# BlueVM's domain name was hijacked



## drmike (Aug 23, 2014)

URL: http://bluevm.com/

*New Wave NetConnect Acquires Blue VM Communications*

*New Wave NetConnect, a Velocity Server / ColoCrossing Company Acquires Blue VM Communications*
We’re excited to announce another addition to New Wave NetConnect LLC, the company behind market leader ChicagoVPS, has recently acquired the assets of Blue VM Communications.
As part of our pre-purchase review it was decided that most efficient and effective way to improve the Blue VM customer experience was to wind down the existing Blue VM infrastructure and incentivize customer’s to switch to ChicagoVPS.
Blue VM's existing services will remain for at least 10 days to provide for an easy transition for all customers.
We look forward to serving you soon!
Thank you,
New Wave NetConnect


----------



## mojeda (Aug 23, 2014)

LOL


----------



## drmike (Aug 23, 2014)

Source of this:

BlueVM's website:

http://bluevm.com/


----------



## drmike (Aug 23, 2014)

Someone is claiming it's a domain hijack....

_*"We have not closed or sold to anyone. It seems like a NS hijack or our domain account is hacked. We are investigating."*_

Link to that claimed to be Twitter, but nothing shows right now on BlueVM's Twitter feed:

https://twitter.com/BlueVM_VPS


----------



## Munzy (Aug 23, 2014)

I just checked with Justin, and from his "Busy ATM" statement I highly doubt that he sold to CVPS.

Seems he is working with his NS provider to get things resolved.


----------



## mojeda (Aug 23, 2014)

```
dig bluevm.com ANY

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> bluevm.com ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33662
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bluevm.com.                    IN      ANY

;; ANSWER SECTION:
bluevm.com.             21599   IN      SOA     ns01.000webhost.com. freehosting.000webhost.com. 2014082401 172800 7200 3600000 172800
bluevm.com.             21599   IN      A       31.170.162.168
bluevm.com.             21599   IN      MX      0 mx.000webhost.com.
bluevm.com.             21599   IN      NS      ns01.000webhost.com.
bluevm.com.             21599   IN      NS      ns02.000webhost.com.

;; Query time: 124 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Aug 23 18:56:32 2014
;; MSG SIZE  rcvd: 160
```


----------



## lbft (Aug 23, 2014)

You know, they make pills for premature ejaculation now, drmike.


----------



## drmike (Aug 23, 2014)

Yeah well BlueVM Tweets, the Twitter post disappears...

_*"You know, they make pills for premature ejaculation now, drmike."*_

I don't have that problem.  I lay pipe properly and miles of it without a leak.


----------



## drmike (Aug 23, 2014)

This is damn funny. From BlueVM's IRC.

DanielI is BlueVM employee/freebie recipient/volunteer/whatever:



> -----------------
> 
> 
> ```
> ...


----------



## lbft (Aug 23, 2014)

If someone else got control of the domain, it would make sense that they'd use that to reset the password to the Twitter account (assuming it had a @bluevm.com email associated with it).


----------



## drmike (Aug 23, 2014)

lbft said:


> If someone else got control of the domain, it would make sense that they'd use that to reset the password to the Twitter account (assuming it had a @BlueVM.com email associated with it).


Seems plausible.

There was a Twitter post mentioned above....  This was the link thereto:

https://twitter.com/BlueVM_VPS/status/503282713156415488

Throws up not found error.

Wasn't BlueVM having days now of downtime and slow ticketing like 3 day wait times?  Is this the new level of UNMANAGED VPS @Nick_A was asking about / wondering what was acceptable?

If someone hacked BlueVM, then coffin nails to BlueVM.   If they have access to email, account info, etc.  then full scale hack would be logically expected, not just a public defacement for lols.

Lucky I only use BlueVM to evade the great firewall of [Asia] so I can look at boobies.


----------



## lbft (Aug 23, 2014)

They only need to control the domain name itself to reset a password - they can just point the MX record to a server they control. Doesn't need any access beyond what they already clearly have, being able to change the domain's nameservers.

Same principle would give them access to other accounts that can be reset (including the BlueVM user on this forum, presumably, and any access that BlueVM might have to CC or CVPS billing systems that uses an email at bluevm.com).

It would, however, give them full access to any PayPal emails coming through during the time they control the domain, including disputes and recurring payments (and those PayPal emails can contain sensitive information), as well as any emailled ticket replies customers send. 

Edit: forgot to mention, I personally saw the tweet at https://twitter.com/BlueVM_VPS/status/503282713156415488 before it was deleted and can verify that it said "We have not closed or sold to anyone. It seems like a NS hijack or our domain account is hacked. We are investigating."


----------



## Munzy (Aug 23, 2014)




----------



## AThomasHowe (Aug 23, 2014)

I don't know drmike, I think hacking BlueVM to prove you were right was a bit of a low blow


----------



## mojeda (Aug 23, 2014)

Munzy said:


>


So they would rather not say anything when there is a message on bluevm.com suggesting that all VMs will be deleted after 10 days?


----------



## drmike (Aug 23, 2014)

AThomasHowe said:


> I don't know drmike, I think hacking BlueVM to prove you were right was a bit of a low blow


Bahaha.... Sorry @AThomasHowe, but I am not hacking anything.  A+ for effort and putting some breath into the flames.


----------



## DomainBop (Aug 23, 2014)

Looks like whoever hijacked the domain decided to delete the domain at the registrar.  Dig is returning NXDOMAIN.



> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>>  shitprovider.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ...


----------



## drmike (Aug 23, 2014)

lbft said:


> They only need to control the domain name itself to reset a password - they can just point the MX record to a server they control. Doesn't need any access beyond what they already clearly have, being able to change the domain's nameservers.
> 
> Same principle would give them access to other accounts that can be reset (including the BlueVM user on this forum, presumably, and any access that BlueVM might have to CC or CVPS billing systems that uses an email at bluevm.com).
> 
> ...


All of which means if this happened, as you imply, every customer should FEAR.  Fear their account info is now in public, fear a database dump with your info in public, fear anything you can relate to your BlueVM account and especially where you had common username and password credentials.

Or like many in these parts, you can just ignore it all and hope for the best   I hope customers hold whoever is running the show at BlueVM responsible.

It has been hours now and BlueVM continues to scramble.  Aside from a Twatter post that was later recanted, yeah where's the public massage?

May I say this,  I more than anyone want to see BlueVM NOT BE A CC / CVPS acquisition.  I want them to gain ZERO customers through such deals.

I've been told what the dollar value of some prior deals were and I shit more worthy piles of crap than those deals.  I'll assume those acquisitions had hardly any customers left by takeover time.

For those of you out there who have followed along with the UGVPS stuff..... Doesn't this seem like the November 2013 issues ChicagoVPS had where UGVPS.com was suddently offline... Where they blamed their domain registry and it went on for months and months... Meanwhile the rightful owner of UGVPS.COM (Crystal) took control of the domain and threw Fabozzi and Co. out?


----------



## MannDude (Aug 23, 2014)

Well, it looks like it's a domain hijack and not an actual sale.

https://twitter.com/BlueVM_VPS/

Plus their domain was pointing to a free web host, and not something on the CC network.

I don't think they have sold, at least not in any official manner.


----------



## MannDude (Aug 23, 2014)

If they have control over their Twitter again, would it be safe to imagine they have control over their domain now too?

Twitter support is _non-existent. _I've tried contacting those bastards so many times in the past. I can only assume that they got Twitter access again from regaining control of the domain?


----------



## drmike (Aug 23, 2014)

MannDude said:


> If they have control over their Twitter again, would it be safe to imagine they have control over their domain now too?
> 
> Twitter support is _non-existent. _I've tried contacting those bastards so many times in the past. I can only assume that they got Twitter access again from regaining control of the domain?


We are both assuming the Twitter account was attached to @BlueVM.com email and was actually hijacked   I only see a post made on Twitter and removed, which any account holder can do normally.

Twitter support, yeah, there is none.  Imagine that spinning out of control and losing access...


----------



## DomainBop (Aug 23, 2014)

> All of which means if this happened, as you imply, every customer should FEAR.  Fear their account info is now in public, fear a database dump with your info in public, fear anything you can relate to your BlueVM account and especially where you had common username and password credentials.


They should have already feared this when using any of these shitproviders™ given the businesses' complete lack of due diligence when hiring poorly paid contractors**  and the average shitproviders™ complete ignorance of information security standards.

For shits and giggles, ask one of these shitproviders™ if their business has implemented  ISO/IEC 27001 ISO/IEC 27002 standards and the response you'll get is _"IS whaaat?, never heard of it!?_

_**using the IRS 20-pont checklist of employee vs contractor most of these contractors should probably be classified as employees and the tax cheat businesses should be audited and fined heavily for not paying payroll taxes, etc_


----------



## Nick_A (Aug 23, 2014)

Where is their IRC channel?


----------



## WebSearchingPro (Aug 23, 2014)

Nick_A said:


> Where is their IRC channel?


irc.obsidianirc.net #bluevm - or http://www.obsidianirc.net/chat.php


----------



## MannDude (Aug 23, 2014)

I'm changing the title of the thread to, "BlueVM's domain name was hijacked" for sake of being accurate at this time.

I understand at the time this thread was created it was not clear what had happened, but it's clear now.


----------



## lbft (Aug 23, 2014)

drmike said:


> We are both assuming the Twitter account was attached to @BlueVM.com email and was actually hijacked   I only see a post made on Twitter and removed, which any account holder can do normally.
> 
> Twitter support, yeah, there is none.  Imagine that spinning out of control and losing access...


The whole account disappeared briefly too.


----------



## DomainBop (Aug 23, 2014)

A quick glance at google indicates BlueVM security compromise topics are an annual event.

May 2012: http://lowendtalk.com/discussion/2614/bluevm-illinois-server-hacked-data-lost

June 2013: http://www.lowendtalk.com/discussion/11428/potential-bluevm-whmcs-breach

August 2014::

..and this boys and girls is why I prefer to entrust my company's data to servers hosted by real companies with real employees and real security policies (real as in the mention of ISO27K standards doesn't draw a blank stare).

edited to fix a date.


----------



## drmike (Aug 23, 2014)

000webhost imploding the hosting account 
 



> CPU Limit Reached
> You are seeing this page because website has reached CPU usage limit of the server, and it was temporarily disabled.


and as far as hijack vs. sold, interesting what the BlueVM employee/whatever in IRC had to say...

Somewhere in Buffalo, someone is grinning.


----------



## D. Strout (Aug 23, 2014)

So WHOIS says the domain is with "eNom" - I figured that probably meant Namecheap. I used the Namecheap forgot password link and fed in the domain "BlueVM.com", and it says "Your account is locked. Please contact support." It seems Namecheap is likely looking in to things to try and get the domain back to its rightful owners.


----------



## Magiobiwan (Aug 23, 2014)

We're working on it now. Justin is working with Namecheap to get everything fixed up. When everything is put back as it should be and we've finished investigating, we'll be doing a release about this mess.


----------



## wlanboy (Aug 24, 2014)

A shit - worst case scenario.

Wrong website is one thing, but a malicious MX record is a worst case scenario.

Don't know when all DNS caches will have the correct values.

So even if we see the correct webpage again ... it would still be not save to write emails to BlueVM.


----------



## Munzy (Aug 24, 2014)

Look as if they are starting to point it at a malicious IP, be careful if you go there:


----------



## Munzy (Aug 24, 2014)

NM, it is still 000webhost.com, they just are hosted a lot of shit in the past.


----------



## sv01 (Aug 24, 2014)

Munzy said:


> NM, it is still 000webhost.com, they just are hosted a lot of shit in the past.


still on 000webhost.com


Expires On     May 07, 2017
Registered On     May 07, 2011
Updated On     August 23, 2014
they don't care about their client?


----------



## wlanboy (Aug 25, 2014)

sv01 said:


> they don't care about their client?


They don't care about much.

Not about support and not about securing their business domain.

If the bad boys had access to the Namecheap account they had access to the SSL certificates too.


----------



## Francisco (Aug 25, 2014)

wlanboy said:


> They don't care about much.
> 
> Not about support and not about securing their business domain.
> 
> If the bad boys had access to the Namecheap account they had access to the SSL certificates too.


Anyone know if bluevm was always using google for their MX records? Reason I ask is that right now it's pointing to google and if it wasn't them that did that.....

Francisco


----------



## MannDude (Aug 25, 2014)

How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?


----------



## mojeda (Aug 25, 2014)

MannDude said:


> How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?


I'm not sure of namecheap's recovery system, but my best guess was social engineering. http://en.wikipedia.org/wiki/Social_engineering_(security)


----------



## wlanboy (Aug 25, 2014)

MannDude said:


> How does one even hijack a domain name? Does anyone with more knowledge than myself want to do the vpsBoard community a favor and write a basic guide on preventing this from happening to them?


Quite simple.

Activate Two-Factor-Authentification: https://www.namecheap.com/support/knowledgebase/article.aspx/9253/45/how-to-two-factor-authentication

Domains / SSL certs and DNS settings should be worth the hassle.


----------



## Schultz (Aug 25, 2014)

Oh my, how bad.

I do hope they recover from this attack!


----------



## DomainBop (Aug 25, 2014)

> Domains / SSL certs and DNS settings should be worth the hassle.


Filing the annual paperwork to keep the company's corporate status in good standing with the government should be worth the hassle too but BlueVM apparently doesn't think so since it didn't bother to file its paperwork this year.

A short recap of the last 9 months of low end domain problems:

UGVPS.com: domain "hijacked" by the real Crystal, domain temporarily suspended by ICANN for invalid WHOIS

DigTheMine.com: domain temporarily suspended by ICANN for invalid WHOIS

NWNX.net: domain temporarily suspended by ICANN for invalid WHOIS

BlueVM.com : domain hijacked


----------



## Aldryic C'boas (Aug 25, 2014)

CVPS gets exploited pretty frequently - this isn't really much of a surprise.


----------



## sv01 (Aug 25, 2014)

they just move to cloudflare


;; ANSWER SECTION:
bluevm.com.        167254    IN    NS    eva.ns.cloudflare.com.
bluevm.com.        167254    IN    NS    hank.ns.cloudflare.com.


that was fast, only took 2 day


----------



## DomainBop (Aug 25, 2014)

Aldryic C said:


> CVPS gets exploited pretty frequently - this isn't really much of a surprise.


Maarten over on LET now requires proof when you make any negative CVPS/123sys statements so I'll help you out with the proof.

https://www.google.com/search?q=chris+fabozzi+cvps.sql&ie=utf-8&oe=utf-8 (scroll down the results page, the database dump appears to be from February 2013...I don't recall any announcements of a hack in Feb 2013 but  obviously there was one, so that makes at least 4 known Solus/WHMCS compromises from Nov 12/Oct 13).


----------



## AThomasHowe (Aug 25, 2014)

Francisco said:


> Anyone know if bluevm was always using google for their MX records? Reason I ask is that right now it's pointing to google and if it wasn't them that did that.....
> 
> 
> Francisco





sv01 said:


> they just move to cloudflare
> 
> ;; ANSWER SECTION:
> bluevm.com.        167254    IN    NS    eva.ns.cloudflare.com.
> ...


I think cloud flare was what they were using before.

Anyway, homepage now says:



> We’ll be back soon!
> 
> 
> Sorry for the inconvenience but we’re securing the client area and Feathur at the moment due to a recent hijack of our domain. No client services have been affected by this. We’ll be back online soon!
> ...


----------



## Shados (Aug 25, 2014)

wlanboy said:


> Quite simple.
> 
> 
> Activate Two-Factor-Authentification: https://www.namecheap.com/support/knowledgebase/article.aspx/9253/45/how-to-two-factor-authentication
> ...


Quite a few high profile 'hacks' have happened precisely because someone convinced a DNS or server provider to disable two-factor authentication on their target's account because they'd lost their device or such.


Of course, it ups the work required / difficulty involved on an attackers part, but don't mistake that for any sort of guarantee.


----------



## sv01 (Aug 25, 2014)

If someone only hijack their domain, why they need to securing their client area and Feathur?



AThomasHowe said:


> We’ll be back soon!
> 
> Sorry for the inconvenience but *we’re securing the client area and Feathur at the moment due to a recent hijack of our domain*. *No client services have been affected by this*. We’ll be back online soon!
> 
> ...


----------



## Munzy (Aug 25, 2014)

sv01 said:


> If someone only hijack their domain, why they need to securing their client area and Feathur?


I think feathur used DNS names to connect between servers thus they are just being extra careful.


----------



## mikho (Aug 26, 2014)

One example;


If one of the admin accounts used a @BlueVM.com email and the attacker used the "forgot password" function.


----------



## AThomasHowe (Aug 26, 2014)

In theory you could also have kept feather up, back proxy the traffic to the real server and log/sniff traffic I guess. That's a lot of work though.


----------



## WebSearchingPro (Aug 26, 2014)

Looks like the site is back up, though from IRC it seems that its not up to 100% functionality yet. Hopefully a more detailed incident report will be published soon.


----------



## SwitchBlade (Aug 27, 2014)

No official statement yet? Does the BlueVM guy have a account here? Hope it is just a domain issue and not more severe.


----------



## Francisco (Aug 27, 2014)

Maybe @Magiobiwan can get in contact with Justin?

Francisco


----------



## Jade (Aug 27, 2014)

Wonder what the statement will say


----------



## sv01 (Aug 27, 2014)

Jade said:


> Wonder what the statement will say


Namecheap fault ? opcorn:


----------



## DomainBop (Aug 28, 2014)

Jade said:


> Wonder what the statement will say


I think the "sorry for the inconvenience..." notice on their home page on Monday was the official statement.


----------



## Francisco (Aug 28, 2014)

DomainBop said:


> I think the "sorry for the inconvenience..." notice on their home page on Monday was the official statement.


"Please use coupon code 'NOTAFABSHOP' for 70% off your next purchase".

Francisco


----------



## Schultz (Aug 28, 2014)

Francisco said:


> "Please use coupon code 'NOTAFABSHOP' for 70% off your next purchase".
> 
> 
> Francisco


loled.


----------



## SkylarM (Aug 28, 2014)

Francisco said:


> "Please use coupon code 'NOTAFABSHOP' for 70% off your next purchase".
> 
> 
> Francisco


"please use coupon 'ITWONTHAPPENAGAINWEPROMISEPLEASEPRETENDNOTHINGHAPPENED' for 95% off."


----------



## sv01 (Sep 15, 2014)

sv01 said:


> Namecheap fault ? opcorn:


I ask NC



> xxxxxx,
> Domain name bluevm.com is locked due to a reported hacking claim.


 opcorn: ony:

where's their official statement


----------



## DomainBop (Sep 15, 2014)

In other news, 300 more E3's (and a scant 54 E5's) on the way!

http://appext20.dos.ny.gov/ASPIMGView/imgview.aspx?pdocid=29089866&pidmname=DEFAULT&pApp=UCC

http://appext20.dos.ny.gov/ASPIMGView/imgview.aspx?pdocid=29059411&pidmname=DEFAULT&pApp=UCC


----------



## drmike (Sep 19, 2014)

Well I am bumping this....

Has Namecheap admitted their fault for the BlueVM domain hijack?

Lots of results in the Google machinery for Namecheap and variations of this general topic:

https://www.google.com/?gws_rd=ssl#q=namecheap+hijacked

Google even rapid auto-completes for:

https://www.google.com/?gws_rd=ssl#q=namecheap+domain+hijack

Someone from Namecheap want to comment already?  I plan on dropping my portfolio of domains from Namecheap.


----------



## DomainBop (Sep 19, 2014)

> Lots of results in the Google machinery for Namecheap and variations of this general topic:


There's lots of results in Google for all major registrars and domain hijacking.  GoDaddy was in the news earlier this year after hijackers used social engineering on GoDaddy's support to hijack a domain that was the contact email for a valuable Twitter account. Going back a few years, does anyone remember when ICANN and IANA had their domain names hijacked (their registrar was Registrar.com) or Comcast had its comcast.net domain and 200 other Comcast owned domains hijacked (its registrar was Network Solutions).


----------



## sv01 (Sep 21, 2014)

Another offer from bluevm 2 days ago

1st


Hello,

For the month of September we're featuring some amazing deals on our BLUE2 plans. On top of our amazing offer we're going to offer our existing clients a special coupon to go along with it!

BLUE2 Plan Features:
512 MB of Guaranteed RAM
512 MB of Swap
2 CPU @ 2.0+ Ghz
1 IPv4 Address
25 GB of Disk
1 TB of Bandwidth
Click Here To Order

Quarterly Price: $6.99
Semiannual Price: $13.99
Annual Price: $19.95

Special coupon code: SeptemberBLUE2
2nd


We're really excited to share an excellent deal on our BLUE2 VPS. You can feel special because you're hearing about it first in this email! For the month of September we're featuring some amazing deals on our BLUE2 plans; on top of our already great offer we're going to turn it up a notch for our existing clients with a special coupon to go along with it! Keep reading...

BLUE2 Plan Features:
512 MB of Guaranteed RAM
512 MB of Swap
2 CPU @ 2.0+ Ghz
1 IPv4 Address
25 GB of Disk
1 TB of Bandwidth
Order at: https://www.bluevm.com/cart.php?gid=42

Normal Price:
Quarterly Price: $6.99 $5.24
Semiannual Price: $13.99 $10.49
Annual Price: $19.95 $14.96

For 25% OFF USE COUPON CODE: SeptemberBLUE2

The coupon code can be used for 25% off one time for any length of time listed above. That means you can get a BLUE2 for $14.96 for the first year! Now that is a smoking hot deal.

As always let us know if we can provide any custom packages, we're always happy to work with our customers to fit your specific needs.
where's our explanation


----------



## SkylarM (Sep 21, 2014)

sv01 said:


> where's our explanation


If they actually gave a shit (they don't) there would have been a post made already.


----------



## drmike (Sep 21, 2014)

sv01 said:


> Another offer from bluevm 2 days ago
> 
> 1st
> 
> ...


Another weekend and another batch of former customer AD SPAM from Fabozzi, Biloh and their cohorts.

If they'd spend 10% of their time serving customers and treating people right they wouldn't be going back to the tainted well like this, all the time.


----------



## BlueVM (Sep 21, 2014)

@drmike - I don't say anything here because frankly everyone here has already made a judgement and there's little point in attempting to reason with you. Every time I come on this forum it's another thread about how we've been "taken over" and it gets very tiresome dealing with your continued irritation. For the record the wonderful folks at namecheap allowed someone to walk right past our second level authentication and hijack the domain. Of course this information won't satisfy you so please feel free to spread as many rumors as you like because frankly I'm sure you will.

Also for the record we've been working on our reply times and have managed to get our average week-over-week reply times to just under 4 hours per ticket. It's not perfect, but we are trying, then again you couldn't possibly know what trying means... you're very quick to pass judgment.

I don't enjoy sounding condescending, but at this point it's all I've got left.

-- All the love in the world Justin Johnston


----------



## DomainBop (Sep 21, 2014)

https://www.youtube.com/watch?v=KiIP_KDQmXs


----------



## drmike (Sep 21, 2014)

Hey glad to see you are still with us Mr. Johnston.  I give you credit for sticking to the story.  

NameCheap hasn't given you special treatment on this matter?  Cause me I consider NameCheap to be a total piece of trash registrar and everyone should drop NameCheap if what happened was some casual exploit like that.

If this isn't what happened I'd expect NameCheap to be threatening to gag you with a Cease and Desist to protect their alleged good name.

You email your customers and the other common oh crap we were exploited checklist things?

As for the business time of BlueVM support, 4 hours, not bad.   Better than what we were seeing not too long ago.  Keep it going, headed in right direction.


----------



## BlueVM (Sep 21, 2014)

drmike said:


> Hey glad to see you are still with us Mr. Johnston.  I give you credit for sticking to the story.
> 
> NameCheap hasn't given you special treatment on this matter?  Cause me I consider NameCheap to be a total piece of trash registrar and everyone should drop NameCheap if what happened was some casual exploit like that.
> 
> ...


They have given us special treatment, but we will be migrating all of our domains to another company shortly. We took precautions to include disabling key servers and resetting every password that could have been associated with a @bluevm.com email. We checked our logs, but found no breach of our servers and felt no need to reset all client passwords as part of the security steps. We did change our our keys as a precaution and we did respond to any clients who asked us about the issue. 

That said in all honesty from your perspective what difference does our support times make to you anyway? If you truly feel we've been taken over by the Fabozzi crowd shouldn't you be cheering for our demise and submitting 10,000 blank/pointless tickets a day to our queue?

Regardless of all of this I do care about my customers (not on the level of "what can I get from client x"), but on a realistic level. I love hearing about interesting projects people build on our services and I'll go out of my way to help anyone who is willing to go "toe-to-toe" with me on a honest level about something that is wrong within our network. I released Feathur to the community because I care about the community and yet because part of my business relies on a company you don't respect you throw me under the bus time and time again. If you think Fabozzi would *EVER* release something for free you're sadly mistaken.


----------



## drmike (Sep 21, 2014)

BlueVM said:


> They have given us special treatment, but we will be migrating all of our domains to another company shortly. We took precautions to include disabling key servers and resetting every password that could have been associated with a @BlueVM.com email. We checked our logs, but found no breach of our servers and felt no need to reset all client passwords as part of the security steps. We did change our our keys as a precaution and we did respond to any clients who asked us about the issue.
> 
> That said in all honesty from your perspective what difference does our support times make to you anyway? If you truly feel we've been taken over by the Fabozzi crowd shouldn't you be cheering for our demise and submitting 10,000 blank/pointless tickets a day to our queue?


Kudos to you.  Cover your a$$ with customers and reporting agencies if you did all that. 

I don't mass contribute to companies demise by loading the deck unfairly, nor do I DDoS companies nor other kiddie things.

The whole Fabozzi thing... Sure that isn't the direction the domain jacking came from?


----------



## BlueVM (Sep 21, 2014)

drmike said:


> Kudos to you.  Cover your a$$ with customers and reporting agencies if you did all that.
> 
> I don't mass contribute to companies demise by loading the deck unfairly, nor do I DDoS companies nor other kiddie things.
> 
> The whole Fabozzi thing... Sure that isn't the direction the domain jacking came from?


I don't like to speculate. I'd like to think that people are honest no matter what...


----------



## WebSearchingPro (Sep 21, 2014)

BlueVM said:


> For the record the wonderful folks at namecheap allowed someone to walk right past our second level authentication and hijack the domain.


 opcorn:


----------



## zed (Sep 22, 2014)

I'm still surprised you've made no public announcement about it. Google will be (is? haven't looked) full of "BlueVM hacked" type things with no official response from the company about it, doesn't that seem.. bad?


I saw an email from BlueVM just recently and opened it expecting to see post mortem and it was just another special.


Anyway, carry on sir, just one guy's opinion.


----------

