New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You are thick as pea soup. My data has been restored.
Lack of transparency was the key here to all customers affected, and apparently repairmen did not know about this until two members posted. Or they just lied to everyone in message 24 hours later.
The edit was adding another sentence where you were sad I responded to you after 3 or 4 posts making fun of me. I will send you tiny violin, but may take a few weeks.
haha. Looks like your VPS (not the host) got ransomwared and you have no idea how it happened.
nope not at all, not sad at all.
Maybe lay off the personal attacks - they're not working.
so, were they ransomed?
--
--
Hypocritical piece of shit you are, just let GreenCloud reply when they have figured out. They do not need you, oh dear white knight.
Yeah, guest was but somehow thinks the host was. lol now jumping up and down for some reason
Yes! That was my reason of this post, no one made one yet - but entire customers wiped out in SJC。
Ladyboy? Is this Google translate? What crack is Google on?
Also wonder if virtfusion backup would help in this case. Backups aren't off-site right?
You realize I was the second one to post about this? You really are thick and rude.
I suppose it depends what level the "ransomware" had infected. If inside a guest VPS then the virtfusion backup would restore without issue.
All my VPSes are running without ransomware.
Can't be said about other's.
ITT: uneducated GC shill who doesn't realize their entire node was ransomwared. Check other thread hot shot - not just me, but thanks for laughing at such.
Enjoy your 11th Birthday Server, and hopefully karma comes fast
Doesn't look too good for the provider. Also remember, this is a provider that demands ID proof for KYC and whatnot.
Even racknerd has better incident report if a service is down. But greencloud status page shows 100% running.
not a good thing, but gcvps has acknowledged this mistake and will rectify it.
I'm not sure what else can be done here. no business will happily admit they were attacked. IYKYK.
Will this cause any harm to my data if my VM is encrypted with LUKS from the beginning? I guess not, and it was a right move now that I think of the sweat I've been through.
Not sure if related but one of my GC node is disconnecting frequently, causing instability for the rest of cluster.
Please someone keep us updated with e-mails. I've personally would like to know if this gonna be fully disclosed or not to uhmm update my forum footer :-D
which location?
Uptime status is one thing, and proper breach disclosure is another thing, but the latter is more important.
I'm very interested to know how this even happened.
Unsecured IPMI in the wild... You're asking to be breached.
Sai Gon, Vietnam
I'll temporarily remove all GC locations just to be sure.
I have 2 Greencloud 3-year instances, 1 4-7 in HCM and 1 6-11 in HN, the uptime is 100% since I install hetrix tools (last week), when does you get into disconnection?
Imgur
If nodes are compromised and data in individual VMs is encrypted, it’s safe to assume all your backups and any files you downloaded are infected as well, so have fun.
Since 1/10, the gaps between disconnects got more frequent until it's every few hours. Logs shown that it got disconnect then when came backup it tried to change the MTU. Somehow that's made some (not all) Proxmox nodes restart. I'm not an expert so I just shut it down and it been stable for the last few days.
There probably some settings I can change to prevent the issue but I need more time to look into it.
It's also safe to assume that everything else is either infected or has the same security holes and is only a matter of time until those get breached including the specific vector that was used to get in, if this hasn't been secured already (internally and externally).
Gonna need more than popcorn... Gonna need a few good cold ones.
Thank you for your info, I will try to look into my logs and my uptime history to see if there's something similar happened in my instances.
There was a node issue back in September 2023 for NL storage. Makes me wonder if it was the same issue.
Reminded me of this Fortigate explot I read about.
Critical 0day going around to get into networks and the vendor isn't speaking.
If this is really the case, probably was admin/admin on IPMI, even if internal
Anyway, this is why you should run luks on your VMs.
Just because it's KVM, etc. doesn't mean your host can't easily mount (or encrypt) your data.