New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Cloud Cone: bad vibes only!
And if that password is weak enough or reused anywhere else... boom.
That feature should probably be discontinued, Virtualizor is the only remaining VPS control panel where a terminal exists, afaik.
Day 5.5: my 2 vps system reinstallation still not complete.
CloudCone system reinstallation process is one of the most terrible I've encountered among all the service providers I've used.
Did you open a ticket? Most likely something is broken. I doubt this is the norm.
I submitted support ticket asking for their help, see if they can process it manually to speed things up...but they told me to reinstall the system through the control panel, and then they quickly closed my ticket. Period.
We have posted this since yesterday :
https://www.virtualizor.com/blog/security-update-transparency-regarding-a-recent-support-ticket-incident/
The above should clarify things.
So that's all your fault.
No it isn't?
If those are the facts, the affected providers were highly irresponsible, independent of the fact that Virtualizor got compromised.
Virtualizor requested passwords from their customers, retained them for a year and then [allegedly] lost them in a hack....but it's the providers who trusted them that were "highly irresponsible" 🤔
Of course they were irresponsible. They should have rotated any credentials shared with a third party as soon as they are not required anymore, it is basic security hygiene. Independent of the also very irresponsible actions of their vendor, which nobody is disputing.
Its their tool, they should do it better. In example, an automatic revoke of credentials after 24h. The admin could handle that, but the programmers not doing 100% security handling.
I mean they both can be irresponsible.
Exactly what I was going to say.
If you have two parties and both do due diligence, stuff like this never happens.
If one party is irresponsible, stuff might happen eventually.
If both parties are irresponsible, shit will happen!
The providers should have rotated the credentials and Virtualizor should not have saved them. Two idiots, and inevitably shit happened.
That's fair comment, but I don't believe Virtualizor identified a breach and proved that it led to follow-on hacks within the ~36 hours it took for them to shift from "nothing to see here" to emailing that statement anyway.
Given the complexity of the alleged hack they suffered, and the number of customers known to be affected, it doesn't seem plausible that they'd have a definitive answer that quickly...but it sure is a convenient way to shutdown the discussion! 🤷♀️
Yeah, think back to the Ouiheberg incident. They hadn't received any logs or access to the affected systems, but somehow declared it was definitively nothing to do with them within only a couple of hours.
Well, some of the providers that have been hacked have stopped using chat software like tawk.to, Zoho, etc. on their websites. Totally random, right.
And one of the times Virtualizor was hacked, it was due to a tawk.to security issue.
Why is nobody talking about that and instead just blaming the Virtualizor software?
And isn’t it natural for them to deny being hacked until there is evidence of a breach/vulnerability, when only one or a very limited number of their clients are affected?
Virtualizor has found a reason and has been open about it, but some people simply deny it blindly because it doesn’t fit their narrative. The same people seem to trust the hackers’ short chat messages more.
And why is the “security expert” who keeps insisting there is an unknown security issue in the Virtualizor software using a hacker group’s (campaign) name / method as a username?
I hope we learn something from this. Sharing credentials, PIIs pose great danger, but it also highlight how PIIs should be handled too.
It would be great if it could be decoupled, so leaked credentials doesn't leak PIIs
People are talking about Virtualizor as the source of this breach because they've admitted to being the root cause...which you say yourself further down your post...and people aren't talking about chat software getting hacked because it doesn't lead to a hypervisor breach and destroyed VMs.
I'm glad you recognised the source of the CloudHopper pseudonym though. Did you Google it in an attempt to doxx me or were you already familiar?
But as you ask, I used to have to keep up with various APT activities and that's one of my all time favourite campaigns because their approach was ruthlessly effective and they always got straight to the point.
This is an easy read on the subject if anyone else is interested 👇
https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/
Day6:2 VPS servers have been restored; one still remains unrestored.
I have been communicating with customer service for a long time, and they have been closing my work order very perfunctorily, which is a very bad experience.
I can't rebuild the system, but you say you can. When I send them the mistakes, they continue to pretend to be dead and not talk! I really didn't expect cloudcone to be so bad.
Task Progress Status
86461 VPSRestart
COMPLETE
86456 ChangingVPSPassword RUNNING
86455 FstrimHandle
PENDING
86454 ChangingDNSNameserver RUNNING
86452 EditVPSCallback
COMPLETE
And it just keeps getting stuck on this task.
Who?
Never trust any cheap VPS providers, > @DKAlexander said:
Same here, they don't directly answer my question, instead they repeat your VPS needs reinstalling, you can reinstall your VPS now... as if this is the only text in their pasteboard
Hello there, how to restore the VPS? Keep reinstalling from time to time or just waiting 4-6 hours after clieck the reinstall button? thanks.
There's no special method; you just reinstall it through the Control Panel.
Don't know what happened, they removed the Debian installation option.
interesting.
wow rude
Templates suck anyway. Just go to https://debian.org, copy the URL for the netboot ISO from the homepage, and boot into that.
That is likely just on the affected servers which were impacted by Virtualizor's hack. Other servers still have Debian as an option. In my client area I still see Debian available for reinstall (rebuild).
Got a message from that dumb "hacker" telegram bot lol