New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Well... with the script on the wild now, what prevents anyone of attempting to hack Virtualizor-based providers at this moment?
Honest question...
Which script exactly? And why do you believe this is an virtualizor exploit, based on what info?
Lurk moar.
Are you referring to https://pastebin.com/SrpYNVUx ?
The script that's been identified is run post-exploitation, as in it's run on the VMs after the Virtualizor instance has been hacked. But how those instances are getting hacked is still up for debate.
Virtualizor claim it's only occuring because the providers have misconfigured their environments, whereas the hackers claim they're exploiting a vulnerability in the Virtualizor panel.
At the moment only the hackers know how they're doing it, but if the exploit path becomes public then it's likely that the number of instances getting hacked will increase exponentially.
My question is why would someone store critical data on a $7/year VPS with no backups, then pay $100 to recover it, when they could have paid $100 or less for a much more reputable provider, or simply kept backups in the first place???
Very much likely indeed...
And Virtualizor didn't issue yet a public statement on the matter. Which would be important. We're not talking about one provider now, we're talking about more.
I suspect this user may have set up Vaultwarden on it without backing up.
ahahahaha omg i remember this from the last time
Could you DM me your servers IP? Also you could try once more, we did a few optimizations to handle the mass re-builds coming in.
The script does not contain any exploits. The script is only functional on a system that has already been exploited. In other words, the script is the payload, the malicious code that was run after the system was exploited, however that occurred.
The script is also AI slop that anyone with two neurons could write better.
Long time cloudcone user here too. I’ve received no TI nothing from them other than in my ticket I opened. I’ve had to move on. My customers have been going crazy. Luckily I’ve had backups.
Reinstall stucks even it appears the banner, then 404. You guys are fraud.
Some people keep insisting that users shouldn't expect much from customer support just because they're using a $7/year VPS.
Come on, business is business. Users purchased a product, and the VPS provider can't even deliver the most basic service support?
What they should do:
1. Promptly email customers when unexpected machine downtime occurs.
2. If the service provider confirms no backups are available for recovery, immediately inform users about the current situation.
But what users actually get is:
1. Official downtime announcements that lag behind the actual occurrence of the incident.
2. The vast majority of users still haven't received any notification emails.
3. Even after all this time, there's been no effort to retain customers by offering immediately usable machines.
Unfortunately, I'm one of them. I bought four VPS servers from them, each costing over $15.
Fortunately, I maintained local backups.
I promptly visited the official website and forums to understand the situation, swiftly migrating services to another VPS provider using my backups.
To date, I've received no official email, seen no alerts on the homepage or VPS control panel, and encountered no compensation plan—only the forced shutdown of all my VPS instances. But I've learned my lesson. I need nothing more from CloudCone. Goodbye.
For the unlucky souls who didn't even know where to look for information, they still have no idea what happened. There's no warning on the homepage, no warning in the personal panel, and the machines are just unexpectedly shut down.
** With this kind of customer service attitude, they can't handle even the smallest business.**
waste my mony and waste my time, fk cloudcone
Absolutely. If the data is gone, just give people new machines so they can set things up again. Otherwise, they need to get a new machine from some other provider.
We understand your frustration with regards to the incident, all updates were directed to our status page on https://status.cloudcone.com/incidents/346624 since the day of the incident
Please understand that there is no exploit in Virtualizor software. Its false information and there is no exploit.
Even providers that don’t have the best reputation will compensate you for downtime if you ask
@vitualizor can you clear up for us whether your support system was breached once or twice? And when did the last breach occur?
@Cloudcone can you confirm for us when you last rotated your passwords and whether you had IP whitelisting for your instance and 2FA enabled?
Got my email above from CloudCone. Seems mine are in the 10% that aren’t ready to go. No mention of a credit whatsoever for this whole fiasco. I understand they’re cheap vps plans, but this isn’t a minor incident either.
@Cloudcone How can I reinstall my OS and access it without allowing me to reset my root password and/or VNC access?
Hmm.. what happens?
… however, there’s a root shell in Virtualizor software that is protected merely by a password (not private keys or 2FA) and does not generate an audit trail.
Interesting, where did you get that contact?
Yes, I don't think you should store anything sensitive or valuable on these cheap VPS providers. Comparing with the risk of losing data, I am more concerned about the data leak, i.e., this case, or even worse, technically, they can also access the data in your VPS as well.
It's in the message that gets displayed when the machine is booted.
@virtualizor sent out an email to their customers claiming that their support system was hacked and passwords were stolen...which they say explains how @Cloudcone and others got hacked.
The hackers seem to have been confused by your message and replied to you about the email from Virtualizor instead.
Theit confusion probably comes from the fact they didn't steal any data from CloudCone, they only encrypted it, so they assumed you meant the data allegedly stolen from Virtualizor.
3 copies of your data, on 2 different types of media, with 1 copy offsite
sorry for your loss, not trying to pour salt here, but help with the future
Day 5: I have three DC2 VPS instances. One was barely usable after a system reinstallation, while the other two couldn't be reinstalled at all and remained offline. I tried reinstalling them multiple times, but there was no progress whatsoever. When all data is lost and even a simple OS reinstallation becomes such a painful process, it really ruins the mood.