChicagoVPS apparent deception over the reason for the password resets though. I think that's me and them done for good.
Someone in public discussion at IRC said that whole Colocrossing staff (Luc, Jared S., Leo G...) had administration rights. I haven't seen database and it's not my business... - just saying.
That is how Chris Fabozzi responded to my ticket I opened in response to the email they sent me this morning. However, I knew nothing about the database leak prior to that. A google search showed me this thread.
I asked for a refund regarding their BS email. Locking customers out isn't the answer to weak passwords. Now I found out they had a DB leak, AND that they lied to me? I again, asked for a refund, and instead of responding to me they simply closed my ticket?
Unbelievable. All I want is a prorated refund. I'd like to move on, that is all.
@Jack I don't have clue.
I have been browsing LET/LEB community for a long time now without any active participation, but now the time feels right for me to join. I wish only this shouldn't have to be my first post about, but whatever. To the point, I had been a customer of CVPS in the past and stopped being one about 6+ months ago. Today I saw this thread here so these are my questions according to this event. I know that maybe my questions has been asked already, but I want to sum up some of them in order to clear the whole picture.
First of all, to make it clear I have no intention of getting the db, as far as any of you that already have it could answer my simple (?) questions. To begin with, (1)the leak is about SolusVM db or also WHMCS, because some folks previously stated that his/her credit card is in there. I know the possibility of the parallel existence of another WHMCS leak, but currently I am referring to this specific one. Also, (2)what kind of information has been compromised (as been pasted in there) so far? Some guy previously pasted some data of it, exposing username/password (solusvm), email, name, surname, info about nodes, some info about the vm itself etc. What is it true so far above all those? And one last question to the most experienced guys out there. (3) What do you suggest customers should do, because we have seen in the short past that CVPS doesn't care to share the real information about the events that evolve security issues about their company, and (4) how do you judge the extent/measure of that exposure, again customer's side concern.
Thanks in advance.
P.S. The vps that I owned was meant for a client of mine, so the customer information at WHMCS was his. As not being a customer of CVPS for 6+ months, do I really need to inform my customer about changing any passwords or generally mention this incident at all?
I might not be able to answer your other questions but notifying your customer would probably be the best policy. You know exactly how you feel about CVPS not informing you, and your customer would probably feel the same way.
Yes Corey, I think you are right. But if that leak affects only the vps information (usernames, passwords etc) I don't have a serious concern as I don't own any vps from them. That's why I need some answers right away, in order to know the extent and the danger of the info that might have been compromised.
Clarify quickly, do you want honest answers? Or just "answers"?
Let's be fair for a moment. They should have said specifically that the information within SolusVM was to be considered compromised. However, if someone wiped the VPS on the nodes via an "exploit in SolusVM" isn't it implied that SolusVM was accessed by a third party? Therefore the information contained within is compromised. They should have added that wording, but the logical conclusion should still have been that for the reader.
ChicagoVPS back end was all the work of Jeremiah who has been gone for some time. I'm not certain that much of this reflects on CVPS currently. We all know Chris is just the face of it.
I've given CVPS as much crap as anyone else here, just being honest about it.
The db shows vps information and such.
To my knowledge this would be a solusvm db.
No whmcs db has been shown (yet?)
Honest please!
Luckily, I am not on the database.
I just want to say, I am not a Colocrossing staff. Just to make it clear out there, you can even contract Colocrossing or check there website.
Naah, it's ok. I have no reason to doubt in your words. Out of curiosity - what's with those other guys allegedly listed in database with admin privileges? Are they also CHVPS stuff?
There are a thousand other things that need clarification. How about those instead?
Totally agreed. In the previous page I tried to ask some serious questions that need to be answered from the guys that already own this leak. I guess that might be a reason for some wanting the db leak themselves to check their info right away, and not depending on others. Maybe in those kind of posts that concern security issues of customers the mods should lock them down and just give a heads up, otherwise we reach 10 pages with no meaning at all.