# SonicVPS hacked or just fucked up badly?



## RiotSecurity (Nov 10, 2013)

Went to sonicvps.com and the whole site is empty.


----------



## drmike (Nov 10, 2013)

Somebody hosed something



> Index of /
> sites/
> Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at sonicvps.com Port 80


Same output on www.sonicvps.com and sonicvps.com.


----------



## RiotSecurity (Nov 10, 2013)

So they got hacked then.


----------



## RiotSecurity (Nov 10, 2013)

@drmike

hostguard.net - so yeah they got hacked.

HostGuard is sonicvps' project.


----------



## drmike (Nov 10, 2013)

Hostguard.net doesn't seem to load at all from here.


----------



## RiotSecurity (Nov 10, 2013)

drmike said:


> Hostguard.net doesn't seem to load at all from here.


Unusual, it loads for me.


----------



## drmike (Nov 10, 2013)

RiotSecurity said:


> Unusual, it loads for me.


Nifty it loads now, and it says:



> Yo bro, you just got fucking owned.


----------



## SonicVPS (Nov 10, 2013)

Already on to it guys.

Cheers for the heads up.

It's obviously a targeted attack as they only targeted some sites specifically.


----------



## SonicVPS (Nov 11, 2013)

Okay just an update.

We've determined exactly what has happened. Luckily, it was limited to the websites only because it was an ex-developer who had caused this. Long story short, we sponsored them in return for minimal dev work on some static pages just to show there was a mutual trust. I'm not exactly surprised there are people out there like this, where you extend a hand to help someone in need and they go and do this, but it's still upsetting none the less.

Websites will remain indefinitely down for now as we're obviously not going to fire up the server in its current (cleaned up) state publicly.

As mentioned, sites affected were only static HTML as well. That's not to excuse this as we do take security very seriously.

Any other details will be released to clients only as it's only relevant to them, so if you're a client, check your email.


----------



## texteditor (Nov 11, 2013)

drmike said:


> Nifty it loads now, and it says:
> 
> 
> 
> > Yo bro, you just got fucking owned.


*fistbumps hacker bros*

*cranks up the skrillex*

*slams a jaegerbomb*

*defaces another website*


----------



## RiotSecurity (Nov 11, 2013)

SonicVPS said:


> Okay just an update.
> 
> We've determined exactly what has happened. Luckily, it was limited to the websites only because it was an ex-developer who had caused this. Long story short, we sponsored them in return for minimal dev work on some static pages just to show there was a mutual trust. I'm not exactly surprised there are people out there like this, where you extend a hand to help someone in need and they go and do this, but it's still upsetting none the less.
> 
> ...


You're looking in the wrong direction.


----------



## RiotSecurity (Nov 11, 2013)

texteditor said:


> *fistbumps hacker bros*
> 
> *cranks up the skrillex*
> 
> ...


Alright, now that was funny. +1


----------



## MannDude (Nov 11, 2013)

RiotSecurity said:


> You're looking in the wrong direction.


Sounds like you're behind this and have some sort of grudge going on... with that said, why are you so interested?

This isn't HackForums. No one is going to pat you on the back here.


----------



## drmike (Nov 11, 2013)

Riot, do you have some link to SonicVPS?  In re:

"... it was an ex-developer who had caused this. Long story short, we sponsored them in return for minimal dev work on some static pages just to show there was a mutual trust."


----------



## RiotSecurity (Nov 11, 2013)

Yes, I do have a link to SonicVPS. No I didn't do it, and of course this isn't hackforums.

I didn't do any of the attacking / defacing / rm -rfing. It doesn't mean I don't know whom did.


----------



## SonicVPS (Nov 11, 2013)

Hi guys,

I would prefer if we didn't entertain the idea and speculate who did what etc.

To confirm, we have identified the issue with the developer involved and it was their system that was compromised.

It's not my role to name and shame either, that developer is dealing with it and their clients in their own right.

I'm not going to go on a witch either and will be dealing with this privately. I.E moving on.


----------

