# ChicagoVPS hacked SolusVM, Bypassed Licensing, and is Running Illegal Cracked Copies of Solus



## drmike (Apr 8, 2014)

Information has been swirling about ChicagoVPS, and SolusVM for the past two months roughly.

As some will recall, ChicagoVPS blamed Solus in the past for their hacks, and subsequent database dumps of CVPS' Solus information to the public.
*See:* ; and
http://www.webhostingtalk.com/showthread.php?t=1276885


Solus Labs was forced to reply to the ChicagoVPS hack, and claims of Solus being insecure. This included some form of external audit, lots of public grilling and patches.
*See:* http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/

What happened from the CVPS final hack (yes CVPS was hacked at least twice in a twelve month period) and CVPS' blame of Solus was legendary. Many hosts pulled their Solus panel down, and manually performed tasks for their customers. Eventually, the paranoia waned and there were hardly any related hacks (officially) to support the SolusVM vulnerability claim.

*The latest wrinkle in this saga, and why we are here today is:
ChicagoVPS has hacked SolusVM. They bypassed the licensing and are running illegal unlicensed cracked copies of Solus.*

I am unsure how long this lack of licensing / cracked Solus has been going on, but at least for past two months. It's likely longer than that.

Normally, I don't publish he-said / she-said hearsay. Plenty of it floats around and if not suitable as evidence in a legal setting, then not good enough as a source. That's how this license issue was presented multiple times.

I reached out to Solus Labs yesterday, hoping to get some input on the situation and some help from them to verify licensing. Idea was to get some instructions on how to independently verify licensing details (since I research many providers). Today, as-is, Solus doesn't provide an independent public license check mechanism like WHMCS does (and which many of us use).

The good news is, to all you cheapskates who have somehow bypassed that pesky $10 per server licensing, is *SolusVM is currently working on a public license checker*. Get licensed properly before that comes out and you get publicly shamed.

Back to ChicagoVPS, and those annoying $10 SolusVM licenses. A Solus representative said, and I quote:
“... we do not have any active licenses for the company you mentioned [ChicagoVPS]. Hope this helps!”


----------



## Magiobiwan (Apr 8, 2014)

Might the licenses be under the name "ColoCrossing"?


----------



## MannDude (Apr 8, 2014)

Magiobiwan said:


> Might the licenses be under the name "ColoCrossing"?


Valid point, actually.


----------



## Jack (Apr 8, 2014)

MannDude said:


> Valid point, actually.


Or even New Wave Netconnect LLC.(NWNX)...


----------



## blergh (Apr 8, 2014)

Seems like a lot of troulbe to go through just to save $10.


----------



## drmike (Apr 8, 2014)

Magiobiwan said:


> Might the licenses be under the name "ColoCrossing"?


That would just prove that CVPS/CC and their relationship fiction has been lies.  Heck of a way to confirm the dealio if so.


----------



## drmike (Apr 8, 2014)

Jack said:


> Or even New Wave Netconnect LLC.(NWNX)...


Could be, but aren't the licenses domain specific?


----------



## Jack (Apr 8, 2014)

drmike said:


> Could be, but aren't the licenses domain specific?


Na IP


----------



## Jack (Apr 8, 2014)

WHMCS is Domain specific


----------



## MannDude (Apr 8, 2014)

Also, not that anything surprises me nowadays in this industry... but for sake of this not being seen as 'made up', care to post proof of communication with Solus? Screenshot of ticket or something?


----------



## drmike (Apr 8, 2014)

Jack said:


> Na IP


With the IP specific,  I assume the Solus guys would note a new license issuance there (same IP) or overlapping details (company, sub company, address info physical, etc.).  They've been at this a long while and savvy enough not to trip up like that.


----------



## DomainBop (Apr 8, 2014)

Jack said:


> Or even New Wave Netconnect LLC.(NWNX)...


the (rumored) ownership chain goes like this Jack : Country Park Child Care Inc >> Velocity Servers Inc >> New Wave NetConnect LLC


----------



## drmike (Apr 8, 2014)




----------



## Nick_A (Apr 8, 2014)

blergh said:


> Seems like a lot of troulbe to go through just to save $10.


If only it only cost $10...


----------



## Artie (Apr 8, 2014)

Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.


----------



## SkylarM (Apr 8, 2014)

Artie said:


> Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.


*IF* ChicagoVPS is running a nulled/older version of Solus, and then they got hacked after the initial exploit (Ramnode got hacked during this "initial" exploit), then I care a great deal. People took their Solus offline after the initial hack, brought it back online when given the "all clear", and then ChicagoVPS got hacked so it very promptly went back offline for the vast majority of providers for an extended period of time. ChicagoVPS directly caused quite the workload for hosts, and a lot of unnecessary scrambling if this turns out to be the case.

Edit: I'd like to specifically note the *IF* part. Based on the fact that cVPS happened to get hacked long after a solus update was available makes me very inclined to lean in buffa's favor on the facts, but without total proof I'd like to err on the side of speculation.


----------



## drmike (Apr 8, 2014)

Interesting wrinkle @SkylarM.

Brings to mind the question if CVPS was licensed at the time of the "hacks".  Officially, they claimed two of those.  And if Solus was current version.



Nick_A said:


> If only it only cost $10...


Not to pick on anyone, but $10 on a modern server per month?   I'd say lightly loaded providers probably are packing ~80 containers on an E3 32GB box. 80 x estimated income per = ???.

We saw what CVPS WAS doing at time of hacks.  They had hundreds of containers on a server.   If I kindly say 200 containers at $2 income each = $400 income a month.     Solus costs on that 2.5% of income a month.

Seems silly, shall we call it cheap, to really feel too pinched by a mere $10 spot.

Even at 150 servers we are talking about $1500 a month.   Nice chunk, but nothing big picture.

Now if you were cutting $10k a month to Solus naturally, you'd roll your panel as cost justifies/breaks even (given project goes as planned and inside of 2 years delivered/perfected).


----------



## MannDude (Apr 8, 2014)

Whatever happened to the custom panel they are/were working on? Does CVPS still use Solus, or are they only using parts of it?


----------



## jarland (Apr 8, 2014)

Artie said:


> Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.


Easy. Just think of the marketing you could do to their supposedly large client base.


"We pay our bills"


"We plan on being around longer than the time it takes to get caught cheating our license providers"


Lots of people would care with good reason


----------



## DomainBop (Apr 8, 2014)

.



Nick_A said:


> If only it only cost $10...


ChicagoVPS is the largest low end provider and their low end market share is over 50% (source: ) so they would be spending considerably more than $10 for licenses for their hundreds thousands of nodes.


----------



## Jack (Apr 8, 2014)

It's obviously all about #WINNING


----------



## drmike (Apr 8, 2014)

MannDude said:


> Whatever happened to the custom panel they are/were working on? Does CVPS still use Solus, or are they only using parts of it?


Isn't Feathur that  ?



DomainBop said:


> .
> 
> ChicagoVPS is the largest low end provider and their low end market share is over 50% (source: ) so they would be spending considerably more than $10 for licenses for their hundreds thousands of nodes.


150 nodes is largest number I recall.   Officially at time of last database dump it was roughly 100 nodes.  50 growth was thereafter.   When I see better performing nodes like I have in reviews for CVPS lately (well a few of them) means either shedding of users or more nodes brought online.


----------



## HN-Matt (Apr 8, 2014)

blergh said:


> Seems like a lot of troulbe to go through just to save $10.


That's what I was thinking.

/God fearing $10 SolusVM license payer

EDIT: Or maybe they are buying licenses through buycpanel.com?


----------



## raidz (Apr 8, 2014)

They are probably doing it through a different company name. I couldn't imagine cvpschris #winning moneybags has a problem paying $10 a server, they do have 50% of the VPS market....


----------



## Artie (Apr 8, 2014)

SkylarM said:


> *IF* ChicagoVPS is running a nulled/older version of Solus, and then they got hacked after the initial exploit (Ramnode got hacked during this "initial" exploit), then I care a great deal. People took their Solus offline after the initial hack, brought it back online when given the "all clear", and then ChicagoVPS got hacked so it very promptly went back offline for the vast majority of providers for an extended period of time. ChicagoVPS directly caused quite the workload for hosts, and a lot of unnecessary scrambling if this turns out to be the case.
> 
> 
> Edit: I'd like to specifically note the *IF* part. Based on the fact that cVPS happened to get hacked long after a solus update was available makes me very inclined to lean in buffa's favor on the facts, but without total proof I'd like to err on the side of speculation.


If hosts base their decisions from an entity that has to been proven to lie before that's not really CVPS' fault. CVPS didn't directly cause any workload, hosts choose to create this workload by believing CVPS in the first place. Ultimately the decision is up to the host themselves, and blaming someone else for you turning off your panel is non-sense.



jarland said:


> Easy. Just think of the marketing you could do to their supposedly large client base.
> 
> 
> "We pay our bills"
> ...


I highly doubt anyone sane would want CVPS' clients in the first place. With all things that have come out (including these client's personal data) these clients should of bailed. They didn't, what does that tell you?

*tl;dr* OH LOOK! Another CVPS screw up. Did you think people would stop caring after the first hundreds of them? Nope.


----------



## tchen (Apr 8, 2014)

MannDude said:


> Whatever happened to the custom panel they are/were working on? Does CVPS still use Solus, or are they only using parts of it?


SolusVM was removed a while back a few months after the second hack I believe.  Clients control it via their own CP in WHMCS 's services section.


----------



## concerto49 (Apr 8, 2014)

tchen said:


> SolusVM was removed a while back a few months after the second hack I believe. Clients control it via their own CP in WHMCS 's services section.


Pretty sure that's just ModuleGardens plugin to SolusVM.


----------



## drmike (Apr 8, 2014)

Is someone here an actual CVPS customer?  (I won't hold it against you  )

It was my understanding that they were running the a ModuleGardens WHMCS layer... An API play to front Solus.  Thus still using Solus, just isolating sort of.

Can someone confirm this is still their setup over there?


----------



## DomainBop (Apr 8, 2014)

concerto49 said:


> Pretty sure that's just ModuleGardens plugin to SolusVM.


It's  either ModulesGarden or something similar they hired a freelancer to do but as far as I know SolusVM is still in use in the background but customer access was removed.

They definitely didn't have time to code their own CP because the initial WHMCS integration was done about 1 week after the hack, and they added a few features after that, like the ability to reinstall the OS without having to open a ticket.

June 29 2013 email - 1 1/2 weeks after Solus was hacked



> On another note - last week, we sent you an email regarding the new frontend VPS management accessible through the client area for controlling basic functions of your VPS. We're pleased to announce that by next week we will be adding additional features to make this frontend more advanced, including the ability to conduct reinstallations of your VPS container(s) without the need to contact support.


June 23rd email - 5 days after the hack



> Direct access to SolusVM remains inactive as we wait for their internal and external security audits to be completed (as discussed here: http://www.lowendtalk.com/discussion/11327/solusvm-audit-update#latest). During the interim you are able to control your containers through our billing/support system and may request OS reloads via ticket.


----------



## DomainBop (Apr 8, 2014)

June 22nd - 4 days after the hack.  Announcement of the new "alternative frontend:"



> With the recent SolusVM exploits that have affected our company and others with a negative impact, many of our customers and us are not supportive of enabling public facing access to our SolusVM VPS CP as additional code could be exploitable. Let's not take a risk when it comes to security. At this time, we are releasing an alternative frontend solution to our customers to allow them to reboot, start, shut down, serial console, change root pass, or change hostname on their VPS. We hope to be making this more feature rich soon, however at the moment the only thing that you CANNOT do with this new frontend is: reinstall VPS, manage DNS entries, or create central backup. We are working on making these features available to you ASAP.
> 
> You can now access your virtual server controls at https://billing.chicagovps.net/clientarea.php?action=products . Select the service, and under the "Virtual Server Control" section you can manage multiple aspects of your VPS, including reboot, start, shut down, serial console, change root password, or change hostname.


----------



## drmike (Apr 8, 2014)

Ehh... wait a second... I am sure it's ModulesGarden...

Pulling screens.


----------



## drmike (Apr 8, 2014)

How we know CVPS is using ModulesGarden to front SolusVM:

1. Matches in organization of panel.

2. Icons match ModulesGarden.

3. Reinstall is not an option in SolusVM, but is in ModulesGarden.

4. tun/tap cannot be set in SolusVM, but can be in ModulesGarden.

Whatcha' all think?

http://www.google.com/search?q=chicagovps+modulesgarden

^--- like that page?  Good results.  Karma math.


----------



## drmike (Apr 8, 2014)

Yo yo! Where you at @CVPS_Chris ?


----------



## Erawan (Apr 8, 2014)

If anyone can check the owner of this SolusVM key, it would be great 


```
SVMSO-RQ60Z-OC5LF-6F9TH-81B4M-W0W8C-YNBHZ
```


----------



## mikho (Apr 9, 2014)

drmike said:


>


Would you mind posting the rest of the ticket? Want to see the company name you asked for.


----------



## MannDude (Apr 9, 2014)

I suppose this could be debunked if CVPS_Chris cares to post his recent invoice receipts to Solus. Could be a simple mix up where their under a different name or associated with someone who is no longer with CVPS. Their WHMCS is still registered to Shinkle and he's not been with the company for some time as far as I know. Could very well be under his name, under Jon's or something.

<shrugs>


----------



## Virtovo (Apr 9, 2014)

I think this is most likely to be an issue around company name.  I cannot imagine that CVPS would be so vocal about their use of SolusVM in public if they were using nulled versions.


----------



## NickM (Apr 9, 2014)

Erawan said:


> If anyone can check the owner of this SolusVM key, it would be great
> 
> 
> SVMSO-RQ60Z-OC5LF-6F9TH-81B4M-W0W8C-YNBHZ


That license key is not active.


----------



## drmike (Apr 9, 2014)

This is the original point of contact ticket...


----------



## nunim (Apr 9, 2014)

Without any hard proof this is just speculation and the title should be changed to reflect that.

I can't see why CVPS wouldn't pony up for the licensing fees.


----------



## drmike (Apr 9, 2014)

nunim said:


> Without any hard proof this is just speculation and the title should be changed to reflect that.
> 
> I can't see why CVPS wouldn't pony up for the licensing fees.


Hard proof, hmm.... Multiple people including some that may or may not be within the said company said as much - that the software was internally - as in staff wise circumvented.  It's long been known that CVPS is fronting Solus with basically the only other real choice - ModulesGarden.

On top of all of that, Solus says there is no license to CVPS.

If we go back in time to the hack number two, the same "just speculation" could be said about CVPS losing the corporate data again to outside folks.  Instead everyone went into nuts mode, CVPS heavily blamed and perhaps wrongly Solus and providers mass sat in, went without sleep, ran overtime shifts, manually processed Solus tasks.

It's an interesting turn of events when the whole background is observed. Including Fabozzi ticketing Solus about Stallion in past...



Why wouldn't CVPS pay up?  Maybe this is their protest for the alleged hacks or maybe the family genetics and cheapness with the purse are coming out. Got me beat.  I find it often odd that people whine about $10 server licenses.  Like how damn cheap are you or how lowended is your business?

To quote Fabozzi:

"I hate to see stuff like this happen and would like nothing more than for the culprit to get punished."  

Shoe, meet foot, meet mouth.


----------



## kaniini (Apr 9, 2014)

To be fair, the licenses might be for NWNX and not ChicagoVPS in their system.


----------



## blergh (Apr 9, 2014)

Nick_A said:


> If only it only cost $10...


..per node. Still not worth the hassle.


----------



## jarland (Apr 9, 2014)

kaniini said:


> To be fair, the licenses might be for NWNX and not ChicagoVPS in their system.


Based on the way chicagovps is structured this makes enough sense to say it is the likely scenario unless proven otherwise. I would go as far as to say this should be the assumed truth, if one must assume a conclusion.


----------



## DomainBop (Apr 9, 2014)

kaniini said:


> To be fair, the licenses might be for NWNX and not ChicagoVPS in their system.


I think that everyone is overlooking the obvious: the licenses were issued under their new name UrlHasBeenBlocked.net


----------



## MannDude (Apr 10, 2014)

DomainBop said:


> I think that everyone is overlooking the obvious: the licenses were issued under their new name UrlHasBeenBlocked.net


Well hell. Where are they _not_ banned from?

Just here and LET I think.


----------



## drmike (Apr 10, 2014)

Paging @CVPS_Chris...

@CVPS_Chris, cat have your tongue?   Set us straight.


----------



## Rallias (Apr 10, 2014)

*cough* *cough* No NDA for me to be hidden behind now?

Not that I'm going to comment beyond this post, but you really aught to create the NDA that you lied to my best friend about me having. I'm certain a mutually beneficial agreement can be made.


----------



## drmike (Apr 10, 2014)

^--- now if I were a pimp, I'd be saying to Fabozzi:

"BITCH! Where is my money"


----------



## drmike (Apr 10, 2014)

Or I might say:

"Since it's public knowledge, NWNX does not have a legally licensed SolusVM infrastructure, but does have SolusVM."


----------



## drmike (Apr 12, 2014)

@CVPS_Chris, where are you?  On daddy's Loveboat?

ChicagoVPS is running unlicensed SolusVM software.  How long until this results in another customer data dump?


----------



## jarland (Apr 12, 2014)

drmike said:


> Or I might say:
> 
> 
> "Since it's public knowledge, NWNX does not have a legally licensed SolusVM infrastructure, but does have SolusVM."


Did solus confirm NWNX had no licenses as well? Or do you mean that it's a legal requirement that the license be in the name of the brand instead of the registered company name? I'm a bit confused because I don't really see a case here. Chicagovps isn't even a registered company to my knowledge, rather a product of NWNX.


----------



## Thelen (Apr 13, 2014)

Sooo dodgy, and for so little relative gain.


----------

