Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

JungleSec Ransomware

13»

Comments

  • cmeerwcmeerw Member

    @Andreix said:

    @risharde said:
    Maybe also set a bios password so even if ipmi is compromised the attacker cannot change the boot order? Not sure if that would help since I don't provide server hosting so ignore if it doesn't.

    Not really. They only single boot in linux kernel to change root pwd.
    Would help if you encrypt the root drive.

    Presumably, they just change the boot command in grub to boot directly into /bin/bash to avoid any Linux password prompts (booting into single user mode via single will still ask for the root password, if set). So just setting a password in grub for any non-default boot menu entry would help with that (in addition to preventing booting from any other source without password entry).

    Requiring manual password entry for every reboot has, of course, practical problems.

  • NDTNNDTN Member, Patron Provider, Top Host

    @JabJab said:

    @Shakib said:
    Did anyone here manage to get response from ASRock yet?

    @NDTN did you had any responses to the same thing you reported to them earlier?

    No response from our vendor yet (Asus).

  • VoidVoid Member
    edited November 2024

    @suut said:
    cock.li :/

    They got a lot more professional email domains. Very useful for resumes. /s

  • SashkaProSashkaPro Member

    Seems that +1 host, got this mail from own.tn:

    Hi all, Unfortunately we have faced a security incident where our IPMI network was compromised due to our firewall policy being not restrictive. This has resulted in a loss of authentication and control of our server in Kazakhstan. We have already reported this to Kazakhtelekom, and as per our SLA agreement, this is looking to be investigated tomorrow formally. As this is a security incident, an investigation will take place to who and exactly how it was compromised. We cannot restore services at this time. Please allow us 1-3 days for recovery. Please be reminded data recovery may not be possible as we are unsure what damages were done by the intruder. Kind regards, OWN.TN Management

    But my kz vps works fine (for that moment)

  • CybrCybr Member

    @SashkaPro said:
    Seems that +1 host, got this mail from own.tn:

    Hi all, Unfortunately we have faced a security incident where our IPMI network was compromised due to our firewall policy being not restrictive. This has resulted in a loss of authentication and control of our server in Kazakhstan. We have already reported this to Kazakhtelekom, and as per our SLA agreement, this is looking to be investigated tomorrow formally. As this is a security incident, an investigation will take place to who and exactly how it was compromised. We cannot restore services at this time. Please allow us 1-3 days for recovery. Please be reminded data recovery may not be possible as we are unsure what damages were done by the intruder. Kind regards, OWN.TN Management

    But my kz vps works fine (for that moment)

    Lucky for me, I didn't get a email from OWN.TN, so only Kazakhstan was affected and not the location where I have a server with them. I really don't need to lose yet another server to this IPMI exploit.

  • zGatozGato Member

    @Cybr said:

    @SashkaPro said:
    Seems that +1 host, got this mail from own.tn:

    Hi all, Unfortunately we have faced a security incident where our IPMI network was compromised due to our firewall policy being not restrictive. This has resulted in a loss of authentication and control of our server in Kazakhstan. We have already reported this to Kazakhtelekom, and as per our SLA agreement, this is looking to be investigated tomorrow formally. As this is a security incident, an investigation will take place to who and exactly how it was compromised. We cannot restore services at this time. Please allow us 1-3 days for recovery. Please be reminded data recovery may not be possible as we are unsure what damages were done by the intruder. Kind regards, OWN.TN Management

    But my kz vps works fine (for that moment)

    Lucky for me, I didn't get a email from OWN.TN, so only Kazakhstan was affected and not the location where I have a server with them. I really don't need to lose yet another server to this IPMI exploit.

    Uruguay is not affected, at least for now (mine is still running)

  • zGatozGato Member

    @SashkaPro said:
    But my kz vps works fine (for that moment)

    Mine has been completely dead for hours so... back your stuff up ASAP.

  • SashkaProSashkaPro Member

    @zGato said: Mine has been completely dead for hours so... back your stuff up ASAP.

    Mine was rebooted 8 hours ago (downtime was 7 minutes, and still running).

    There is nothing to back up; there are just vpn. But thanks. We will see what will be next :)

  • SashkaProSashkaPro Member

    @SashkaPro said: Mine was rebooted 8 hours ago (downtime was 7 minutes, and still running).

    Ok, mine goes offline now

Sign In or Register to comment.