New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@CVPS_Adam Finally Adam, you are the 0day to be happily patched today. Welcome to LET
I'm sure that his customers whose VPS's are down or who could lose data care very much about him being hacked. Am I to assume that you don'tt give a fuck about end users losing their data? Is that an official NodeDeploy position or is it just yours?
omg hope they don't lose our data. i need the most recent data
Hahahahahahahahahhahahaahahahahahahaha,,,,,,, no
@jack yes I'm sure they will answer it all truthfully.... Heh
They did not loose 'your' data only you can do that.
@Liam haha nice one.
Don't even bother, these wankers won't admit nor help
It's not like CVPS had any enemies or something /sarcasm
So there will be even more vulnerable panels around?
Has anyone else noticed that the title of this thread is spelled wrong?
No, I mean, give more providers who want their own panel badly but simply suck at PHP security a chance to make some shitty vuln panel
Hey guys,
We're aware of this compromise obviously and we are all working hard to get it fixed. We won't sleep until everything is recovered. SolusVM is actively working with us to investigate as well, and we thank them for that.
Regards
Chris
Probably so it's not indexed by Google when you search for 'ChicagoVPS hacked'.
More likely that it was just a genuine mistake, he used the corect spelling in the OP anyway.
Quite true aswell.
I'm sure they'll get it sorted soon anyhow as they should have backups now. Best of luck to everyone.
Yes, we are waiting too, and while i understand cvps is more urgent, at least a short 3 lines update would help a lot with the nerves...
OT, speaking of lines, why doesnt vanila honour the CR char ?
I am not used with forums where I have to leave a line every damn paragraph.
/OT
I am wondering how many hosts are compromised already without knowing it. We know about 3 cases now solely because abusers let as know about them (erased stuff, leaked database...)
@Maounique, @Jack,
SolusLabs does not seems to be interested - they had plenty of time to comment on any of the multiple topics about the problems with their software.
Their position is simple: "Wait for the storm to pass, and then continue with the sales - they have no choice - our software is the only option as a VPS panel"
Yes, @Jack. Without stuff erased or/and database leaked we wouldn't even know about them but there could be much more hosts compromised already.
Just for those that are wondering from near the start of the thread who that "lol" guy on LEB is, the IP is in the same range as CurtisG's, and just last night he was asking to be unbanned to ask for opinions on his new VPS control panel (he already has a thread on VPSboard about it).
Food for thought.
Is that so...
Well, in that case, I am sure this is exactly what the market needs, a point of entrance for other vendors.
Many folks are so desperate they would try out and the userbase will grow, the code will improve and we will have more options at next occurence of these exploits.
We need more options and designing and using own will probably not be much better in terms of security, actually, as I said some other place, it is probably a bad idea to use own code and secure it through obscurity.
The webserver (php, db, whatever) might have an exploit and the code will leak, after that will be a kid's play.
@Evo I'd much rather have them work on their software than spending their time commenting here.
curtisg = robert = constantinous?
I doubt the PR manager has much to do with coding and figuring exploits with forensic techniques, or even if they are pointed to them.
We only need some basic info:
Did, or did not Solus Labs receive the mentioned exploits ?
Who reviewed them ?
Are they responsible for CVPS or was some other issue ?
That would be enough for now, I think. We have customers waiting to access their solus interface, may not be in such a desperate state as CVPS, but still, 3 answers by someone who can write basic english after was told what to say by some representative is not too much to ask.
He is a real person, not an excuse. His real name is Joel. He probably hasn't logged in for a while. From what I heard, some actions were taken that only he knows the full reason of. Sometimes that makes Liam's life a tiny bit more difficult because he simple can't answer some questions since he doesn't know the answer.
Sure, they have "enemies". For me personally, that still wouldn't be a reason to do something like this. I'd stay away would I have disliked CVPS.
I got this back from SolusVM
change you password as soon as possible
Did they not do a full audit before and the centralbackup exploit still got through?
This seems like something that is long overdue.