texteditor
Premium Buffalo-based Hosting
You were hosting it on ChicagoVPS, it couldn't have been that important
ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]
- Thread starter Magiobiwan
- Start date
-
- Tags
- chicagovps cvps exploit solusvm
- Status
You were hosting it on ChicagoVPS, it couldn't have been that important
zero
New Member
yes my fault i miss my backups but, i pay for money for service and stability is this cpvs problem not mine. But problem or hack or whatever happed. I 'm wait statement or any respose from cpvs u understand me.
zero
New Member
ok before sale cvps say to customer/s if your data not important i will host you. had to say If your important data please leave us.
This problem for me, no money no time
Last edited by a moderator:
I think the best case scenario is you may get a free month of service for the servers impacted. I assume they're quite busy, I'm not quite sure what all was impacted nor how many nodes or backups they've got to restore but I'd imagine you're in queue and will get processed soon. I'd refrain from bumping your ticket, as most providers will process requests at the top of the queue who have waited the longest. Responding to your own ticket updates it, and places it back at the bottom of the queue.
Why would your customers sue you? Your SLA should not promise anything more than the SLA CVPS has for you.
Best of luck in getting it all sorted,
this wouldn't happen if those programmers did their job.
you can't just "hide" the code by using ioncube and hope that no one will find the exploit.
if code can be encrypted, it can be decrypted. if you don't believe go visit decry.pt.
ChicagoVPS, treating you as a number, not a name:
6298,
This is a further status update to the recent security breach that ChicagoVPS has experienced. We have successfully restored some nodes, and the vast majority of our VPS customers are online, however we have a small percentage of nodes which still need to be worked on. Some of the nodes we are working on had data loss that we cannot restore. These nodes are LA18, ATL1, ATL4, ATL5. I you on are on one of these nodes you can safely start to rebuild, or open a ticket asking for this months refund.
On a positive note, it seems like SolusVM has released a new update in light of the recent incidents ( http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/ ). However, at this time we do not feel comfortable enabling SolusVM access at this minute as we were a victim of their security vulnerabilities two times in the past 7 months. We are evaluating other alternative panels, but at the moment our priority is taking care of our customers and getting the impacted nodes back in working order.
Please understand that we have all hands on deck working tirelessly to restore service connectivity for those impacted. Therefore, our ticket response times are affected to allow us to effectively work without anything slowing us down. We apologize for the delayed ticket response times but we assure you we are making progress and working hard to get everything back to normal.
Our goal is to have everything 100% restored tomorrow. Those affected by this incident will recieve compensation.
Regards,
ChicagoVPS Team
6298,
This is a further status update to the recent security breach that ChicagoVPS has experienced. We have successfully restored some nodes, and the vast majority of our VPS customers are online, however we have a small percentage of nodes which still need to be worked on. Some of the nodes we are working on had data loss that we cannot restore. These nodes are LA18, ATL1, ATL4, ATL5. I you on are on one of these nodes you can safely start to rebuild, or open a ticket asking for this months refund.
On a positive note, it seems like SolusVM has released a new update in light of the recent incidents ( http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/ ). However, at this time we do not feel comfortable enabling SolusVM access at this minute as we were a victim of their security vulnerabilities two times in the past 7 months. We are evaluating other alternative panels, but at the moment our priority is taking care of our customers and getting the impacted nodes back in working order.
Please understand that we have all hands on deck working tirelessly to restore service connectivity for those impacted. Therefore, our ticket response times are affected to allow us to effectively work without anything slowing us down. We apologize for the delayed ticket response times but we assure you we are making progress and working hard to get everything back to normal.
Our goal is to have everything 100% restored tomorrow. Those affected by this incident will recieve compensation.
Regards,
ChicagoVPS Team
Easy solution to that. Set their services to be cancelled at the end of the billing period, tell them "We won't respond any more. Please have your lawyer contact us / our lawyer by snail mail"
And then problem solved.
Of course you are!Me and Curtis G are releasing 0day vun for hostbill and whmcs in 2 days on Friday at noon 12pm est.opcorn:
And yes, we can hack engwish
Next you'll be releasing remote root access to cpanel I hope?
Oh hold up that won't happen either your just some kid trying to get publicity in an idiotic delusional way.
Releasing remote root access to cPanel, not a bad idea, I'll have to suggest that to Curtis G. Thanks for the idea
opcorn:
epaslv
New Member
My friend, You take a big risk by using a LEB for mission critical service.
1) You have to spend more money and get backups in place with another provider.
2) Then then spend more money again, and backup the backups to a different provider in another country.
epaslv
New Member
This can happen as they are probably in "all-hands-on-deck" mode, trying to recover from a disaster.
I have worked with many companies who are ITIL certified. In the ITIL world they place more importance on "Incident Management" than trying to restore the fault. This is because notifying and updating your customers of the incident is of more value than restoring the fault.
I am not saying it is not important. It just that while you are dealing with a "disaster" you have to take care of the business side of things.
Have read enough of this....have to comment now.
I have a VPS with them and it wasn't affected, passwords changed, moved on. This VPS is a backup and a test area. BUT I still have my own backups.
When I take on a new client the first thing that is done is new backups are made a a daily backup system is made. If someone pays you to "service" them don't you value your time in trying to recover ? All of my clients have AT LEAST 2 local and 1 remote backup. If they aren't willing to let me make sure they are protected then I will not take them on as a client. But the flipside of that is then I am responsible to make sure it is done and tested periodically.
Shame on people for not making sure they have their own backups.
I have a VPS with them and it wasn't affected, passwords changed, moved on. This VPS is a backup and a test area. BUT I still have my own backups.
When I take on a new client the first thing that is done is new backups are made a a daily backup system is made. If someone pays you to "service" them don't you value your time in trying to recover ? All of my clients have AT LEAST 2 local and 1 remote backup. If they aren't willing to let me make sure they are protected then I will not take them on as a client. But the flipside of that is then I am responsible to make sure it is done and tested periodically.
Shame on people for not making sure they have their own backups.
chronos511
New Member
It totally blows my mind the number of people screaming because they didn't have their own back up. All I lost on my VPS was my backup MX config, a ZNC install I had just done and an OTRS install I was just playing around with. I admit I didn't have a backup but ya know what? Had say, the OTRS been a bloody live help desk I would have had a back up. You *never* rely on someone else to do your backups for you even if they say they will. I hadn't done one because quite frankly I don't care one way or the other if I lost it all.
With that said, I'd love to know when I can get back in. I miss my ZNC. ;-)
With that said, I'd love to know when I can get back in. I miss my ZNC. ;-)
upsetcvps
New Member
cvps says it makes backups after the last incident. Turns out they have no clue. Some nodes don't have backups at all and they're not even sure how old the last backups were for the nodes that do have backups.
If this was the first time this happened to you, cvps, ok maybe I cut you some slack. But it's not. And you should know better. You should learn from your mistakes in the past. You should know to inform your customers in a timely manner and keep them up to date. But you don't. Sure, I didn't expect much from you. But having used more expensive providers like Linode, I didn't think the premium paid for the name was worth what they provide (and it's not). But cvps, you managed to surprise me even with my low expectations of you. You could have handled this worse, but not by much.
If this was the first time this happened to you, cvps, ok maybe I cut you some slack. But it's not. And you should know better. You should learn from your mistakes in the past. You should know to inform your customers in a timely manner and keep them up to date. But you don't. Sure, I didn't expect much from you. But having used more expensive providers like Linode, I didn't think the premium paid for the name was worth what they provide (and it's not). But cvps, you managed to surprise me even with my low expectations of you. You could have handled this worse, but not by much.
Very interested to know this too.
texteditor
Premium Buffalo-based Hosting
I don't give a shit if you are paying $3/mo or $300/mo on a service,
DON'T RELY ON YOUR PROVIDER FOR BACKUPS, YOU IDIOTS
DON'T RELY ON YOUR PROVIDER FOR BACKUPS, YOU IDIOTS
- Status