# ChicagoVPS / CVPS Hacked. New SolusVM exploit? [PT 2/2]



## Magiobiwan

*NOTICE*

*EDIT: *Original thread content here: http://vpsboard.com/topic/984-chicagovps-cvps-hacked-new-solusvm-exploit-pt-1

The thread had to be split into two after some errors. All original posts have been restored in that thread. Further discussion can be had within this thread.

-MannDude

(Sorry Magiobiwan, could not remove your post as it's the first one so I had to edit it to display this message)


----------



## mmance

Chris has been very vague in his response to me personally today.  







I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.


----------



## drmike

Ran a bunch of lookups for folks here to see if their details were in the dump.

I can confirm if you cancelled your services after the last hack in November - February, your details probably aren't in there.

Anyone else want info looked up, PM me.  

Will be back in a bit.


----------



## mnsalem

Just thought to drop by and mention that i just got the email with the report (that update which was posted several hours ago).


----------



## DaringHost

chronos511 said:


> Anyone else suddenly unable to get LET to load?


See: http://vpsboard.com/topic/770-lowendtalkcom-down/


----------



## mmance

Chris has been very vague in his response to me personally today.  






I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.


----------



## saliq

mmance said:


> Chris has been very vague in his response to me personally today.
> 
> 
> 
> 
> 
> 
> I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.


If your site and email is same as the username here then you are in it


----------



## upsetcvps

mmance said:


> Chris has been very vague in his response to me personally today.
> 
> 
> 
> 
> 
> 
> I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.


yes, your e-mail address would not be hard to guess based on your username, Marc


----------



## jfreak53

Offline/Online Nodes:

http://stats.pingdom.com/jzrszp4wfu79


----------



## drmike

jfreak53 said:


> Offline/Online Nodes:
> 
> http://stats.pingdom.com/jzrszp4wfu79



From Pingdom's monitoring shows 19 servers that are broken....


----------



## mnsalem

they are indeed working on it! Last time i checked pingdom, 3 out of the 4 servers in atlanta were offline! now Just 1 is left.

Same for Buffalo! 4 servers were down .. now just 2 ... and i happen to be on the one that is down (facepalm)


----------



## upsetcvps

mnsalem said:


> they are indeed working on it! Last time i checked pingdom, 3 out of the 4 servers in atlanta were offline! now Just 1 is left.
> 
> 
> Same for Buffalo! 4 servers were down .. now just 2 ... and i happen to be on the one that is down (facepalm)


We are probably in the same server.  How do you know what server you are on?


----------



## mnsalem

upsetcvps said:


> We are probably in the same server.  How do you know what server you are on?


I am on 192.227.129.xxx subnet ... that's BUF19. through the CP back in its working days.


Anything in buffalo other than that will be on BUF17


----------



## TheLinuxBug

I think this thread should just be closed.  If there is anymore real news about this, I think we can open a new thread, or even better, post it in the cest pit.  There is enough CVPS PR threads open here already.

Cheers!


----------



## HalfEatenPie

This is just ridiculous.  Closed.


----------



## HalfEatenPie

Ok this topic has been re-opened after cleaning up a bit.  Please keep the discussion focused on the topic.  The other discussion can be found here: http://vpsboard.com/topic/777-personal-arguments/


----------



## jfreak53

Thanks mod for cleaning this mess up.

You know cVPS an update no matter how small it is would really be helpful, even if it is small.


----------



## CVPS_Chris

Jfreak, we are still working to get the remaining nodes online.


----------



## Marc M.

How much warning do you need as a software provider about your code being poorly written? And why do you write code like this? Sorry, but I can't fault any provider that was hit by this attack, and all I can say is that I am sorry that some of you guys had to suffer because of this:


<?php
if ($_POST['delete']) {
$xc = $db -> query('SELECT * FROM centralbackup WHERE id = \'' . $_POST['deleteid'] . '\'', true);
#[...]
if ($xc[status] == 'failed') {
exec('php /usr/local/solusvm/system/bus.php -- --comm=deletebackup --serverid=' . $xc['bserver'] . ' --nodeid=' . $vdata['nodeid'] . ' --vserverid=' . $vdata['vserverid'] . ' --filename=' . $xc['filename']);
#[...]
}
}
?>


D_Strout said:


> Hasn't anyone decrypted the source? Couldn't they then run a search for dumb execs?


*@D. Strout* There's been a decoded version floating around the web for a while now, I guess that's how the vulnerability was found and exploited in the first place. Pretty lame, but it is what it is.

Guys, here is something simple that you should do immediately: restrict access to the admin path. Restrict it by IP, with a password, or ideally both. @Kujoe had some good advice as well on how to secure SolusVM.

Kind regards,

Marc


----------



## concerto49

Has anyone heard back from Solus yet?


----------



## MannDude

concerto49 said:


> Has anyone heard back from Solus yet?


I wouldimagine they're quite busy attempting damage control.


----------



## Mun

MannDude, I know you don't work there, but Urpad got hit too?


----------



## Otakumatic

Mun said:


> MannDude, I know you don't work there, but Urpad got hit too?


Their site works for me.


----------



## upsetcvps

marcm said:


> How much warning do you need as a software provider about your code being poorly written? And why do you write code like this? Sorry, but I can't fault any provider that was hit by this attack, and all I can say is that I am sorry that some of you guys had to suffer because of this:
> 
> 
> <?php
> if ($_POST['delete']) {
> $xc = $db -> query('SELECT * FROM centralbackup WHERE id = \'' . $_POST['deleteid'] . '\'', true);
> #[...]
> if ($xc[status] == 'failed') {
> exec('php /usr/local/solusvm/system/bus.php -- --comm=deletebackup --serverid=' . $xc['bserver'] . ' --nodeid=' . $vdata['nodeid'] . ' --vserverid=' . $vdata['vserverid'] . ' --filename=' . $xc['filename']);
> #[...]
> }
> }
> ?>
> *D. Strout* There's been a decoded version floating around the web for a while now, I guess that's how the vulnerability was found and exploited in the first place. Pretty lame, but it is what it is.
> 
> Guys, here is something simple that you should do immediately: restrict access to the admin path. Restrict it by IP, with a password, or ideally both. @Kujoe had some good advice as well on how to secure SolusVM.
> 
> Kind regards,
> 
> Marc


what. the. fuck.


----------



## MannDude

Mun said:


> MannDude, I know you don't work there, but Urpad got hit too?


Yeah, don't work there anymore.

I messaged Jason earlier this morning and told him what was going on and it may be best to shut the Solus master off for a while.

Doesn't matter, Adam Ng ("Kevin Hillstrand") has had the URPad WHMCS and SolusVM DB (both dated) for a while and has always threatened to post it anytime we made him mad. I'd change your passwords anyways since I could never get the old owner to force password resets on everyone, nor have the new owners yet. Both parties have indeed been informed that this kid has dated DBs and has threatened, multiple times, to post them if we don't back off on things that upset him. (Like poking the Adam/Kevin thing, etc)


----------



## Amitz

That's somehow unrelated, but is this 'Adam Ng' in any way related to Adam, the former owner of VPSLatch? I still have a bone to pick with that a**hole...


----------



## drmike

MannDude said:


> Adam Ng ("Kevin Hillstrand") has had the URPad WHMCS and SolusVM DB (both dated) for a while and has always threatened to post it anytime we made him mad


What the f*Ck!?!?!?!

Where is @Miller?


----------



## MannDude

Amitz said:


> That's somehow unrelated, but is this 'Adam Ng' in any way related to Adam, the former owner of VPSLatch? I still have a bone to pick with that a**hole...


Yes. That requires a thread of it's own, however. Be my guest.


----------



## drmike

MannDude said:


> Yes. That requires a thread of it's own, however. Be my guest.



Gladly, posting a new thread now.


----------



## concerto49

MannDude said:


> Yes. That requires a thread of it's own, however. Be my guest.


Liam @ LET patched this 0-day exploit yesterday. CVPS_Kevin got renamed to CVPS_Adam.


----------



## netnub

So wait, I'm not allow to post code snippits, but he IS?


----------



## Francisco

netnub said:


> So wait, I'm not allow to post code snippits, but he IS?


The snippet from above was the source of the last exploit. If there's new code and solus patches it? You're then "fine" to post it since you've at least done due diligence by the vendor.

0-day'ing it is seen as 'poor taste' 

Francisco


----------



## Mun

netnub said:


> So wait, I'm not allow to post code snippits, but he IS?


So you are allowed to steal WHMCS, but someone else isn't?

So you are allowed to scam people, but someone else isn't?

So you are allowed to steal databases, but someone else isn't?

These are all related to you, and it is getting to the point that you really need to grow a brain, as well as mature into something more then a sniveling rat.


----------



## Dan

MannDude said:


> I messaged Jason earlier this morning and told him what was going on and it may be best to shut the Solus master off for a while.


 

Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...


----------



## Otakumatic

Didn't they sell URPad a while back? I thought I read about a bunch of changes at URPad on LET a while back....


----------



## MannDude

athk said:


> Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...


I assumed they would have. Out of my hands.



Otakumatic said:


> Didn't they sell URPad a while back? I thought I read about a bunch of changes at URPad on LET a while back....


Yes, towards the beginning of May. First or second week. Can't remember.


----------



## fileMEDIA

Solusvm 1.14.00 BETA R5 is available..no changelog yet.

This is an important security fix. You are encouraged to update as soon as possible. A full detailed report will be published at a later date.


----------



## Mun

fileMEDIA said:


> Solusvm 1.14.00 BETA R5 is available..no changelog yet.


Changelog:

Removed old exploits that we forgot about

Added new exploits so we can see how well our panel is doing

Added a new feature to DDOS Stallion cause it is too good.

Created a function to ask for confirmation if you want to delete all nodes, just to make sure the hacker really wants too.

Added a Clarke button that pops up a picture of him.

Created a new function so rofl.php show a picture of a dog when it is used against the newer version because we don't like that guy.

Added new feature to make it look like CVPS is incompetent, though we really didn't need to do much.

Claimed everything is Green now, since we use more code, that does less.

Called up our lawyers to see if we are going to get sued, and they told us nope as long as you add this little tid bit in the agreement for installing this new patch.

This is all joking of course, or is it O_O

Mun


----------



## john

Looks like there actually was another exploit.


----------



## drmike

^ Mun = classic gold! 

Keep it up.  I needed a laugh.


----------



## weservit

*PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSIONS OF SOLUSVM, INCLUDING BETA VERSIONS.*

As you may be aware we are currently running a full in house and external code audit. This release contains several important security fixes for all versions of SolusVM.

We highly suggest you update your system as soon as possible. Updates are available through the normal channels.

*Latest Stable Version:* 1.14.00 R5
*Latest Beta Version:* 1.13.05

Please be aware the audit is still underway and more updates may follow.

Thank you for your co-operation and understanding.

Regards,
Soluslabs Security Team


----------



## drmike

Official thing there @weservit?  Have a URL to confirm that?

Glad to see Soluslabs getting off their arses and doing something other than denying.


----------



## Marc M.

*@**Mun*,

I would add this: "Created a function to delete all VMs from all nodes just to see if the hacker can find it..." ROFL

and

this: "Added dead simple functionality to facilitate a MySQL injection exploit to see if anyone could find it in less than two months..." again ROFL ... well, it took the hacker almost two months minus four days to find it. IIRC about two months ago someone posted a iDezender decoded SolusVM online.

Classic Gold Mun :lol:


----------



## MannDude

buffalooed said:


> Official thing there @weservit?  Have a URL to confirm that?
> 
> Glad to see Soluslabs getting off their arses and doing something other than denying.


http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/


----------



## weservit

http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/

Also received an email from them now.


----------



## mikho

Looks like they are doing a better job then zamfoo.


----------



## Marc M.

Looks official to me: http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/


----------



## weservit

I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..


----------



## Marc M.

weservit said:


> I see a lot of modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..


*@**weservit* I'm glad that something got them from sitting around on their d**** all day long and finally doing a full security audit. This begs the questions if a disaster is necessary every time for them to do something about it?!


----------



## concerto49

weservit said:


> I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..


Of course, at least 3 were reported directly to them as of yesterday.


----------



## Mun

weservit said:


> I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..



Shhh, they really added new ones.

Mun


----------



## Marc M.

Mun said:


> Shhh, they really added new ones.


*@**Mun* it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.


----------



## Mun

marcm said:


> *@Mun* it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.


Or they had so much bad press that an addition to a line here and there makes it all better.

Mun


----------



## ItsGermy

CVPS_Chris said:


> Jfreak, we are still working to get the remaining nodes online.


This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.

Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."


----------



## Aldryic C'boas

ItsGermy said:


> We don't have time to update....


Well, he did find the time to come in here and try to brush off the Adam/Kevin situation, so I'm sure he'll at least make just as much time to post more status updates ASAP. To do otherwise would just be downright insulting to the clients waiting to hear something important.


----------



## maounique

The question is:

Is it safe to put it back on ?

I would say they patched so far the exploits that have been shown to them.

There should be others because I dont buy that audit stuff they are claiming.

Basically it is like this:

1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;

2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;

3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;

4. They release a fix after an "audit" saying there are more to come.

If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.

In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.

This is beyond ridiculous, what a bunch of clowns...


----------



## concerto49

Mao said:


> The question is:
> 
> Is it safe to put it back on ?
> 
> I would say they patched so far the exploits that have been shown to them.
> 
> There should be others because I dont buy that audit stuff they are claiming.
> 
> Basically it is like this:
> 
> 1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;
> 
> 2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;
> 
> 3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;
> 
> 4. They release a fix after an "audit" saying there are more to come.
> 
> If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.
> 
> In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.
> 
> This is beyond ridiculous, what a bunch of clowns...


1. The first hack no one has published evidence on what happened.

2. That was explicit and acknowledged by Solus.

3. Solus didn't say it wasn't their fault in this 2nd hack this time around.

4. More like we and others reported the exploits.


----------



## Mun

ItsGermy said:


> This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.
> 
> Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."



Then find a new host. You are asking way too much from Cvps_chris, and I have told him this before. You bought a service with a company with a rep. for not giving out informative updates. 

Here is a list of some other providers: http://vpswiki.us/


----------



## maounique

concerto49 said:


> 1. The first hack no one has published evidence on what happened.
> 
> 2. That was explicit and acknowledged by Solus.
> 
> 3. Solus didn't say it wasn't their fault in this 2nd hack this time around.
> 
> 4. More like we and others reported the exploits.


1. In light of what happened later, does anyone need any evidence ?

2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?

3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.

4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.

The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.


----------



## concerto49

Mao said:


> 1. In light of what happened later, does anyone need any evidence ?
> 
> 2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?
> 
> 3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.
> 
> 4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.
> 
> The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.


What's your take then? Let's collaborate and build a new panel shall we?  :lol:


----------



## netnub

And you guys stated I was kidding about vulnerabilities. http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/


----------



## maounique

concerto49 said:


> What's your take then? Let's collaborate and build a new panel shall we?  :lol:


I believe joepie91 was already on something like that ?

We would gladly donate something to the project as long as it remains open source.

I lost hope solus would wake up after this (yet another) disaster, their whole preocupation now looks like leaning towards damage control, how much can be still denied and how much they have to aknowledge. That is no way to act in this business.


----------



## SVMPhill

concerto49 said:


> Of course, at least 3 were reported directly to them as of yesterday.


Do you have more information on this please. No reports were made.


----------



## Mun

netnub said:


> And you guys stated I was kidding about vulnerabilities. http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/



and you stated you changed a leaf and wouldn't do anything "fishy" any longer, yet you still do. 

Mun


----------



## drmike

@netnub,  I don't doubt you.  Lots of folks are in cover-their-ass mode and protect-their-friends mode.

Does SolusVM know about the other exploits now?  Have they responded to you?


----------



## netnub

SVM_Phill said:


> Do you have more information on this please. No reports were made.


Why don't you ask good old Humza who I gave him snippits to give to you.

Don't act dumb, it really bugs me.


----------



## concerto49

SVM_Phill said:


> Do you have more information on this please. No reports were made.


Yes they were. Infinity reported it. Raised a ticket. A lot of others followed. Go through the tickets escalated.


----------



## concerto49

Duplicated


----------



## drmike

@netnub, PM me the info and I'll PERSONALLY make sure Phil gets it and anyone else you think should and I'll verify everyone has received it.

Tired of the run around/miscommunications/posts being pulled --- going on around the exploits.


----------



## netnub

Mun said:


> and you stated you changed a leaf and wouldn't do anything "fishy" any longer, yet you still do.
> 
> Mun


Fishy? More like helping security.


----------



## Mun

netnub said:


> Fishy? More like helping security.


Security, more like stealing and lying to your customers. 

What I am saying, is you have done things in the past that are ironic in this case. You really need to clean up your image.

Mun


----------



## netnub

My image is clean, you're bringing up the past, so how about I start bringing up the past? Like the past where I disclosed vulnerabilities to the public.

Shall I make that the future also?


----------



## drmike

Mun said:


> you have done things in the past that are ironic in this case.


 

Shit dawg, that description applies to so many in this industry.  Whole bunch of folks just got a strange facial tick and did a double take on that while skimming


----------



## Mun

netnub said:


> My image is clean, you're bringing up the past, so how about I start bringing up the past? Like the past where I disclosed vulnerabilities to the public.
> 
> Shall I make that the future also?


I'm going to stop derailing this thread, but my point is that you have done some shitty things.

Mun


----------



## PcJamesy

Wow this new post just came out. The last threat was to about SolusVM exploit. This one can't be good.


----------



## Magiobiwan

And then the past where you threatened to hack, DDoS, and exploit several hosts for no apparent reason. And then claimed it was someone ELSE behind all this.


----------



## PcJamesy

Looks like were going to have to pull both panels down soon, who will fall victim this time.


----------



## drmike

@PcJamesy, where did that thread copied from?


----------



## PcJamesy

buffalooed said:


> @PcJamesy, where did that thread copied from?


http://www.lowendbox.com/blog/a-days-recap-solusvm-exploit-released-ramnode-downtime-and-robert-clarke/#comment-121284


----------



## netnub

buffalooed said:


> @PcJamesy, where did that thread copied from?


http://www.lowendbox.com/blog/a-days-recap-solusvm-exploit-released-ramnode-downtime-and-robert-clarke/#comment-121284


----------



## MannDude

WHMCS news requires it's own thread...

The hosting industry should be on high alert it appears.


----------



## drmike

Start a new thread for the WHMCS stuff @MannDude...


----------



## Marc M.

*@* at the bottom http://www.lowendbox.com/blog/a-days-recap-solusvm-exploit-released-ramnode-downtime-and-robert-clarke/


----------



## johnnyd95

&nbsp;



PcJamesy said:


> Wow this new post just came out. The last threat was to about SolusVM exploit. This one can't be good.
> 
> 
> &nbsp;


&nbsp;

Me and Curtis G are releasing 0 day vun for whmcs friday


----------



## maounique

Actually, I know how insecure we are, problem is, what to do ?

Leave only linode and amazon provide VPSes ? Will you feel secure with the gov't having a direct line into your stuff ?

Not that they are bullet-proof, anyway, I wish ppl will focus more on taking down the establishment than the little folks with a small business.


----------



## drmike

True 'dat Chairman Mao!

Government isn't spying, they just are providing free backups for your data to every citizen   You just didn't get your API access key yet.


----------



## Otakumatic

There is no way I'm paying $20 for a Linode VPS when I can get the same specs for ~$7.

And not all LEB VPSers are script kiddies. :|


----------



## Marc M.

Otakumatic said:


> There is no way I'm paying $20 for a Linode VPS when I can get the same specs for ~$7.


*@**Otakumatic* Actually you will get better performance for your $7. Heck, our Xen nodes provide way better I/O than Linode, and we're releasing our SSD Cached Xen packages soon (very soon). And there are many other small providers who offer quality service for $7. So of course Linode is making a killing by pushing as many users as possible per node. Plus I have a sneaky suspicion that they are using RAID 5 or 6 instead of 10 to get more storage space out of their drives.


----------



## yolo

johnnyd95 said:


> &nbsp; &nbsp;
> 
> 
> Me and Curtis G are releasing 0 day vun for whmcs friday


*Curtis G and I


----------



## drmike

Spencer said:


> *Curtis G and I


 

Dude they are hackers.  They can hack Engwish too.


----------



## texteditor

buffalooed said:


> Dude they are hackers.  They can hack Engwish too.


Grammar is for the sheeple in meatspace


----------



## Magiobiwan

Seriously you two. What are you getting out of this? Lulz? It's not helping the community any. Providers are locking down their stuff, unwilling to risk being compromised, which inconveniences their clients. The node wiping is causing people to lose their data, their time, the effort they've put in to setting stuff up, in some cases money and their own clients, and possibly their livelihoods. If you want to HELP the community (foreign idea, I know), let SolusVM and WHMCS know of the exploits BEFORE releasing them. Once you've informed the companies about the exploits and they've had a reasonable amount of time to respond, THEN you can release the code. Back to what YOU'RE getting out of this. Nothing really. Public hatred towards you. Potential legal action taken against you (civil and/or criminal), with potential jail time and/or monetary fines. You're ruining your future with this. So STOP. I'm sure the rest of the community agrees on this point. It's not helping ANYONE, just hurting. So don't do it any longer.


----------



## maounique

Magiobiwan said:


> let SolusVM and WHMCS know of the exploits BEFORE releasing them. Once you've informed the companies about the exploits and they've had a reasonable amount of time to respond, THEN you can release the code.


I think they did that ?

However, those companies are more interested by PR and spinning the things around instead of the quality of the code.

We have plenty of evidence about that, at least from Solus, I tend to believe them when they say they sent the exploits not only to the companies, but also to infinity and others.

From where I stand, they are doing a good thing, destroying company credibility means they will have to get it back by releasing a decent product for a change.

Everyone will benefit in the end, exploits will no longer stay hidden to be used only by criminals, the fixes will be forced out of the culprits, people will be more aware of security and will take more back-ups as well as not disclosing personal data, everyone will win.

Even solus will have a better product which will generate better sales if they are really thinking about changing their ways, fire a few PR spin doctors and hire better coders. After all, they are not a political party, just a company which has to deliver a product.


----------



## drmike

Mao said:


> fire a few PR spin doctors and hire better coders. After all, they are not a political party, just a company which has to deliver a product


Chairman Mao is on fire!  So true.  Better coders and less PR spin.


----------



## peterw

What a show!

First SolusVM and now Hostbill and WHMCS. It's exciting to see how vulnerable a monoculture is.


----------



## Marc M.

peterw said:


> What a show! First SolusVM and now Hostbill and WHMCS. It's exciting to see how vulnerable a monoculture is.


*@**peterw* yeah, I imagine it is. Imagine how exciting it will be when you will have to pay $30 for the lowest end VPS and close to a $100 to get something decent, like it was just a few short years ago. Then you'll miss this "crappy monoculture" that you like so much to laugh at!


----------



## travmed

Just got this email update from ChicagoVPS. My question is don't we need access to the SolusVM to initiate a reimage of our server is everything is lost?



> [SIZE=small]This is a further status update to the recent security breach that ChicagoVPS has experienced. We have successfully restored some nodes, and the vast majority of our VPS customers are online, however we have a small percentage of nodes which still need to be worked on. Some of the nodes we are working on had data loss that we cannot restore. These nodes are LA18, ATL1, ATL4, ATL5. I you on are on one of these nodes you can safely start to rebuild, or open a ticket asking for this months refund.
> 
> On a positive note, it seems like SolusVM has released a new update in light of the recent incidents ( [/SIZE][SIZE=small]http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/[/SIZE][SIZE=small] ). However, at this time we do not feel comfortable enabling SolusVM access at this minute as we were a victim of their security vulnerabilities two times in the past 7 months. We are evaluating other alternative panels, but at the moment our priority is taking care of our customers and getting the impacted nodes back in working order.
> 
> Please understand that we have all hands on deck working tirelessly to restore service connectivity for those impacted. Therefore, our ticket response times are affected to allow us to effectively work without anything slowing us down. We apologize for the delayed ticket response times but we assure you we are making progress and working hard to get everything back to normal.
> 
> Our goal is to have everything 100% restored tomorrow. Those affected by this incident will recieve compensation.
> 
> Regards,
> 
> ChicagoVPS Team[/SIZE]


----------



## peterw

marcm said:


> *@peterw* yeah, I imagine it is. Imagine how exciting it will be when you will have to pay $30 for the lowest end VPS and close to a $100 to get something decent, like it was just a few short years ago. Then you'll miss this "crappy monoculture" that you like so much to laugh at!


I am pissed off. Someone is trying to destroy the whole SolusVM based economy. I am seeing it but I can't believe it. If the Hostbill and WHMCS 0day exploits are true it is just the beginning.

How should providers work if they can't use SolusVM and WHMCS?

I am using this monoculture too. Nothing to laugh at!


----------



## Marc M.

peterw said:


> I am using this monoculture too. Nothing to laugh at!


*@**peterw* As long as providers take steps to secure them, they will be fine. There are plenty of simple solutions to prevent SQL injections and such, and on top of that providers can use CloudFlare as a reverse proxy (it's running Nginx as well). So no, the entire industry won't come crashing down.


----------



## zero

My Status update;

LA - Dont answer ping still down

AT - Still ping reply and empty vps, no data

Chicago 1 -  Still ping reply and empty vps, no data

Chicago 2 -  Still ping reply and empty vps, no data

CVPS cant answer the tickets. I fight my clients on the phone. 

CPVS dont care how about us ...

Thank you CPVS you push us in to dark.


----------



## Gary

zero said:


> I fight my clients on the phone.


What? You have clients hosted on these VPSes, and you're making them wait instead of bringing whatever it is that you're hosting up on other VPSes?

Apart from the fact that you're hosting things for clients on crappy budget VPSes, which is bad enough, you don't have a disaster plan, seriously?


----------



## Mun

@zero

Try these guys out: http://catalysthost.com/

Review: http://www.lowendhelp.com/catalyst-host-review/

Mun


----------



## MannDude

Hey everyone, we're aware some (like 500) posts have disappeared from this thread.

Basically, a ton of threads got 'archived' due to bad settings when the feature was enabled. It caused threads like this to not allow new posts, but ALL 30+ pages of posts in the thread were still viewable. After UNarchiving it, the posts disappeared. They still exist in the DB, from what I am aware (and I have backups anyhow), so trying to explore options on how to restore this thread so the content that existed several hours ago is inserted back.


----------



## drmike

So, who is still down at ChicagoVPS?  Everyone get their accounts sorted out?


----------



## bellicus

buffalooed said:


> So, who is still down at ChicagoVPS?  Everyone get their accounts sorted out?


All 3 of my vps's are online since lastnight. no restore needed on any of them.


----------



## drmike

bellicus said:


> All 3 of my vps's are online since lastnight. no restore needed on any of them.


0-for-3 = 0% success rate. 

Were you on different geographic nodes and still managed this?


----------



## cvps_customer

VPS's are up but still waiting to have my data restored from Central Backup. I'm curious if anyone has actually had their data restored yet?


----------



## upsetcvps

I asked this before the posts got wiped, but would anyone mind posting the fingerprint for your server's public key if you have a fresh cvps openvz container with debian squeeze?  Also, what was your hostname on the fresh install?  Was it "test1"?  The fingerprint is what you see when you first connect to your server and you can obtain it afterwards by doing:

 ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key


----------



## bellicus

Yep, I forgot what buf nodes i'm on But i have 2 on buf and 1 in chi.


----------



## mnsalem

My VPS on BUF19 (if tis still there and not moved to another host) is online and was restored from a backup since early morning my time .. which is about 4 AM GMT time


----------



## zero

mnsalem said:


> My VPS on BUF19 (if tis still there and not moved to another host) is online and was restored from a backup since early morning my time .. which is about 4 AM GMT time


you are a lucky guy pray it 

I'm still waiting for restore


----------



## zero

Mun said:


> @zero
> 
> Try these guys out: http://catalysthost.com/
> 
> Review: http://www.lowendhelp.com/catalyst-host-review/
> 
> Mun


I learn my lesson. I dont buy anymore vps.

not Anyone not anywhere ...


----------



## Drar

*Rant*

*Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.*

*I opened multiple tickets since Day 1 asking them about the status of the data on my VPS and all I got is just canned response... After almost 6 days of giving out false hopes they will eventually tell me that my all data is unrecoverable and I need to restore using my own backups. BS Level to the max!!!*

*If only they will just be outright honest from Day 1 and inform the clients that they don't have weekly backup configured for my VPS (LA19) and the Central Backup of my VPS is lost as well then I can go ahead and make my own contingency plan.*



> 6/23/2013
> 
> Hello,
> 
> Unfortunately backups for your container from our master backup repository are not available. If you utilized our free Central Backup feature to create a restore point for your service we can backup from that data. If you did not utilize that free service we do not have backups and will be unable to restore any of your data.
> ---------
> Luc Ayotte
> ChicagoVPS Support Tech
> [email protected]





> 6/24/2013
> 
> Hello,
> 
> It looks like there was a corrupted file in your backup, this is making it so the files cannot be extracted. All we can do is give you a fresh VPS.
> ---------
> Luc Ayotte
> ChicagoVPS Support Tech
> [email protected]


*Back in 5/5/2013 I opened a ticket asking them if the weekly backup of my VPS is enabled or do I need to request for it and here is what they said:*



> 5/5/2013
> 
> Hello,
> 
> We do this by default to all our nodes.
> ---------
> Luc Ayotte
> ChicagoVPS Support Tech
> [email protected]


*I will be looking for a new provider now and will leave Chicago VPS for good! God I hate those $%#^$%%$!!*

*As soon as I am done with my sites I swear I am gonna take time to warn everybody to stay away from this incompetent host!*

*/Rant*


----------



## drmike

Drar said:


> Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.


Wow.  That is bad.

That node was being backed up to server with Colocrossing in Los Angeles on a weekly basis (198.23.250.202):

select * from nodes where hostname like 'la-vps19%';

+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+

| nodeid | name | ip             | hostname                | idkey                                    | password                                                         | country | city        | port | status | type   | arch   | loadlimit | gziplimit | swapalert | cpualert | logmon | kernelmon | lvm | hvm | rootdevice | ftpip          | ftpusername | ftppassword                              | ftpport | ftpdir | ftpbackup | ftpfreq | ftpexc | ftphour | ftpminute | ftpday | ftprota | ftpmonth | ftptmpdir | ftpiop | ftpioc | ftpnice | ftptmpxendir | ftpvzbt | ftpxenbt | ftppassive | vnclisten | fname             | intipgateway | intipnetmask  | inipbridge | slvconnection | intcheck | licensetype | ntfsioenable | ntfsn | ntfsc | kvmbridge | kvmemu                | maxvps | locked | groupid | maxmem     | maxdisk    | xentoolstack | pvdhcp | ebtables | paeoverride | userate | vswap | publicnic | publicnetspeed | kvmguestcache | pxeenabled | pxeipaddress | pxefilename | osversion | ipv4incount | ipv4outcount | vzextras | vztun | vzppp | ftppbzipuse | ftppbzipthread | ddblocksize | consoledisable |

+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+

|    143 | la19 | 198.46.137.130 | la-vps19.chicagovps.net | LEUPHSN0WFE5JYL6FYZ5NBT4YC2QANCZ687EGJR4 | +kPKJvpZPHQmyu4Tjf3D2ZR347W5Zen9pv7r2NONEU4MJdUeQoQSM/fCBRXCPr4= | USA     | Los Angeles | 4022 | Active | openvz | x86_64 |        20 |       100 |         1 |        1 |      1 |         1 |     |   0 |            | 198.23.250.202 | backup      | 3UvWT+xRTMy7QsLrHCuqxMFdEqg9l038i7ITSg== |      21 | /      |         1 |       2 |        |       7 |         0 |      4 |       1 |        1 | /vz/dump  | 4      | 2      | 19      | /tmp         |       1 |        1 |          1 |         0 | Los Angeles VPS19 | 10.0.0.1     | 255.255.255.0 | xenintbr0  |             1 |        0 |           0 |            0 |     0 |     2 | br0       | /usr/libexec/qemu-kvm |    135 |      0 |       6 | 2147483647 | 2147483647 |            0 |      0 |        0 |           0 |       0 |     1 | eth0      |            100 |               |          0 | 127.0.0.1    | pxelinux.0  |         6 |           0 |            0 |        0 |     1 |     1 |           0 |              1 |        4096 |              0 |

+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+ 

If you send me you email address, I'll look to see if your backup ever ran for centralbackup.  This is a manual backup you would have performed yourself and SolusVM logs that activity in the database.


----------



## lulzsecurity

well, they deserved it.


----------



## Tactical

Drar said:


> *Rant*
> 
> *Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.*
> 
> *I opened multiple tickets since Day 1 asking them about the status of the data on my VPS and all I got is just canned response... After almost 6 days of giving out false hopes they will eventually tell me that my all data is unrecoverable and I need to restore using my own backups. BS Level to the max!!!*
> 
> *If only they will just be outright honest from Day 1 and inform the clients that they don't have weekly backup configured for my VPS (LA19) and the Central Backup of my VPS is lost as well then I can go ahead and make my own contingency plan.*
> 
> *Back in 5/5/2013 I opened a ticket asking them if the weekly backup of my VPS is enabled or do I need to request for it and here is what they said:*
> 
> *I will be looking for a new provider now and will leave Chicago VPS for good! God I hate those $%#^$%%$!!*
> 
> *As soon as I am done with my sites I swear I am gonna take time to warn everybody to stay away from this incompetent host!*
> 
> */Rant*


I understand your frustrations. But overall its your responsibility to backup your data. Im sorry this did happen though. Maybe just take it as a lesson to keep daily backups offsite if your information is that valuable.  Then keep backup of those backups.


----------



## jer

Wanted to let all know I'm still down.. wrong IPs, wrong OS, and I can't log into it.

I'm surprised no one has started a Consumer Awarness / Advocacy  group, for others.


----------



## drmike

jer said:


> I'm surprised no one has started a Consumer Awarness / Advocacy  group, for others.


 

Well, I've done my part, more than anyone else 

Best bet is to file with CVPS for account credit.  Me, I'd be interested in something more than one month since some of you were victimized twice inside one year with your account info being put out in public.

There are privacy concerns generally with a breech.  I'd be pursuing some remedy (i.e cash) for being outed as a customer and details of your account having been made public.  There exists other data in the dump that might also show your home/business ip address which could be concern to some.

ChicagoVPS boasts of being a BBB (Better Business Bureau) member.   The BBB handles unresolved issues and claims from customers put into weird situations like this:

http://www.bbb.org/upstate-new-york/Business-Reviews/internet-web-hosting/chicagovps-in-clarence-ctr-ny-235967102

There you can see CVPS' BBB record and details of one of the complaints.  You can also file a complaint there.


----------



## zero

zero said:


> My Status update;
> 
> LA - Dont answer ping still down
> 
> AT - Still ping reply and empty vps, no data
> 
> Chicago 1 -  Still ping reply and empty vps, no data
> 
> Chicago 2 -  Still ping reply and empty vps, no data
> 
> CVPS cant answer the tickets. I fight my clients on the phone.
> 
> CPVS dont care how about us ...
> 
> Thank you CPVS you push us in to dark.


Still no answer the tickets no restore machines ..


----------



## Zach

https://www.youtube.com/watch?feature=player_detailpage&v=WLJ01przUmc#t=74s


Seems relevant right now


----------



## maounique

Besides the suffering that caused to the people, i cannot wonder how was this possible.

I mean, people lose data a few months ago, now it happens again and they still dont have back-ups.

Not siding with CVPS, far from it, but it makes me wonder...


----------



## peterw

Mao said:


> I mean, people lose data a few months ago, now it happens again and they still dont have back-ups.


Because people don't learn. It's always the fault of the provider. I started a poll about this.


----------



## zero

zero said:


> Still no answer the tickets no restore machines ..


Still no answer the tickets ...


----------



## upsetcvps

zero said:


> Still no answer the tickets ...


Same here.  Fuck these guys.  I'm sorry but at this point they are just scammers stealing money from people.


----------



## travmed

Looks like they disabled the controls in WHMCS because there is a SolusVM WHMCS module vulnerability. http://www.webhostingtalk.com/showthread.php?t=1278470


----------



## MartinD

That isn't another SolusVM hack, it's an issue with the underlying communication methods.


----------



## srichter

Looks like some phishers are out using the db. Got this text

http://www.imgur.com/SwCGtI4.png


Although I'm not sure where they'd have gotten my #. Maybe they got into their WHMCS?


----------



## Ace_Monkey

I've been asking for an answer as to whether or not my central backup was available since day one. I've asked atleast 5 times and opened two ticket because the first one was being ignored like the second one is now. Their reponses are either blanket responses or cut and paste responses telling me that have my request but would have to get back to me. WHEN?

At this point I do not care about a restore, I was just trying to avoid having to redo a bunch of work setting the box up. The data beyond that is very small and I have backed up. So, on Saturday I asked for a fresh install of the correct OS and haven't gotten anything back. 

I will be filing with the BBB and the Federal Trade Comission later today or early tomorrow. The BBB for the reasons someone else posted above (lack of service, albeit it being busy you could at least have said something and not kept stringing me and other on) and the Federal Trade Comission for the lost personal information. Chris made it seem like it was no big deal that it was just my name on the list. Yeah and my phone number and IP address as well.

I got what I paid for alright. But I didn't know that sh!t cost that much.


----------



## upsetcvps

Ace_Monkey, could you give some details on how others can file similar complaints and what is involved?

My vps is down again after being up for about a day.  No reply to tickets.


----------



## zulualpha

Both buffalo VPS back up now


----------



## Tactical

I dont think there was any phone numbers in the database dump. I would like the FTC to follow up on that compliant just to see where it goes.


----------



## MannDude

srichter said:


> Looks like some phishers are out using the db. Got this text
> 
> http://www.imgur.com/SwCGtI4.png
> 
> 
> Although I'm not sure where they'd have gotten my #. Maybe they got into their WHMCS?


Phone numbers aren't stored in SolusVM's database, that's for sure. Did your gmail use the same password as your VPS?


----------



## drmike

Yes, I can confirm SolusVM wasn't storing any phone numbers.


----------



## kauffjd3

still down and no response to tickets.


----------



## srichter

MannDude said:


> Phone numbers aren't stored in SolusVM's database, that's for sure. Did your gmail use the same password as your VPS?


No, absolutely not. My account wasn't compromised it just appears someone was trying to phish my details. It could just be a coincidence I guess.


----------



## cvps_customer

Received a note that my data was restored from Central backup, however the new "virtual server controls" have disappeared and I cant get the VPS back online. Submitted another ticket to have my VPS powered on, fingers crossed. Getting closer!


----------



## zero

Finally CVPS start the restore process on my all vps.


----------



## kauffjd3

Should I keep creating tickets?  Still down and no word.  When should I file a complaint with BBB?


----------



## zulualpha

kauffjd3 said:


> Should I keep creating tickets?  Still down and no word.  When should I file a complaint with BBB?


I would close your other tickets and just create a new one if they've been open for more than 24 hours with no response. My new tickets have been responded to fairly quickly, so your older ones might simply be buried.


----------



## upsetcvps

my old tickets got responded to.  They seem to be active in spurts... I'll get 3 really quick replies then I'll have to wait 8 hours for the next one...


----------



## Aldryic C'boas

upsetcvps said:


> my old tickets got responded to.  They seem to be active in spurts... I'll get 3 really quick replies then I'll have to wait 8 hours for the next one...


Sounds like it's back to just Adam and Chris running things again - maybe their helping hands got tired of helping, and went back to their own jobs.


----------



## drmike

Aldryic C said:


> Sounds like it's back to just Adam and Chris running things again


 

Adam + Chris + Luc.


----------



## zulualpha

buffalooed said:


> Adam + Chris + Luc.


Had a response from Mark the Support Guru earlier today too


----------



## Aldryic C'boas

Never spoke or had any interaction with the Luc character - his existence could be as insubstantial as the other fabricated identities as far as I know.


----------



## mikho

Aldryic C said:


> Never spoke or had any interaction with the Luc character - his existence could be as insubstantial as the other fabricated identities as far as I know.


In this online world, one might never know. Back when their db was leaked on let the first time I pm'ed all 3 of them and Luc was the one answering.


----------



## dynweb

Why do you think they wouldn't exist? I even know how they look like:

http://www.nwnx.net/The-Team.html


----------



## drmike

dynweb said:


> Why do you think they wouldn't exist? I even know how they look like:
> 
> http://www.nwnx.net/The-Team.html


Not what they look like unless they finally updated that stagnant rotted site.


----------



## srichter

dynweb said:


> Why do you think they wouldn't exist? I even know how they look like:
> 
> http://www.nwnx.net/The-Team.html


Jeremiah is looking manly, has he been going to the gym?


----------



## kauffjd3

Still down.  New ticket created.  I'm going to start calling today.  Any particular # i should use?


----------



## Aldryic C'boas

> Why do you think they wouldn't exist? I even know how they look like: http://www.nwnx.net/The-Team.html


That site is one of the reasons I'd have to meet these 'additional' kids before I accepted them to be more than imaginary. Remember, this is a company that is *publicly* known to list people as employees just to boost numbers. Chris and Jere I've spoken to; Adam is a known entity. The rest? I think 'have to see to believe' would be the phrase apropos.


----------



## zero

Status Update;

LA Location - Still Down and Not Restored Yet
Atlanta Location - Still Down and Not Restored Yet
Chicago Location - Still Up and Wrong Restored with Old Date (March and no web,mail or other data)
Chicago Location - Still Up and Not Restored Yet


----------



## D. Strout

A while ago I was considering getting a 2GB for $7 OpenVZ w/ $10 cPanel "deal" from them. I am glad I did not.


----------



## Drar

*I suggest to any of you that are still having issues with Chicago Fail VPS to file a complaint with Better Business Bureau Upstate New York *https://odrcomplaint.bbb.org/odrweb/public/NewComplaintForm.aspx?BBBID=6&BusinessID=235967102


----------



## srichter

Anyone remember this quote from their RFO email on the 22nd?



> I will make a decision tonight about compesation and release another email in the morning.


----------



## MannDude

Drar said:


> *I suggest to any of you that are still having issues with Chicago Fail VPS to file a complaint with Better Business Bureau Upstate New York *https://odrcomplaint.bbb.org/odrweb/public/NewComplaintForm.aspx?BBBID=6&BusinessID=235967102


I've seen a lot of people say that, yet I've yet to see any complaints listed on BBB due to it.

Also, if you don't follow up on the complaint, they assume it to be resolved.


----------



## MannDude

srichter said:


> Anyone remember this quote from their RFO email on the 22nd?


Good luck. CVPS is hard to get money back from. Individuals in the past have been told by Chris Fabozzi to perform a PayPal dispute for them to get their money back.

What is due compensation for such a prolonged outage? 24 hours down? I'd give you a free month + some credits to be used towards future invoices or services. But for those who have been down for damn near a week, how do you compensate for that? I've never been with a provider who has had such an outage, but at the very least i'd be expecting some prolonged free service _OR_ my money back with no hassle whatsoever if I were to request it.


----------



## drmike

MannDude said:


> I've seen a lot of people say that, yet I've yet to see any complaints listed on BBB due to it.


The BBB is an old fashioned slack festival.  So complaints levied probably won't show up online for a month I'd guesstimate.  

But that isn't any reason not to file.


----------



## drmike

MannDude said:


> What is due compensation for such a prolonged outage? 24 hours down? I'd give you a free month + some credits to be used towards future invoices or services.



Frankly, there are multiple things to be compensated for.

1. The prolonged outage.

2. Losing your data / not knowing if they have your data.

3. Up to a week of downtime and being in limbo.

3.5 Lost time for those having to reconfigure their services

4. Lost time reading all their BS and having to go research online about the situation.

5. Leaking your customer info / that you are a customer to the world via the Solus exploit (ummm why again does Solus need to store emails and name in plaintext or at all?)

The outage issues should be compensated at three free months of service, minimum for those wiped out by this with long outage and lost data.

Anyone on a yearly plan (prepaid of course) should be offered a refund for existing months + credit for two more months.

Privacy issues, I might be over inflating, but real concern and something legal should be pursued by a hungry lawyer.  This is the second full release in 7 months.

A suit would mean ChicagoVPS and their parent company would end up bringing SolusLabs into the suit.

A smart lawyer would sue both ChicagoVPS and SolusLabs though in one suit.


----------



## D. Strout

Class action suit anyone?


----------



## Francisco

D. Strout said:


> Class action suit anyone?


Won't happen. What'll likely happen is Chris throws a couple months to certain people and be done with it. When the hack happened last year a lot of people never got the compensation either. They were promised it, had VM's that got smacked, yet never got a credit of any sort even after ticketing.

There's lots of sad stories on the eye arrr seas.

Francisco


----------



## shawn_ky

Well, I finally have a backup from the Central Repositroy... No idea the date, but it's better than nothing.  Dallas was a loss... Rebuilt twice, finally with correct image.  Backups have been taken, Tahoe-LAFS installed, OwnCloud Installed, regular backups via CRON as well to a local machine. This has taught me a lesson...

I also now have 7 VPS's around the country... Many thanks for the help from everyone!


----------



## drmike

Quite the setup shawn_ky 

Wondering how many folks still are in limbo with their CVPS accounts --- don't know if they have their data?  

Totally is being handled just like last time.   Wearing people down with time and dealing with one off issues.  The mass of clients, forgotten about, no credits, etc.

@shawn_ky,  send me private message and I'll look up your Central Repository backup and tell you the date it was ran


----------



## peterw

MannDude said:


> But for those who have been down for damn near a week, how do you compensate for that? I've never been with a provider who has had such an outage, but at the very least i'd be expecting some prolonged free service _OR_ my money back with no hassle whatsoever if I were to request it.


I would not take any free services. Nobody needs additional services that do not work. Cheapest way for them would be to through out some free months.


----------



## zero

CVPS Damned A**h*l*s

Cant have a any backup.

They are living a Utopia !

I hire tomorrow advocate for create lawsuite case. There is enough for me.


----------



## zero

I write CPVS to following :

You or Your Firm I Dont Care;

 

1) You cannot make required security things

2) You dont have a any backup,

3) You cannot manage for disastery 

4) You cannot share any information to customers

5) You dont have human power for disastery scenerio

6) You make a fool to all customers

 

There is enough for me!

 

I officialy request your following information about make create a lawsuite.

 

1) Firm Owner Name

2) Firm location (street address, etc.)

3) VAT Number

 

Immediatly and start refund process ...


----------



## MartinD

Wont do you much good posting that here. They had their ban over at LET removed so they could post up there instead knowing full well they can moderate what is said about them. Not so easy over here


----------



## drmike

That CVPS ban on LET is just a big ole' mystery too.   Why would Colocrossing ban their own house company and otherwise one of their larger customers.  Why would Jon (CC) ban his bestie Chris?  

Well he wouldn't.  Chris said his ban on LET was self imposed and he asked to be banned.

@zero

:

1) Firm Owner Name

ChicagoVPS

Principal: Mr. Chris Fabozzi, Owner

 

2) Firm location (street address, etc.)

9697 Garden Walk, Clarence Ctr, NY 14032

 

3) VAT Number

none.


----------



## MannDude

buffalooed said:


> That CVPS ban on LET is just a big ole' mystery too.   Why would Colocrossing ban their own house company and otherwise one of their larger customers.  Why would Jon (CC) ban his bestie Chris?
> 
> Well he wouldn't.  Chris said his ban on LET was self imposed and he asked to be banned.
> 
> @zero
> 
> :
> 
> 1) Firm Owner Name
> 
> ChicagoVPS
> 
> Principal: Mr. Chris Fabozzi, Owner
> 
> 
> 
> 2) Firm location (street address, etc.)
> 
> 9697 Garden Walk, Clarence Ctr, NY 14032
> 
> 
> 
> 3) VAT Number
> 
> none.


He wasn't banned by any of the CC folk. It was either Infinity or Liam, one of the people who was tired of his shit. I forget which, but one told me it was them. (I get them confused sometimes)

9697 Garden Walk, Clarence Ctr, NY 14032 that isn't a real address. Look it up on a map, or a send a letter there and get it returned to you.


----------



## drmike

MannDude said:


> 9697 Garden Walk, Clarence Ctr, NY 14032 that isn't a real address. Look it up on a map, or a send a letter there and get it returned to you.


9697 Garden Walk IS a real address.

It's a brand new home built in the past year:  It's a model home:

Brownstone Homes – The Edgewater


 


Model:  The Edgewater

9697 Garden Walk


Clarence Center, NY14032


Bedrooms:  3


Baths:   3


Square Footage:  2790

Property Class

311 RES VAC LAND

OwnerROCKWELL CONSTRUCTION INC D/B/A BROWNSTONE HOMESBook-Page/Date11230-3742 * 9/27/2012

*OwnerFABOZZI NICHOLAS A/JEAN ABook-Page/Date11236-9113 * 1/8/2013 *


----------



## srichter

buffalooed said:


> 9697 Garden Walk IS a real address.
> 
> It's a brand new home built in the past year:  It's a model home:
> 
> Brownstone Homes – The Edgewater
> 
> 
> 
> 
> 
> Model:  The Edgewater
> 
> 9697 Garden Walk
> 
> 
> Clarence Center, NY14032
> 
> 
> Bedrooms:  3
> 
> 
> Baths:   3
> 
> 
> Square Footage:  2790
> 
> Property Class 311 RES VAC LAND
> 
> OwnerROCKWELL CONSTRUCTION INC D/B/A BROWNSTONE HOMESBook-Page/Date11230-3742 * 9/27/2012
> 
> *OwnerFABOZZI NICHOLAS A/JEAN ABook-Page/Date11236-9113 * 1/8/2013 *


I wonder if the Fabozzi family oversells their homes like they do their servers?

"Oh you wanted to use the shower? Sorry, Manuel is showering right now and then Cindy is next, try again later."


----------



## drmike

srichter said:


> I wonder if the Fabozzi family oversells their homes like they do their servers?


 

Probably not.  You expect an accountant to be tight with their own money, but graciously taking of your funds.


----------



## Naruto

Chris is a good guy.

He'll overcome this and get everything going again.

Watch; you'll see.

Good luck Chris.  ^_^


----------



## Lanarchy

My 5 VPS are all restored and functioning with my data. I did use Central Backup on all my nodes, but I needed it only for my 2 ATL nodes.


----------



## peterleem

anyone got refund from CVPS?

I can't trust CVPS anymore.


----------



## upsetcvps

peterleem said:


> anyone got refund from CVPS?
> 
> I can't trust CVPS anymore.


Good luck.  They just ignore my ticket.  I will give them until next week then I am contacting paypal, my credit card, BBB, and attorney general to report fraud.


----------



## mojeda

upsetcvps said:


> Good luck.  They just ignore my ticket.  I will give them until next week then I am contacting paypal, my credit card, BBB, and attorney general to report fraud.


lol.


----------



## Magiobiwan

Good luck with the lawsuits. You'll probably spend MORE on legal costs than you could possibly win in a judgement.


----------



## drmike

Magiobiwan said:


> You'll probably spend MORE on legal costs than you could possibly win in a judgement.



All the the low end industry needs is a hungry lawyer ready to start filing suits.   I won't shed a tear when/if it happens, even if it is against another unsavory provider.


----------



## Magiobiwan

opcorn:


----------



## WSWD

Magiobiwan said:


> Good luck with the lawsuits. You'll probably spend MORE on legal costs than you could possibly win in a judgement.


Legal costs?  It's all small claims.  There are no legal costs involved except the filing fees and subpoena fees, both of which you get back after you win the lawsuit. 

If there is so much fraud and false advertising and such that everybody is claiming, turn them in to the Attorney General.  They love dealing with cases like this.  Though they probably have bigger fish to fry, I'm sure there's some newbie attorney in the AG's office who needs to get his/her feet wet.


----------



## peterleem

Last posts have removed?


----------



## Gary

Probably the same problem as before, the database swallowed the posts again.


----------



## rds100

Bad database, bad, bad, bad!


----------



## thx1169

My 1st. post. Probably won't be here in a day or 2 anyway.

What's the point of following a thread or even adding to it if it gets mangled every couple of days?


----------



## MannDude

thx1169 said:


> My 1st. post. Probably won't be here in a day or 2 anyway.
> 
> What's the point of following a thread or even adding to it if it gets mangled every couple of days?


IPB staff is fixing it.

The thread was over 30+ pages, then due it being 'archived' (by mistake) and UNarchived it lost half it's content. The content still exists in the DB, and it's being imported manually.

In fact they added half of it earlier today but as you can see it was inserted _after_ new content. Page 17 had the most recent discussion. Then they added 5 pages of old discussion ontop of it.

It's a mess but we're working on getting it sorted to preserve all the original content.

Make a PT2 if you wish, and I'll merge the two topics together when this one is finally preserved.


----------



## MannDude

http://stats.pingdom.com/jzrszp4wfu79

They've still got seven nodes down according to this. =/


----------



## thx1169

MannDude said:


> IPB staff is fixing it.


Sounds good


----------



## wlanboy

MannDude said:


> IPB staff is fixing it.
> 
> The thread was over 30+ pages, then due it being 'archived' (by mistake) and UNarchived it lost half it's content. The content still exists in the DB, and it's being imported manually.


How long do we have to wait until all the archived threads are back online?


----------



## MannDude

wlanboy said:


> How long do we have to wait until all the archived threads are back online?


Well, they tried and it still didn't work.

Probably what I will have to do is create a new thread. Hide it from public view, have them restore the old thread content to it. It will remain archived / locked. This thread will be a continuation of that and duplicate entries in this thread that exist in the restored version will be removed. That way all posts are restored though they may be 'archived'. Had to make a compromise.



> .
> .
> 
> 
> .
> 
> 
> There is literally no way with script or other to do this properly now. You have allowed your members to use up a vast amount of post pid's since this has occurred.
> 
> 
> Further, unfortunately it is not possible to insert posts into the *middle* of a topic.
> 
> 
> The script, as it stands, completely un-archives the topic successfully on the backup database, which as you say, it's much much too late to restore to.
> 
> 
> To that end, the only thing I can do now is further investigate why the archiver did this in the first place.
> 
> 
> .
> 
> 
> .
> 
> 
> .




That is part of their response.

Being the weekend now, I am unsure when this will be resolved.


----------



## MartinD

What about restoring to another thread then merging them?


----------



## MannDude

MartinD said:


> What about restoring to another thread then merging them?


One step at a time, I s'pose. That'd be the best solution really. Just getting the content back would be nice.

The CVPS thread isn't the only thread, a couple others need some manual restoration. They're going to investigate a few issues I reported that caused the forum to kind of regurgitate after enabling the archive feature initially. 

EDIT: Working on restoring all posts now. All content is back, just removing duplicate contents between two threads and will open it back up.


----------



## VPSandyou

Hey guys -

I have a number of VPS accounts with ChicagoVPS and lost a lot of data, time, and don't trust these guys.  I asked them for a prorated refund on half of my VPS and Adam (Kevin) was rather rude in his responses and just said No and blamed it on SolusVM then closed the ticket.

Do I have any recourse? Any suggestions?


----------



## MannDude

VPSandyou said:


> Hey guys -
> 
> I have a number of VPS accounts with ChicagoVPS and lost a lot of data, time, and don't trust these guys.  I asked them for a prorated refund on half of my VPS and Adam (Kevin) was rather rude in his responses and just said No and blamed it on SolusVM then closed the ticket.
> 
> Do I have any recourse? Any suggestions?


Pro-rated refund seems like a reasonable request. I'm sure many others demanded much more than that.

Care to post the ticket screenshots to verify this claim?


----------



## mnsalem

I just took my data off it after it got restored, then kept it running until it expired on the 4th ... didnt even ask for anything because I read around they just won't respond, plus, It already served the time i had it for and it was time to move on back to another provider.

I just thank god i didn't take their cPanel deal, would've been a nightmare!


----------



## MannDude

mnsalem said:


> I just thank god i didn't take their cPanel deal, would've been a nightmare!


Why is that? How would that have been more of a nightmare than having a regular production site or something on there? JW


----------



## mnsalem

MannDude said:


> Why is that? How would that have been more of a nightmare than having a regular production site or something on there? JW


Well, the amount of work it would have required to get another cPanel VPS up and running, then restore the clients backup, an old one might i add on it after setting it up would be just crazy and very problematic! Considering i was slacking on the backups the last period before it went off


----------



## SkylarM

mnsalem said:


> Well, the amount of work it would have required to get another cPanel VPS up and running, then restore the clients backup, an old one might i add on it after setting it up would be just crazy and very problematic! Considering i was slacking on the backups the last period before it went off


cPanel backups are easy, as is cPanel setup. Takes like 5 minutes to get everything running and restored from backups if you know what to do.


----------



## mnsalem

SkylarM said:


> cPanel backups are easy, as is cPanel setup. Takes like 5 minutes to get everything running and restored from backups if you know what to do.


Ofcourse, and i know that, but ISP's are so crappy here it could take up to 72 Hours to get the DNS records properly propagated ... that's why i said it would be a mess, at least in my area


----------



## SkylarM

mnsalem said:


> Ofcourse, and i know that, but ISP's are so crappy here it could take up to 72 Hours to get the DNS records properly propagated ... that's why i said it would be a mess, at least in my area


Ah yeah well that could be messy for sure.


----------



## VPSandyou

MannDude said:


> Pro-rated refund seems like a reasonable request. I'm sure many others demanded much more than that.
> 
> Care to post the ticket screenshots to verify this claim?


FYI I just sent you over the ticket


----------



## MannDude

VPSandyou said:


> FYI I just sent you over the ticket


Yup, got it. Thanks!


----------



## xvtv

Someone got compensation for the downtime?


----------



## Lee

I am pretty sure that they have said in the past you need to ask for it rather than expect it.


----------



## ComputerTrophy

Regarding SolusVM, their external security audit should end by the end of tomorrow, according to a response from a support ticket I sent them.


----------



## MannDude

InvokeVM-Kelvin said:


> Regarding SolusVM, their external security audit should end by the end of tomorrow, according to a response from a support ticket I sent them.


Ticket to who, CVPS or SolusVM?

I thought CVPS was getting their own in-house panel made?


----------



## Aldryic C'boas

MannDude said:


> I thought CVPS was getting their own in-house panel made?


I thought it only counted as 'in house' when you had someone that actually knew what they were doing writing code, as opposed to having to hire outside help to do anything more more than push UI buttons?


----------



## MannDude

Aldryic C said:


> I thought it only counted as 'in house' when you had someone that actually knew what they were doing writing code, as opposed to having to hire outside help to do anything more more than push UI buttons?


True, but I have no idea if they are actually doing that or even have a panel in place right now. I figured if they had a 'in-house' or 'custom made' panel there would have been a press release or some buzz about it by now.


----------



## Aldryic C'boas

I imagine at this point he's more terrified of becoming a target again.  It's very well known that he 1) has zero tech skills, and 2) is a compulsive liar.  Nobody is going to believe that he actually had something professionally made (let alone pen tested) unless a known and respected third party developer/tester came forward to vouch for him.


----------



## drmike

CVPS is just sitting, waiting and fattening up.

How many new SSD servers will we discover come next hack  ?

He can pay for development surely.  It being secure, well, that's asking a lot of most programmers.  Better hire / outsource a real audit too.   We are talking fairly big collective sums.  I don't see it happening.  But, you never know with the people mixed up with him in different ways.


----------



## ComputerTrophy

MannDude said:


> Ticket to who, CVPS or SolusVM?
> 
> I thought CVPS was getting their own in-house panel made?


I meant SolusVM.


----------

