# SolusVM Exploit - Who got hit?



## drmike (Jun 17, 2013)

So aside from board favorite RamNode, who else fell victim to the SolusVM exploit?

Anyone noticed other low end or even high end providers that were victimized?


----------



## SeriesN (Jun 17, 2013)

Free1host or something like that?


----------



## DaringHost (Jun 17, 2013)

SeriesN said:


> Free1host or something like that?


Yeah, their name is actaully host1free: http://networkedblogs.com/MgX0Z

Other than that I haven't heard of any others.


----------



## Retry (Jun 17, 2013)

DaringHost said:


> Yeah, their name is actaully host1free: http://networkedblogs.com/MgX0Z
> 
> Other than that I haven't heard of any others.


Their parent company actually, Host1Plus, the best part is they don't even have backups, so all data is lost.


----------



## SeriesN (Jun 17, 2013)

Retry said:


> Their parent company actually, Host1Plus, the best part is they don't even have backups, so all data is lost.


FOR FREE SERVICE! They never even advertised backups.


----------



## MannDude (Jun 18, 2013)

Retry said:


> Their parent company actually, Host1Plus, the best part is they don't even have backups, so all data is lost.


Lot of lowend companies don't offer backups, at least not free.


----------



## maounique (Jun 18, 2013)

SO, in other words, not so many ?


----------



## Retry (Jun 18, 2013)

Their parent company is actually a premium provider, not even low end. They however gave 3 months of service free with full support for the damage.



MannDude said:


> Lot of lowend companies don't offer backups, at least not free.





SeriesN said:


> FOR FREE SERVICE! They never even advertised backups.


----------



## Magiobiwan (Jun 18, 2013)

They gave 3 months free service for their FREE PRODUCTS? It's... So amazing!


----------



## HalfEatenPie (Jun 18, 2013)

Magiobiwan said:


> They gave 3 months free service for their FREE PRODUCTS? It's... So amazing!


 

He means Host1Plus.  Host1Plus is the parent of Host1Free, and I believe they used the same Solus (Not too sure?) but just had Host1Plus provision servers on a different servers than those of Host1Free.  Regardless, what he meant was they gave 3 months free service to the paying customers.


----------



## MannDude (Jun 18, 2013)

Mao said:


> SO, in other words, not so many ?


Probably not in the lowend market, word traveled quickly and most providers acted faster than skids.

Either that or there were smaller providers that were hit that we don't know about yet, because their 15 clients haven't complained, or perhaps there are providers who got hit with their DBs stolen and they either don't know about it or haven't made it public yet. Any number of scenarios here.

I don't believe it was only RamNode, quite a few providers on LET was showing their log files showing people had tried and failed with them, so I am sure there is a handful out there that we just haven't heard yet where someone succeeded.

There could be someone out there sitting on hundreds of SolusVM DBs to be sold or used for god knows what. Mass hacked VMs used for giant botnets, just pure destruction of data, spam, any number of things of really.


----------



## drmike (Jun 18, 2013)

MannDude said:


> There could be someone out there sitting on hundreds of SolusVM DBs to be sold or used for god knows what. Mass hacked VMs used for giant botnets, just pure destruction of data, spam, any number of things of really.



That reminds me of the ChicagoVPS hack in November that wasn't declared in public and admitted by Chris for a good three months, well the database theft part.

The 1000 VPSes that were purged, lots noticed the day of the event.


----------



## jarland (Jun 18, 2013)

We were hit. By none other than...a pie which is half eaten. I don't know how I stack up, but the two guys I work with are pro.


----------



## mikho (Jun 18, 2013)

buffalooed said:


> That reminds me of the ChicagoVPS hack in November that wasn't declared in public and admitted by Chris for a good three months, well the database theft part.
> 
> 
> The 1000 VPSes that were purged, lots noticed the day of the event.


Perhaps the hack (db dump) wasn't known before the actual destruction of the vm's?


----------



## Magiobiwan (Jun 18, 2013)

Oh look.



I'd say we can add CVPS to the list.


----------



## drmike (Jun 18, 2013)

Deja f*cking vue!

Chris just 12 hours ago I think said Kevin (who doesn't exist) audited their logs and confirmed Robert Clarke tried hacking their Solus and that they weren't compromised..


----------



## MannDude (Jun 18, 2013)

buffalooed said:


> Deja f*cking vue!
> 
> Chris just 12 hours ago I think said Kevin (who doesn't exist) audited their logs and confirmed Robert Clarke tried hacking their Solus and that they weren't compromised..


Seriously? Where was that said? Would it of been obvious to them if they were compromised? As in, did they actually know _before_ it be made public again?

Yikes.


----------



## drmike (Jun 18, 2013)

> Seriously? Where was that said? Would it of been obvious to them if they were compromised? As in, did they actually know _before_ it be made public again?



http://vpsboard.com/topic/733-ramnode-down/?p=10762


----------



## Retry (Jun 18, 2013)

Magiobiwan said:


> They gave 3 months free service for their FREE PRODUCTS? It's... So amazing!


I said Host1Plus not Host1Free, god!


----------



## DaringHost (Jun 18, 2013)

Looks like another host got hit as well, never heard of them till now though: https://www.facebook.com/Askforhostcom/posts/490230957725013


----------



## SeriesN (Jun 18, 2013)

Ask for host? Owned by astham. Never knew he had servers in NYC.


----------



## Marc M. (Jun 18, 2013)

MannDude said:


> Lot of lowend companies don't offer backups, at least not free.


*@**MannDude* no one offers backups for free unless they include it in a package and make you pay for them. Backups cost money, hardware, software, bandwidth, networking equipment, all of that costs money, including employees. So no, it's not just "Low End Companies", it's everyone. Linode for example charges for backups, so does RackSpace and even that near-dead provider out of Colorado who moved in spirit to Cali called Zerigo.


----------



## drmike (Jun 18, 2013)

@marcm, Zerigo is a shitty company.

512 VPS

512 MB, 24 GB, 160 GB

$19/mo

Sign Up

768 VPS

768 MB, 36 GB, 240 GB

$29/mo

Sign Up

1024 VPS

1024 MB, 48 GB, 320 GB

$39/mo

Sign Up

1536 VPS

1536 MB, 72 GB, 450 GB

$59/mo

Sign Up

2048 VPS

2048 MB, 96 GB, 600 GB

$79/mo
 

They wonder why VPS sales are dried up?


----------



## SeriesN (Jun 18, 2013)

buffalooed said:


> @marcm, Zerigo is a shitty company.
> 
> 512 VPS 512 MB, 24 GB, 160 GB $19/mo Sign Up 768 VPS 768 MB, 36 GB, 240 GB $29/mo Sign Up 1024 VPS 1024 MB, 48 GB, 320 GB $39/mo Sign Up 1536 VPS 1536 MB, 72 GB, 450 GB $59/mo Sign Up 2048 VPS 2048 MB, 96 GB, 600 GB $79/mo
> 
> They wonder why VPS sales are dried up?


Not that bad. Pretty much premium price and I  "assume" they have decent customer service and support.


----------



## maounique (Jun 18, 2013)

We offer free ftp space which can be used for backups.

For Biz plans is Offsite and bigger, also raid protected.

Offering space and not the backup option per se is better imo as the customer will only use it if they really need it, so the costs will not be that much.

We also take back-ups for internal disaster recovery but only on a few servers of types on which we had hardware failures in the past.


----------



## Marc M. (Jun 18, 2013)

SeriesN said:


> Not that bad. Pretty much premium price and I "assume" they have decent customer service and support.


*@**SeriesN* No they don't. Their nodes are ancient based on old AMD quad core CPUs from 2009, their I/O is crap and their customer service is non existent. Right before I ventured into the hosting business I got a couple of VPS servers with them for a client's project and the performance was horrid (mid 2011). If the VPS would lock up (hang) or the public networking interface would disconnect and I emailed support (keep in mind that they don't have a customer support / ticketing system), someone would reply within 2 to 3 days and then I that person would spin up an instance of their smallest VPS for me to have something to work on. They wouldn't help via live chat because their excuse was that they are only there for sales, and to add insult to injury, instead of offering me help they were trying to convince me to get a dedicated server from 8x8 (their parent company) for "the same amount of money" that I am paying for VPS servers. If one of us small providers would behave like that and threat our customers with such impunity we would be publicly humiliated and laughed at on forums and IRC for days if not months. So this mini review pretty much sums up Zerigo for me.


----------



## SeriesN (Jun 18, 2013)

Ouch! That sounds painfully painful.


----------



## drmike (Jun 19, 2013)

SeriesN said:


> Not that bad. Pretty much premium price and I  "assume" they have decent customer service and support.


  

I used another service they offer and support was so bad and days for replies.


----------



## Marc M. (Jun 19, 2013)

SeriesN said:


> Ouch! That sounds painfully painful.


*@**SeriesN* I forgot the most important bit: they never missed an opportunity to let me know every time they replied that my service was unmanaged and therefore I shouldn't expect more support. I was like "wtf., I only expect for my VPS to work and not die on me unexpectedly!". I ended up getting a refund from 8x8 and moved on. A few months later I started DrupalCentric Hosting (which evolved eventually into Phoenix VPS) and my adventure began :lol:



buffalooed said:


> I used another service they offer and support was so bad and days for replies.


*@* Lemme guess, DNS or WatchDog? :unsure:


----------



## drmike (Jun 19, 2013)

marcm said:


> @buffalooed Lemme guess, DNS or WatchDog?


 

DNS for +1 point


----------



## kunnu (Jun 19, 2013)

Its also posible to wipe backup server through SolusVM (Solusvm save backup server details in db)


----------

