All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
4vps.su was hacked today.
This morning I got "usual spam message" to my mailbox that was attached to 4vps.su account:
"4VPS is ceasing operations immediately due to a major security breach.
Our infrastructure has been compromised. Your data is at risk. Unknown individuals have gained unauthorized access to customer data, including passwords and payment information.
All services will be terminated.
4VPS Team".
(it was in Russian, so I translated with google translate)
I thought: "okay, again spam" but my Kemerovo vps was down.
But closer to the evening in their official Telegram Channel they publish new post:
We would like to inform you that today our website and customer billing system were subject to a hacker attack involving proxy server spoofing.
What actually happened:
The attackers managed to spoof the proxy server (proxy/caching server), causing the 4vps domain to temporarily point to an incorrect (phishing) address. The message you may have seen on the website about our servers being hacked and the entire infrastructure being deleted was posted by the attackers. This is a lie.Important:
• The main hosting infrastructure was not physically damaged. Your data is intact.
• Billing is down; we are restoring the structure and data.
• Some servers are temporarily unavailable for two reasons:
– An emergency network shutdown was performed on some servers to prevent the attack from spreading;
– On other servers, the GRUB bootloader was damaged as a result of the attack (data remained intact, only the bootloader was damaged).
We haven't yet fully scanned the entire infrastructure, so the list of affected servers may be updated as diagnostics progress.What we're doing right now:
• Active work is underway to restore billing from backups and "heal" damaged structures.
• We're restoring correct DNS routing and removing compromised proxy links.
• We're conducting a full inventory of all servers. Those with disconnected networks are being reconnected. On servers with broken GRUB, we're restoring the bootloader (data is safe, not touching).
• Servers that are currently down will be brought back up to normal operation shortly. Our engineers are already switching them back to their default management channels.What we require from you:
Remain calm. Your servers (websites, applications) will soon return to normal operation, and those that are already running remain safe.
Expect official updates. We publish all the latest information on @FourServer.
Please be vigilant. Do not click suspicious links. After restoring access, be sure to change your billing password.
We apologize for any inconvenience. We will do everything possible to minimize downtime.
Sincerely,
4vps Administration
Source (in Russian): https://t.me/FourServer/257
Translated RU>EN with google translate.
JFYI
Comments
Dns spoofing but grub loader corrupted? Sounds like ransomware
Yes, something is going on. VPS is down, website shows a standard DA banner saying 'Technical works'
@forest
@zGato important announcement
Fantastic! So they're deadpooling or continuing operations, which one is it?
@4VPS clarification?
And wouldn't repairing it be the 5 minute recovery solution?
Used this before, really fast CPUs for the low price (5950 and 7950 for less than $1/mo), but: Kemerovo had 30-minute network downtimes twice a week, while their f-ing Mikrotik reboots and then struggles to bring up BGP again.
Then IPv6 broke and they couldn't fix it, offered a refund instead.
And they kinda DGAF about routing, most of Russia went via Moscow.
my server also down at sametime from 4vps
My VPS in Croatia is still up and running.
But let's see how things turn out...
To me it sounds more like a competitor or disgruntled ex-employee trying to destroy their reputation plus an unprofessional attempt to actually create some havoc.
Kemerovo is back online!
mine still down (213.165.61.X)
Ah different node. Hope they will switch yours on soon.
mine kem just went up
Сколько времени потребуется на устранение проблемы? Сервер недоступен, и мы не можем получить доступ к данным. Клиент в ярости.
When will the servers in the SU region be fixed? It's been two days already, and the efficiency is so low.
Thank you for contacting LowEndSupport. Just hang out, it will be fixed asap. Oh, your waiting time has been tripled.
How long will it take to maintain 81.90.31.xxx and 37.220.86.xx? I'm very anxious, they contain a lot of data.
Naked data?
I didn't receive any such email. My 4vps server in Greece is still up.
the first message seems a hoax. planted by the attacker maybe.
4domain.su It seems that he is its website.