# RobertClarke/Server Crate back ?



## sv01 (Jun 24, 2013)

opcorn: opcorn:

He post new offer today

http://www.webhostingtalk.com/showthread.php?t=1278599


----------



## texteditor (Jun 24, 2013)

ballsy son of a bitch


----------



## Amitz (Jun 24, 2013)

Someone get him!


----------



## anyNode (Jun 24, 2013)

Thats pretty funny actually


----------



## XFS_Duke (Jun 24, 2013)

People like that should be banned from life...


----------



## sv01 (Jun 24, 2013)

+1 



XFS_Duke said:


> People like that should be banned from life...


----------



## Reece-DM (Jun 24, 2013)

Damm he's got some big E-Balls.

I'm shocked WHT hasn't kicked him out.


----------



## Magiobiwan (Jun 24, 2013)

I wonder if CurtisG (netnub) and that Johnny guy might not have been a part of the RamNode hit as well.


----------



## DaringHost (Jun 24, 2013)

Reece said:


> Damm he's got some big E-Balls.
> 
> I'm shocked WHT hasn't kicked him out.


I have a feeling that's coming soon after they learn about what he did. They have a zero tolerance for that kind of stuff on WHT.


----------



## jarland (Jun 24, 2013)

Incoming infractions for "ad trashing" on texteditor and Amitz. Just a heads up. Posts worthy of remaining, but you know WHT.


----------



## MannDude (Jun 24, 2013)

jarland said:


> Incoming infractions for "ad trashing" on texteditor and Amitz. Just a heads up. Posts worthy of remaining, but you know WHT.


That's why I refrained from responding.

I did ask in the Premium section why the hell Robert isn't banned from there too.


----------



## Amitz (Jun 24, 2013)

I rather risk my bloody WHT account than letting someone who has no idea about Robert order a service there.


----------



## Aldryic C'boas (Jun 24, 2013)

> I did ask in the Premium section why the hell Robert isn't banned from there too.


Any response? Looks like the WHT mods removed the posts about his attacks on other providers.


----------



## drmike (Jun 24, 2013)

Yeah WHT and the uneven policing.

A little too holy approach to the sacred ads over there.


----------



## Mun (Jun 24, 2013)

Anyone good at making a DDos? I need to do some "testing" on a 128MB DDOS protected server. >_>

Mun


----------



## jarland (Jun 24, 2013)

Mun said:


> Anyone good at making a DDos? I need to do some "testing" on a 128MB DDOS protected server. >_>
> 
> 
> Mun


Ask Gervais


----------



## Jack (Jun 24, 2013)

Mun said:


> Anyone good at making a DDos? I need to do some "testing" on a 128MB DDOS protected server. >_>
> 
> Mun


BuyVM's is better, Fran actually knows what he is doing.. compared to Robert reselling the services with a GRE Package and a RENTED /24 OFF AVANTE.


----------



## Aldryic C'boas (Jun 24, 2013)

Hey now, be a little more careful with those answers. Yes, we all know Mun was joking, but to someone just casually reading through you've just implied that we DDoS other providers.


----------



## jarland (Jun 24, 2013)

Aldryic C said:


> Hey now, be a little more careful with those answers. Yes, we all know Mun was joking, but to someone just casually reading through you've just implied that we DDoS other providers.


Easy to mistake this place for HF with G and his buddies constantly signing up to make new threats


----------



## Mun (Jun 24, 2013)

Aldryic C said:


> Hey now, be a little more careful with those answers. Yes, we all know Mun was joking, but to someone just casually reading through you've just implied that we DDoS other providers.


You do though, you DDOS them with love, humility, and sometimes hidden meanings. 

Mun

Edit:

P.S. you should DDOS me with some info so I can create a page on VPSwiki.us for you guys. Just sayin


----------



## manacit (Jun 24, 2013)

Mun said:


> Anyone good at making a DDos? I need to do some "testing" on a 128MB DDOS protected server. >_>
> 
> Mun


Because that's *exactly* the right thing to do, more DDoSing? Seriously? Does that even make you any better than Robert (no), maybe we should ban you for openly threatening to DDoS another provider here - even if it *is* a joke.

I'm seriously tired of this - before anyone accuses me of shilling or anything, I have a RamNode, it was down due to the attack, I wasn't exactly happy about it. Can we all get over it?

Jumping at him and posting in his WHT thread aren't going to do ANYONE good at ALL. Threatening to DDoS him won't do ANY good. We don't even know if he did anything other than run the cursory script to test the exploit. I know when the kernel exploit came out a few months ago, I ran it in one of my openvz vpses because I hadn't heard whether it worked or not, and I wanted to let everyone know (in private) if it did. Some providers were threatening to suspend service for that - was I any more guilty than him? Maybe not.

This is why this community is so damn annoying - everyone acts just about as mature as a 16 year old, you're all just to immature to notice that standing on your stupid self-erected pedestal about this issue isn't helping anyone. Grow up.


----------



## Nick_A (Jun 24, 2013)

I'm hopeful WHT doesn't want someone like that taking part in their community since his presence reflects negatively.


----------



## Mun (Jun 24, 2013)

manacit said:


> Because that's *exactly* the right thing to do, more DDoSing? Seriously? Does that even make you any better than Robert (no), maybe we should ban you for openly threatening to DDoS another provider here - even if it *is* a joke.
> 
> I'm seriously tired of this - before anyone accuses me of shilling or anything, I have a RamNode, it was down due to the attack, I wasn't exactly happy about it. Can we all get over it?
> 
> ...



1) I said "testing" for a reason.

2) How would this make me any worse then I already am. I run a gaming network. (I am allowing small boys to play with killing)

3) Go ahead and ban me 

4) Who said it was a joke..... NM

5) Hey I have a RAMNODE too, and my client info is now floating around the internet somewhere.

6) So standing back and watching as multiple people buy a service from a person who just leaked and damaged multiple companies would be a better solution?

7) I wasn't threatening, I want to "test" his DDOS functionality for a "review".

8) .... and then leak the database to the internet.

9) facedesk, so its okay to test to see if you can delete all the nodes, for testing purposes, then why can't I test his DDOS functionality.

10) I am 16, and so is Robert. XD

11) Im working on growing up right now, every year that goes by I mature 1 year.

12) Where is the pedestal, I want one.... MOMMMMY!

Mun


----------



## jarland (Jun 24, 2013)

manacit said:


> Can we all get over it?


I can only speak for myself when I say...not what I'm best known for.


----------



## Mun (Jun 24, 2013)

jarland said:


> I can only speak for myself when I say...not what I'm best known for.


You forgave shovey 

Mun


----------



## jarland (Jun 24, 2013)

Mun said:


> Your forgave shovey
> 
> 
> Mun





Forgave Gervais too, and even publicly defended him a few times.


----------



## manacit (Jun 24, 2013)

Mun said:


> Stuff
> 
> Mun


Most of this doesn't even warrant a response - I think we all know that "testing" DDoS protection and "testing" for an exploit so you can warn someone asap before it's taken advantage of are two very different things. I'm not even the only person that said this. 

You're assuming that Robert deleted the nodes and leaked the data, can we at least stick to what we know? I'm not even sure where you're getting half of the crap you're saying. Your age shows. 

None of this is doing any good for anyone, grow up.


----------



## Aldryic C'boas (Jun 24, 2013)

> We don't even know if he did anything other than run the cursory script to test the exploit.


He attempted the exploit on other providers as well, including those he had no reason to "helpfully warn" (including us, and yes I have proof).




> Some providers were threatening to suspend service for that


I think that was just us, actually. And aye, I did threaten termination on the folks that tried it discreetly (_ie_ - tested without saying anything) - the clients that immediately opened a ticket with us afterward asking if they should be concerned were profusely thanked for the heads-up, and assured that Stallion was not vulnerable to that exploit.


----------



## manacit (Jun 24, 2013)

Aldryic C said:


> He attempted the exploit on other providers as well, including those he had no reason to "helpfully warn" (including us, and yes I have proof).
> 
> 
> I think that was just us, actually. And aye, I did threaten termination on the folks that tried it discreetly (_ie_ - tested without saying anything) - the clients that immediately opened a ticket with us afterward asking if they should be concerned were profusely thanked for the heads-up, and assured that Stallion was not vulnerable to that exploit.


Correct me if I'm wrong - did he not  have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?

You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?


----------



## Mun (Jun 24, 2013)

@manacit

What I find really funny about you is how ironic you can be.

"I know when the kernel exploit came out a few months ago, I ran it in one of my openvz vpses because I hadn't heard whether it worked or not, and I wanted to let everyone know (in private) if it did."

Thus it is okay for you to test something and not me. I have been fully joking other then for the fact that robert did run the exploit, but I don't know if he actually did delete the nodes. He is probably going to be charged by Nick_A and I really hope Nick wins. 

You should google "forum troll" as that is what I like to do. I want people to laugh and giggle since we are all generally stressed. 

You may still find it wrong for me to "threaten" robert with a DDOS, but I find it wrong for him to leak my personal data to the internet. That is one reason people were able to find that he did it. It showed who dumped the database.

Yours Truly,

Mun

P.S. laugh some more


----------



## jarland (Jun 24, 2013)

manacit said:


> Correct me if I'm wrong - did he not have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?
> 
> 
> You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?


Correct me if I'm focusing on the wrong detail but did you sign up here to defend Robert Clarke? I know you signed up a while ago but 100% of your posts go to...


----------



## Mun (Jun 24, 2013)

manacit said:


> Correct me if I'm wrong - did he not  have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?
> 
> You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?



Then why can't I test a DDOS? He tested a security exploit. I want to test his DDOS protection 

Mun


----------



## Aldryic C'boas (Jun 24, 2013)

> Correct me if I'm wrong - did he not have service at the time (or wasn't it very recently terminated?).


You're correct - his service with us had ended several days prior.




> It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked


An interesting way of looking at it - except that he knew we didn't run Solus, and had no reason to be trying to run exploits on our system at all.




> You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?


You may have misunderstood me there - yes, he claims to have contacted Nick. He never contacted us. And the clients that did try to test it on us and then ticketed to let us know were *thanked*, not punished, for bringing it to our attention. I took issue with the folks that tried to run the exploit without even admitting to it until confronted (and one of them even tried to deny doing so, all the while replying from the same residential IP the exploit attempt originated from).


----------



## notFound (Jun 24, 2013)

Aldryic C said:


> Any response? Looks like the WHT mods removed the posts about his attacks on other providers.


It was in the Premium Members chat thread, but it doesn't seem like there is any proper response yet (only from a Community Liason, whatever that is):


----------



## manacit (Jun 24, 2013)

Mun said:


> Then why can't I test a DDOS? He tested a security exploit. I want to test his DDOS protection
> 
> Mun


Since you seem hell-bent on getting me to answer this question, I'll take a stab at it.

There's a world of difference between running an exploit that has absolutely no known side-effects other than allowing you root access to the machine that you run it on and a DDoS attack. I made sure I examined the source along side the explanation before I ran it. I took a gamble that it wouldn't crash and burn an entire node worth of VMs because no one had encountered that problem running it on any other system (and, in fact, I tried it locally in virtualbox before I even tried it on a openvz VM).

A DDoS, on the other hand, is an inherently malicious attack that, if successful, will have a negative impact on a significant amount of people aside from yourself (where as even if my testing had completely ruined MY VM, I would be the only person affected). You and I both know that your original post, while a joke/troll, was using the word "testing" as a euphemism for trying to take down his network. 

I'm not even the only person in the thread that's brought this up. I know you're trolling, most of my initial post wasn't even directed at your stupid and frankly mediocre forum trolling, but now that you're pestering, I might as well reply so I can further my point.

@Aldryic: It is curious that he tested it on you when he knew you didn't even run solus at all - I'm not sure I can explain that. It's also probably why he didn't contact you (maybe he realized how dumb it was to try a solus exploit on non-solus software, heh). I'm only operating under the pretense that he isn't lying when he said he attempted to contact Nick, I have no insider information, but I hate seeing a witch hunt. 

My only point was that you did thank the people that tried the exploit and then contacted you about it - which is what Robert claims to have done as well - an action that would generally (and, clearly, has in the past) cause the doer to receive praise, not hate. 

@jarland: I figured someone would bring this up eventually - I'm not here to solely defend Robert, I just generally don't post. You can see my LET account: http://www.lowendtalk.com/profile/21154/manacit (though I've been lurking for far longer) and my WHT account: http://www.webhostingtalk.com/member.php?u=183526 (joined '07, eek!). I just feel bad for the dude, and I want to combat the utter, ahem, immaturity of this community a little bit. 

In fact, by posting this, I'm probably pissing off Nick_A, who I really like a lot (sorry).


----------



## Aldryic C'boas (Jun 24, 2013)

> There's a world of difference between running an exploit that has absolutely no known side-effects other than allowing you root access to the machine that you run it on and a DDoS attack.


The catch about the exploit though is that it doesn't just give -you- access... it gives ANYONE root access. If all he had done was test the vulnerable file itself, that would've been one thing. He effectively root kitted the box and left it WIDE OPEN for the next person to come along and wipe out the nodes... that's of course operating under the assumption that he didn't actually cause the damage himself (given his history, that's something that most of us are rather skeptic on). Besides, why would a "provider" (and I use that term VERY loosely) go around 1) running code when he doesn't know what it does, and 2) do so on other people's gear.




> My only point was that you did thank the people that tried the exploit and then contacted you about it - which is what Robert claims to have done as well - an action that would generally (and, clearly, has in the past) cause the doer to receive praise, not hate.


If Robert claimed to have contacted us, that was a dead lie. His first comment on the issue was AFTER I disclosed that I caught his IP trying to exploit us as well, and even then the 'explanation' did not add up with the other excuses he was giving (the most prominent being that he was "just testing SolusVM providers he had service with"). Not only did he not have service with us, his parting as a client was less than amicable: given how he generally behaves, one could very easily conclude that his exploit attempt on us was 100% malicious in nature.




> I just feel bad for the dude,


From an outside perspective, 100% understandable. But it would be worth looking into _why_ he's so disliked as well... generally speaking, you have here a community mostly full of respected providers, tech-heads, and freelancers. We're not exactly HackForums, and we're not going to just sit and unload on someone for no reason.


----------



## manacit (Jun 24, 2013)

Aldryic C said:


> The catch about the exploit though is that it doesn't just give -you- access... it gives ANYONE root access. If all he had done was test the vulnerable file itself, that would've been one thing. He effectively root kitted the box and left it WIDE OPEN for the next person to come along and wipe out the nodes... that's of course operating under the assumption that he didn't actually cause the damage himself (given his history, that's something that most of us are rather skeptic on). Besides, why would a "provider" (and I use that term VERY loosely) go around 1) running code when he doesn't know what it does, and 2) do so on other people's gear.



I was assuming he'd only admitted to running the GET request and not using rofl.php - if it was the latter, it's definitely different, I do agree with you. Either way, I'm not in any way saying it was a good decision to run code that you haven't vetted yourself (although I was under the impression he didn't use rofl.php at all, which would make examining the code very possible). It could be reasoned that he was just trying to be responsible and telling his fellow companies that they were vulnerably.



> If Robert claimed to have contacted us, that was a dead lie. His first comment on the issue was AFTER I disclosed that I caught his IP trying to exploit us as well, and even then the 'explanation' did not add up with the other excuses he was giving (the most prominent being that he was "just testing SolusVM providers he had service with"). Not only did he not have service with us, his parting as a client was less than amicable: given how he generally behaves, one could very easily conclude that his exploit attempt on us was 100% malicious in nature.


As far as I know he never tried to contact you, maybe because he realized how stupid it would look to have tried an exploit on non-solus system. He behaves impulsively and sometimes inappropriately, I will admit, but whether or not everyone wants to admit it, they ARE jumping to the conclusion that it was completely malicious in nature.



> From an outside perspective, 100% understandable. But it would be worth looking into _why_ he's so disliked as well... generally speaking, you have here a community mostly full of respected providers, tech-heads, and freelancers. We're not exactly HackForums, and we're not going to just sit and unload on someone for no reason.


I've been here for the DDoS attacks and whatnot, the (annoying) Georgia/Nick trolling, etc. I will admit he brings it on himself on occasion, I just don't like seeing someone get torn apart like this without any defense. Call it me sticking up for the underdog.


----------



## jarland (Jun 24, 2013)

Meh, his lawyers can stick up for him just fine


----------



## Mun (Jun 24, 2013)

So attacking a server so that it can be seen from the outside world is NOT OKAY, but compromising a system so that you can get root on a node is? I would rather have a DDOS any day.

Mun

P.S. From my recollection, though I can't find it this sec, robert did run rofl.php.


----------



## mikho (Jun 24, 2013)

Texteditor posted in that WHT thread about what happened before (Roberts involvment) and that post was removed.


EDIT: here's to me for leaving a window open for to long before replying.


----------



## Mun (Jun 24, 2013)

Ahh here we go.

http://vpsboard.com/topic/733-ramnode-down/page-5  Post#89

Now, second of all, I'm really glad you know what I am thinking.... because half the time I don't 

You and I both know that your original post, while a joke/troll, was using the word "testing" as a euphemism for trying to take down his network. 

Why would I want to take down his network? There is far better things I can do to make him go away. Like write a review on how shitty his DDOS protection is, or show that there is a root kernel exploit that I tested on his VM node so it became compromised, and I accidentally leaked the data to the world by pressing send to a bunch of people on hackforums. Who then inadvertently share it with everyone.

Mun


----------



## manacit (Jun 24, 2013)

Mun said:


> So attacking a server so that it can be seen from the outside world is NOT OKAY, but compromising a system so that you can get root on a node is? I would rather have a DDOS any day.
> 
> Mun
> 
> P.S. From my recollection, though I can't find it this sec, robert did run rofl.php.


Sending hundreds of thousands of packets per second of bandwidth with the intention of taking a server offline isn't okay. It's not the same as testing a harmless exploit that doesn't hamper the normal operations (unless, of course, you run commands that do - but then you're not testing an exploit!).

If you opened a ticket with Robert, asked to get put in a new node and then initiated a DDoS against it with the purpose of seeing how well your node fared, that would be one thing. Just DDoSing is not the same thing.

If he did run rofl.php I am standing on slightly shakier ground . 

Edit 2: rofl.php and deleting the data are, of course, not the same thing either. I'm clearly arguing against a group of people who'll never changed their opinions, I'm only trying to stop shitty 16 y/o trolls like Mun from bringing the maturity of this community down.


----------



## Mun (Jun 24, 2013)

manacit said:


> Sending hundreds of thousands of packets per second of bandwidth with the intention of taking a server offline isn't okay. It's not the same as testing a harmless exploit that doesn't hamper the normal operations (unless, of course, you run commands that do - but then you're not testing an exploit!).
> 
> If you opened a ticket with Robert, asked to get put in a new node and then initiated a DDoS against it with the purpose of seeing how well your node fared, that would be one thing. Just DDoSing is not the same thing.
> 
> If he did run rofl.php I am standing on slightly shakier ground .



Read the post above, and where did I say anywhere that I wouldn't ask / tell him that I would be doing said "test". Most of the people here know me better then that, and I would never do such thing to purposely DDOS someone without there consent. I would have to be an idiot to even do that without asking. It just isn't my thing.

Mun


----------



## manacit (Jun 24, 2013)

Mun said:


> Read the post above, and where did I say anywhere that I wouldn't ask / tell him that I would be doing said "test". Most of the people here know me better then that, and I would never do such thing to purposely DDOS someone without there consent. I would have to be an idiot to even do that without asking. It just isn't my thing.
> 
> Mun


And now you're back tracking, sweet. I'm glad we all agree that it would be idiotic to DDoS someone, even if it was "testing" unless they gave you permission.


----------



## Mun (Jun 24, 2013)

manacit said:


> And now you're back tracking, sweet. I'm glad we all agree that it would be idiotic to DDoS someone, even if it was "testing" unless they gave you permission.



Who said I'm back tracking, other then you of course? Testing is legal, DDOSing for point of trolls isn't. If you have been on LET so long you should know me and know that I wouldn't do that. It seems to me that you really don't anything about this community and really don't know anything about the attack either. Clarke was definitely in the wrong, and I really hope @Nick_A takes him to court and beats his little ass into the ground. It is not only heavily immature of him, but also damaging. 

However, I frankly disagree. If I was on a VPS node, or owned a VPS node. I would much rather be DDOS'd then have a root exploit done. If a root is done, then I have to classify the node as compromised, and at best start fresh. (to be safe of couse) Testing it for laughs isn't a good thing at all. Did you at least contact your provider before testing? I personally have never ran an exploit (knowing) to test to see if I could get root on a node.

Mun


----------



## manacit (Jun 24, 2013)

I don't think anyone but you and I are in the conversation at this point, and I'm not even sure why I'm bothering to argue with a trolly 16 year old on the internet. I must be bored.

I'll quote someone else



> Hey now, be a little more careful with those answers. Yes, we all know Mun was joking, but to someone just casually reading through you've just implied that we DDoS other providers.


I was pretty sure that you weren't *actually* going to do anything, but even joking about it at this point is pointless and immature, which you've admitted already. There's a difference between attacking with bandwidth and testing to inform, that's my point. 1m pps can't tell the server that it's there for testing or there for a denial of service attack. I'm done!


----------



## Mun (Jun 24, 2013)

@manacit  Or you just don't want to talk to me or notice my little bit of info:

"



Mun said:


> Ahh here we go.   http://vpsboard.com/...ode-down/page-5  Post#89




Then again, it hurts to be beaten by a 16 year, too bad I guess. 

Mun 

P.S. I'm not really 16, I just said that to make you think of me differently.


----------



## manacit (Jun 24, 2013)

I figured you weren't actually 16 .

I actually need to get real work done, but since you keep taunting me!

I didn't notice that link actually, that's very interesting - it looks like he tried to access rofl.php, but it 404ed on him because it wasn't actually there. You'd know this if you actually read the post and knew how to read a log, which I'm guessing you don't. What I don't see is him using the exploit to wget it there in the first place, as localhost.re instructed.

I could have gone to every solus install I wanted and tried to access /rofl.php, once again, to notify someone that they'd been breached and to remove the script ASAP since it pretty much is life/death at that point, as we all know.

Ah well, hurts to be beaten by someone who's been consistently calling you stupid I guess.

EDIT: HAHAHA after doing some investigating (looking at your twitter account) it turns out I went to high school with you!


----------



## Magiobiwan (Jun 24, 2013)

@manacit Back off, would you? Seriously. Making such a BIG DEAL out of a little bit of humor.


----------



## HalfEatenPie (Jun 24, 2013)

I might be slightly late to the party, but I personally have negative opinions about RobertClarke, and this is why.

1. RobertClarke has been known to be involved in some pretty shady things and to roll with pretty shady individuals.  In addition, while on paper he may seem "reasonable", I have several logs of him being disrespectful and harassing individuals whom I personally respect (e.g. Nick_A from RamNode).  

2. I was online on IRC during the period the Solus exploit was released.  I witnessed (and have logs) RobertClarke confirming the exploit.  I believe he stated he targeted someone else's installation of Solus to confirm the exploit.  He then continuing to ask who else runs SolusVM (I will admit at that time I was unaware of what specifically was going on because I was performing my own investigations).  

3. We receive confirmation that RobertClarke has attempted the exploit on several other hosts, as well as CVPS.  Is this for malicious intent?  We don't know.  But we do know that RobertClarke initiated the script to start the exploit of the Solus script.  

Now, I'm not sure if he himself initiated the code to delete the nodes, but I do find him on the negative side of the fence for initiating it.  I'm not saying Pen-testing is bad, but I find it unacceptable for him to break the lock on a door and then let someone else (or himself) in.  As far as I'm concerned, he compromised the security of the company and their clients with his "testing", especially with a vulnerability that was going to become "popular" due to the amount of press it received.  

If you want to test someone's system, that's fine.  I'd suggest you contact the individual you're targetting and/or the provider you're targetting first to get the "ok" (even on a VPS "testing" DDoS in my opinion in unacceptable as it may affect the services of the other clients on the same node).   RobertClarke received no agreement or the "yes" to test each provider's Solus installation, again why I dislike him and his operation.  

Really, for anyone else who wanted to "test" their provider's Solus with each new exploit, please don't.  Contact their support department and ask if they've taken care of the security exploit.  It's their job to make sure Solus's exploits are taken care of, and not your job to "test" their security.  Regardless it should be seen as a malicious attempt (because it was an attempt to compromise the provider's systems regardless of the intentions) and you even as a client should not have been there to begin with.  

Unrelated to the entire DDoS debate, *@manacit*, I apologize but in my perspective you're not this "protector of the underdogs" or "defender of those who can't", but instead an individual who doesn't understand the full situation yet.  I mean obviously you and I will have different opinions on different topics (or this one too) and that's fine, but I'd like for you to please understand the situation before criticizing or attempting to back-hand complement other members here.  

-Pie's Brain Garbles


----------



## manacit (Jun 24, 2013)

Magiobiwan said:


> @manacit Back off, would you? Seriously. Making such a BIG DEAL out of a little bit of humor.


He could have just said "lol i was jokin" and it all would have been put to rest. Thanks for contributing, though! HalfEatenPie even confirmed that even a testing or joking DDoS isn't really appropriate, just sticking up for something that I believe is quite unprofessional and malicious. 

@HalfEatenPie: 

1. I'm not saying, nor have I ever, that Robert has been well behaved - that would be a lie. His dealings with Nick_A especially have been rude. 

2. Perhaps he was trying to check to notify them, perhaps he wanted to delete all of their nodes, it was a bit of a scramble, we don't have proof, he didn't delete any other data (unless he was responsible for CVPS of course, but I doubt that). 

3. Did he go a little to far? That is VERY possible - he probably shouldn't have pen-tested quite as hard as he did. I'm not denying that. What has happened, though, is that he's been made a super-villan, with people actually making an effort to destroy anything he tries, and wishing for him to get prison time. Seriously? That's a bit much, especially when we don't know that he actually deleted any data. 

I'm not saying I agree with everything he did, but everyone is jumping the gun to a pretty extreme level here.

With all do respect, while you might think I don't know the entire picture, I've the discussions and talked to a lot of people and I have about as much of a picture as you do, and I know that we both don't know the whole picture, that's my entire point. I'll refrain from talking about other members when I'm not the brunt of troglodyte-level trolling for the sake of trolling.


----------



## JDiggity (Jun 24, 2013)

Tar + feathers + Robert Clarke = justice!


----------



## mnpeep (Jun 24, 2013)

This is something that I found on my Google Voice inbox on 6/17 (the day after the 0day's discovery), I have no clue if this is Robert, but it definitely sounds a lot like him.

http://i.maxshosting.com/VTnd

The number that called me was 1-661-748-0240, a Skype number

Here's Google's transcript as well: http://i.maxshosting.com/ajjJ


----------



## Mun (Jun 24, 2013)

LOL What? @mnpeep

@manacit I do think he deserves punishment. Im not sure prison time, but I will let a jury figure that out. On the other hand, I don't like it that WHT removed the posts in the offer section claiming him as a scam. He fully deserves those ramifications. Will it "kill" him. Nah, but he is a Microsoft boy and stealing and destroying is in there blood.

On a more up beat note, when is the flogging?

Mun


----------



## Jack (Jun 24, 2013)

Aldryic C said:


> Hey now, be a little more careful with those answers. Yes, we all know Mun was joking, but to someone just casually reading through you've just implied that we DDoS other providers.


That did kinda read that way but it wasn't my intention, I was simply showing that Robert doesn't have a clue what is he doing compared to Fran and yourself.


----------



## Nick_A (Jun 24, 2013)

Here's the bottom line that people really need to stop dancing around: you don't *HACK* a provider and tell them after the fact. That's what all this nonsense boils down to.

If you think your provider is vulnerable, you contact them and leave it at that.


----------



## Mun (Jun 24, 2013)

Nick_A said:


> Here's the bottom line that people really need to stop dancing around: you don't *HACK* a provider and tell them after the fact. That's what all this nonsense boils down to.
> 
> If you think your provider is vulnerable, you contact them and leave it at that.



So when do we get news on the lawsuit?

Mun


----------



## kaniini (Jun 24, 2013)

HalfEatenPie said:


> I have several logs of him being disrespectful and harassing individuals whom I personally respect (e.g. Nick_A from RamNode).


Not that I disagree with anything else in your post, but what exactly does this have to do with anything?


----------



## mnpeep (Jun 24, 2013)

Mun said:


> LOL What? @mnpeep


Just a voicemail I found.



Nick_A said:


> Here's the bottom line that people really need to stop dancing around: you don't *HACK* a provider and tell them after the fact. That's what all this nonsense boils down to.
> 
> If you think your provider is vulnerable, you contact them and leave it at that.


One question remains, are you going to take legal action against him? People are speculating.

If you need more evidence, I have a hard drive that Robert rm -rf'ed back in October because of a bug with Multicraft. It's just sitting there in-case IC3 actually wishes to persue my claim.


----------



## drmike (Jun 24, 2013)

I am on a weird fence line about this topic 

I know young Robert was poking at stuff, but can anyone confirm any post-check poking that was done as follow up by Robert?

I was a tinkerer in the darker side of computing before many of you were probably born.   Tinkering, checking, even poking at systems isn't criminal.  Even confirming an exploit that doesn't offline things isn't criminal.  If that's where Robert stopped, then the blow up on him isn't really deserved and no way any charges/suit would stick.

If there is info that shows more than that, a post check hack, dropping files in the OS, etc.  then whole different ballgame.

FYI, I am a RamNode customer.


----------



## Aldryic C'boas (Jun 24, 2013)

kaniini said:


> Not that I disagree with anything else in your post, but what exactly does this have to do with anything?


If you put 2 and 2 together, it adds up to the rather perplexing question of 'Why would he warn someone he dislikes enough to harrass and be rude to?'.


----------



## Aldryic C'boas (Jun 24, 2013)

buffalooed said:


> If that's where Robert stopped


That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.

Anyone who tries to claim that uploading malicious software (such as that lulz.php shit that displays a full DB dump and allows full root access) is *pen testing *is either STUNNINGLY full of shit, or is incompetent enough that they have absolutely no business in this field.


----------



## Nick_A (Jun 24, 2013)

I will not comment on any legal matters at this time. Anyone who has any information to offer for any potential investigations is welcome to email me directly - nick[at]ramnode.com


----------



## Magiobiwan (Jun 24, 2013)

It was rofl.php not lolz.php


----------



## BK_ (Jun 24, 2013)

Nick_A said:


> I will not comment on any legal matters at this time.


 

Understandable if you can't, but could you comment as to whether or not you are _proceeding_ with legal action towards any of the suspected parties involved?


----------



## concerto49 (Jun 24, 2013)

Aldryic C said:


> That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.
> 
> Anyone who tries to claim that uploading malicious software (such as that lulz.php shit that displays a full DB dump and allows full root access) is *pen testing *is either STUNNINGLY full of shit, or is incompetent enough that they have absolutely no business in this field.


Agrees. I don't get why everyone is agreeing that hacking is legal and positive. This person hacked RamNode and admitted to it. That is a crime. So if you break into someone's house despite not stealing anything is it still a crime? How do we know what his intentions were? Even if there is currently no evidence pointing to that he didn't do anything malicious he could have and it could have been his intention.

You don't go hacking a provider to see if they are vulnerable. You raise a ticket, alert them of the issue and ask. If you found a bomb on the floor do you try it to see if it explodes? What if your actions (assuming for the benefit of the doubt you don't know what you are doing) deleted everything the provider had?

Trying exploits/hacks on others isn't pen testing. It is pen testing if you are contacted as a proper security auditor to do a check. Is it because this is the Internet? If you had a bazooka and shot down a plane yould go in jail. I doubt your excuse of "I'm only testing if the plane had proper armor" would work for you.


----------



## mojeda (Jun 24, 2013)

Honestly there is absolutely no reason for you to test a host's security in this type of event. If there is a known exploit then you need to:


Not execute the exploit yourself
Notify the host and/or software maker
Not execute the exploit yourself
Move on, let others know.
There is no reason why people should be "testing" the exploit without the host asking for it.


----------



## Jack (Jun 25, 2013)

mojeda said:


> Honestly there is absolutely no reason for you to test a host's security in this type of event. If there is a known exploit then you need to:
> 
> 
> Not execute the exploit yourself
> ...


I agree 'testing' the exploit isn't the best idea but how about seeing if the file was there for example?


----------



## Mun (Jun 25, 2013)

Jack said:


> I agree 'testing' the exploit isn't the best idea but how about seeing if the file was there for example?



.... but but but but but I just wanted to leak the whole DB to the internet for lolz...........................


----------



## mojeda (Jun 25, 2013)

Jack said:


> I agree 'testing' the exploit isn't the best idea but how about seeing if the file was there for example?


Step 2.


----------



## Jack (Jun 25, 2013)

mojeda said:


> Step 2.


Yes but by going to the page to see if it exists would you "Notify the host and/or software maker" even if it 404'd?


----------



## HalfEatenPie (Jun 25, 2013)

I'm sure they'd know if it was there (if you notified them).  Therefore there's no reason for you to check yourselves.


----------



## Jack (Jun 25, 2013)

HalfEatenPie said:


> I'm sure they'd know if it was there (if you notified them).  Therefore there's no reason for you to check yourselves.


Yes but for example you went to "centralbackup.php" to see if it existed or 404'd...

If exists open ticket/contact with provider if it 404's you didn't think about it further... 

Do you think that is correct or you shouldn't even see if the file exists.. 

I had 2-3 people 

"GET /centralbackup.php HTTP/1.1" 302 0 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15"

"GET /centralbackup.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"

ect..


----------



## concerto49 (Jun 25, 2013)

Jack said:


> Yes but for example you went to "centralbackup.php" to see if it existed or 404'd...
> 
> If exists open ticket/contact with provider if it 404's you didn't think about it further...
> 
> ...


I don't think you'll get sued for it, but I think it's wrong. I doubt the users reading the exploit knows what happens. IF and what IF going to that URL that's been exploited results in deleting all the hosts data? It would be by accident, but you wouldn't know. Trying out exploits is definitely not the way to go.


----------



## drmike (Jun 25, 2013)

Aldryic C said:


> That's not where it stopped.  That's what everyone seems to be conveniently overlooking... he didn't just test for vulnerabilities, he DIRECTLY INSTALLED ONE onto Nick's gear.


 

^ this... is grounds for legal ass kicking.

He used the exploit to confirm.  Refused to stop there and notify RamNode then furthered that by installing hack/exploit/control script.

Yeah, why the delay in filing proper legal charges or bringing a civil lawsuit?


----------



## mitsuhashi (Jun 25, 2013)

I've been on a Report ticket going back and forth with bear from WHT on this. Basically, he's aware of the accusations but apparently hasn't seen any concrete evidence that Robert Clarke ran the exploit. If any of you possess evidence, I'd suggest you open up a ticket and send him some, as I'm just a noob that likes being a RamNode customer.


----------



## MartinD (Jun 25, 2013)

Isn't Orion on our IRC channel the same Orion from WHT?


----------



## MannDude (Jun 25, 2013)

MartinD said:


> Isn't Orion on our IRC channel the same Orion from WHT?


Yes.


----------



## MartinD (Jun 25, 2013)

He was viewing this thread when I replied.


----------



## Nick_A (Jun 25, 2013)

mitsuhashi said:


> I've been on a Report ticket going back and forth with bear from WHT on this. Basically, he's aware of the accusations but apparently hasn't seen any concrete evidence that Robert Clarke ran the exploit. If any of you possess evidence, I'd suggest you open up a ticket and send him some, as I'm just a noob that likes being a RamNode customer.


I have sent concrete evidence as of yesterday. Thanks for your support!


----------



## MartinD (Jun 25, 2013)

Doesn't appear to have done any good unfortunately.


----------



## sv01 (Jun 25, 2013)

btw, last time I check the offer there are at least 2 posting, but now they're gone. WHT clean up.


----------



## Aldryic C'boas (Jun 25, 2013)

> Doesn't appar to have done any good unfortunately.


I also fired off a PM to bear and anon-e-mouse last night (~7-8 hours ago). I imagine they're going to take the time to look over everything that was turned into them carefully before making any decisions. Remember, we're just another provider to them, and I'm sure they see provider vs provider spats all the time - you can't fault them for fact checking and getting a consensus before doing something as major as banning or revoking another "providers" (I still can't say that about Clarke with a straight face) access.


----------



## MartinD (Jun 25, 2013)

Oh I would agree wholeheartedly however the main difference here being his actions have been plastered all over the net for the past week or so. He has admitted himself that he did attempt to see if the exploit existed on RamNode's master as well as some others. His own admission should be pretty solid ground for a kick off. The have undoubtedly received a large number of reports for his thread from both providers and Joe Bloggs so you would presume it's a no-brainer.

I've seen the staff at WHT do a lot worse for a lot less in the past.


----------



## D. Strout (Jun 25, 2013)

The fact of the matter is, no matter what Robert did or did not do, no one will trust him for a long, long time. If he gets sued (successfully or not), the trouble might teach him a lesson and make him a more respectable person, but that will be a while.

He actually gave me a VPS to review before all this mess, but I don't think I owe that to him any more.


----------

