All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is this email from Wishosting legitimate?
Edit: I posted because didn't see any mention of their apparently compromised control panel on LET and such things are usually discussed here. If I didn't post asking about it, I assume that someone else would have.
I opened my inbox this morning to find an email from the Wishosting support address with email subject "Update to Ticket #". I have a server with them, but did not open a ticket. The email below was followed by another email update to the same ticket sent at the same time that included Control Panel login details. I used the amazing LET search function, but didn't see anything posted here, yet.
Hello,
We regret to inform you that our OpenVZ control panel has been compromised and some VMs has been deleted. Unfortunately, it is not possible to recover the data.
We are running intensive security checks to diagnose the source of the problem.
In order to compensate for your troubles, you will have another service period for free.
Sorry for the inconvenience.
Comments
Oops, I forgot to tag @exception0x876
Well are you short an OpenVZ vps? If yes it's legit, if not no.
Good point. I saw the email and panicked. Almost all of my VPS are idlers (some with data, while others have never been logged into), so I will have to dig up my login credentials from an old laptop.
It may have been best to check this before running to start a thread
@angstrom @AtlantiaCloud_Alex
I was also curious since I didn't see any mention of their compromised control panel on LET and such things are usually discussed here.
Edit: I didn't title the thread "ZOMG WISHOSTING HACKED?!" because that wouldn't have been very nice.
you tell me
Well, if true, it sounds like a serious incident. So do you have an OpenVZ service with them or not?
I do and my account shows that they extended the renewal date by one year. Maybe I should have gone with a more clickbaity thread title.
As far as I know @exception0x876 uses OpenNebula and KVM.
I've had my OpenVZ plan with them for several years. At the very least, they used to offer OpenVZ plans.
man, did they get hacked or not?
So it does sound like the mail was legitimate.
Happily, in your case, you didn't lose anything.
@tgl since my account shows that the renewal date was extended by 1 year, I would have to guess that they were.
@angstrom I still haven't found my VPS login credentials, but I hope not
maybe also their control panel was hacked and this is why it says that
The email is legimate. There is a security vulnerability in Opennebula installation that was used to compromise our OpenVZ control panel. In order to exploit it, the attacker must have a control panel account. The vulnerability affects all Opennebula versions and I've been in touch with their team about fixing it.
KVM control panel was not compromised since the hacker did not have KVM service.
Both our control panels are already patched and not exposed to this vulnerability anymore.
I won't disclose vulnerability details before the patch is released publicly.
If you go back to BF/CM 2016, he also offered a small OpenVZ plan:
https://www.lowendtalk.com/discussion/98088/wishosting-kvm-vps-linux-windows-ssd-hdd-plans
Thank you for the explanation.