Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ChicagoVPS hacked
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ChicagoVPS hacked

PcJamesyPcJamesy Member
edited June 2013 in Providers

did chicagovps just get hacked

https://manage.chicagovps.net:5656/

Alt text

«13456712

Comments

  • (sarcasm) No. That's just their new control panel. (/sarcasm)

    Yes, it appears they did indeed get hacked.

  • Oh fucking hell.

  • vnetvnet Member

    Really tragic event!

  • RemiRemi Member

    Let see what happen here. in ramnode somebody get blamed. but now may chicagovps will be blamed not somebody.

  • MaouniqueMaounique Host Rep, Veteran

    Jesus !!!

    I dont think this is just the solusvm thing.
    It might be another exploit that is used against them, maybe the same as last time they were hacked.
    @soluslabs any idea about this ???

  • As far as I can tell it might have been the same one. Unless someone has a treasure chest full of SolusVM Exploits waiting to be used. In which case, HyperVM is looking pretty good right now.

  • my putty sessions died and i went to their panel and got the lolololo page

  • What's up with people these days...

  • Well, I'm sure whoever hit CVPS was just testing the exploit. You know, like Robert was on Ramnode.

  • johnjohn Member

    I find it hard to believe ChicagoVPS didn't patch their SolusVM. Chris knew of the issue and was even working together with BuyVM regarding Robert's logs.

  • Does anyone know if any customer information is in the linked DB?

  • tehsutehsu Member

    I see my info. Sad.

  • DerekDerek Member

    Like I said in the first thread, if you didn't patch it within the first hour, you were most likely already compromised. Start mass changing your passwords.

  • IvanIvan Member

    Huh, weird. I don't believe it if they haven't patched their SolusVM install.

  • ZettaZetta Member

    I see the summer season has officially arrived.

  • PcJamesyPcJamesy Member
    edited June 2013

    @ihatetonyy All client names, emails client ID's, hashed password.

    Looks like original vps root passwords, host names, IP, OS, VZ type.

  • @Remi said:
    Let see what happen here. in ramnode somebody get blamed. but now may chicagovps will be blamed not somebody.

    As I understand it ramnode was exploited almost immediately after the exploit was 'released'.

    How long has it been now, and yet CVPS is hacked?

  • All three of my servers with them are slow as balls and have high load (they don't run anything that generates load)

    This doesn't look good.

  • DomainBopDomainBop Member
    edited June 2013

    @Magiobiwan said:
    As far as I can tell it might have been the same one. Unless someone has a treasure chest full of SolusVM Exploits waiting to be used. In which case, HyperVM is looking pretty good right now.

    Actually someone might have a "treasure chest full of exploits" because earlier today on the LEB post "SolusVM Vulnerability" someone named "LOL" promised to release more Solus exploits in about 12 hours and the timing of this hacking is almost exactly 12 hours from when they posted.

    their post:

    Lol:


    Attention providers:
    In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm.
    I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored.
    They stated the vuln is “not important at this time”
    Good luck.

    June 17, 2013 @ 2:36 pm | Reply

    http://www.lowendbox.com/blog/solusvm-vulnerability/#comment-121148

    edit: their first post:

    Lol:

    Wait till you see the login vuln and admin panel vuln. Ill release those later :)

    June 17, 2013 @ 2:32 pm | Reply

  • Could be another exploit of course. Or they didn't patch it, but I find that hard to imagine.

  • @mpkossen said:
    Could be another exploit of course. Or they didn't patch it, but I find that hard to imagine.

    From IRC someone said:
    -- Dump completed on 2013-06-17 7:48:33

    Looks like the server is probably still rooted

  • Well, at least we solved the Kevin/Adam thing: http://vpsboard.com/topic/758-cvps-hacked/#entry11028

  • BlazeMuisBlazeMuis Member
    edited June 2013

    Seems like i can't access SSH, but i can access my website hosted on a VPS from CHVPS

  • @Patrick said:
    Looks like the server is probably still rooted

    That would be a nasty trick.

  • @joodle said:
    Seems like i can't access SSH, but i can access the website hosted on the VPS from CHVPS

    It took VERY DAMN LONG for me to log into mine. I advise you wait at least five minutes.

  • MaouniqueMaounique Host Rep, Veteran
    edited June 2013

    Attention providers: In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm. I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored. They stated the vuln is “not important at this time” Good luck.

    If the above is true, then soluslabs is seriously screwed.
    Any panels you know which are more secure ? :(

    We took solus down just for safety.

  • @Maounique said:
    Any panels you know which are more secure ? :(

    We took solus down just for safety.

    There is some very deep, deep irony in this statement, but HyperVM may well be more secure at this point in time.

    Also, maybe OVZ Web Panel.

    And Stallion, of course.

  • lybxlpsvlybxlpsv Member
    edited June 2013

    I'm getting "ls: cannot access filename: Input/output error"

    It seems some of the files were corrupted :(

    Better backup then turn the vps off if your vps still on, and "passwd root" doesn't work anymore

    And however before the hack centralbackup.php isn't there so it should be the other client and/or admin vuln exploit.

  • ihatetonyyihatetonyy Member
    edited June 2013

    In Chicago, not sure what node:

    -bash-4.1# ls
    Segmentation fault
    -bash-4.1# uptime
    Segmentation fault
    -bash-4.1# ls
    Segmentation fault
    -bash-4.1# ps ax
    Segmentation fault
    -bash-4.1# ls
    Segmentation fault
    -bash-4.1# uptime
    Segmentation fault
    -bash-4.1#
    
  • BradNDBradND Member

    Pulled our solus, seriously suggest everyone else does also

Sign In or Register to comment.