BlueVM's domain name was hijacked

Discussion in 'Industry News' started by drmike, Aug 23, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    URL: http://bluevm.com/

    New Wave NetConnect Acquires Blue VM Communications

    New Wave NetConnect, a Velocity Server / ColoCrossing Company Acquires Blue VM Communications
    We’re excited to announce another addition to New Wave NetConnect LLC, the company behind market leader ChicagoVPS, has recently acquired the assets of Blue VM Communications.
    As part of our pre-purchase review it was decided that most efficient and effective way to improve the Blue VM customer experience was to wind down the existing Blue VM infrastructure and incentivize customer’s to switch to ChicagoVPS.
    Blue VM's existing services will remain for at least 10 days to provide for an easy transition for all customers.
    We look forward to serving you soon!
    Thank you,
    New Wave NetConnect
     
    Last edited by a moderator: Aug 23, 2014
    Leyton likes this.
  2. mojeda

    mojeda New Member

    347
    183
    May 14, 2013
    LOL

    tumblr_lt6hiogx5J1r14o02o1_500.gif
     
    ChrisM and drmike like this.
  3. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
  4. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Someone is claiming it's a domain hijack....

    "We have not closed or sold to anyone. It seems like a NS hijack or our domain account is hacked. We are investigating."

    Link to that claimed to be Twitter, but nothing shows right now on BlueVM's Twitter feed:

    https://twitter.com/BlueVM_VPS
     
  5. Munzy

    Munzy Active Member

    432
    205
    Aug 13, 2014
    I just checked with Justin, and from his "Busy ATM" statement I highly doubt that he sold to CVPS.

    Seems he is working with his NS provider to get things resolved.
     
    drmike likes this.
  6. mojeda

    mojeda New Member

    347
    183
    May 14, 2013
    Code:
    dig bluevm.com ANY
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> bluevm.com ANY
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33662
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;bluevm.com.                    IN      ANY
    
    ;; ANSWER SECTION:
    bluevm.com.             21599   IN      SOA     ns01.000webhost.com. freehosting.000webhost.com. 2014082401 172800 7200 3600000 172800
    bluevm.com.             21599   IN      A       31.170.162.168
    bluevm.com.             21599   IN      MX      0 mx.000webhost.com.
    bluevm.com.             21599   IN      NS      ns01.000webhost.com.
    bluevm.com.             21599   IN      NS      ns02.000webhost.com.
    
    ;; Query time: 124 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sat Aug 23 18:56:32 2014
    ;; MSG SIZE  rcvd: 160
    
    
     
  7. lbft

    lbft New Member

    178
    161
    May 15, 2013
    You know, they make pills for premature ejaculation now, drmike.
     
  8. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Yeah well BlueVM Tweets, the Twitter post disappears...

    "You know, they make pills for premature ejaculation now, drmike."

    I don't have that problem.  I lay pipe properly and miles of it without a leak.
     
    k0nsl likes this.
  9. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    This is damn funny. From BlueVM's IRC.

    DanielI is BlueVM employee/freebie recipient/volunteer/whatever:

     
    Last edited by a moderator: Aug 23, 2014
  10. lbft

    lbft New Member

    178
    161
    May 15, 2013
    If someone else got control of the domain, it would make sense that they'd use that to reset the password to the Twitter account (assuming it had a @bluevm.com email associated with it).
     
    Last edited by a moderator: Aug 23, 2014
    drmike likes this.
  11. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Seems plausible.

    There was a Twitter post mentioned above....  This was the link thereto:

    https://twitter.com/BlueVM_VPS/status/503282713156415488

    Throws up not found error.

    Wasn't BlueVM having days now of downtime and slow ticketing like 3 day wait times?  Is this the new level of UNMANAGED VPS @Nick_A was asking about / wondering what was acceptable?

    If someone hacked BlueVM, then coffin nails to BlueVM.   If they have access to email, account info, etc.  then full scale hack would be logically expected, not just a public defacement for lols.

    Lucky I only use BlueVM to evade the great firewall of [Asia] so I can look at boobies.
     
    Last edited by a moderator: Aug 23, 2014
    Kayaba Akihiko likes this.
  12. lbft

    lbft New Member

    178
    161
    May 15, 2013
    They only need to control the domain name itself to reset a password - they can just point the MX record to a server they control. Doesn't need any access beyond what they already clearly have, being able to change the domain's nameservers.

    Same principle would give them access to other accounts that can be reset (including the BlueVM user on this forum, presumably, and any access that BlueVM might have to CC or CVPS billing systems that uses an email at bluevm.com).

    It would, however, give them full access to any PayPal emails coming through during the time they control the domain, including disputes and recurring payments (and those PayPal emails can contain sensitive information), as well as any emailled ticket replies customers send. 

    Edit: forgot to mention, I personally saw the tweet at https://twitter.com/BlueVM_VPS/status/503282713156415488 before it was deleted and can verify that it said "We have not closed or sold to anyone. It seems like a NS hijack or our domain account is hacked. We are investigating."
     
    Last edited by a moderator: Aug 23, 2014
  13. Munzy

    Munzy Active Member

    432
    205
    Aug 13, 2014
    2014-08-23_17-07-13.png
     
    Kayaba Akihiko and drmike like this.
  14. AThomasHowe

    AThomasHowe New Member

    190
    49
    Jun 3, 2014
    I don't know drmike, I think hacking BlueVM to prove you were right was a bit of a low blow ;)
     
    Francisco and Hxxx like this.
  15. mojeda

    mojeda New Member

    347
    183
    May 14, 2013
    So they would rather not say anything when there is a message on bluevm.com suggesting that all VMs will be deleted after 10 days?
     
    drmike likes this.
  16. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Bahaha.... Sorry @AThomasHowe, but I am not hacking anything.  A+ for effort and putting some breath into the flames.
     
    Kayaba Akihiko likes this.
  17. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    Looks like whoever hijacked the domain decided to delete the domain at the registrar.  Dig is returning NXDOMAIN.

     
  18. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    All of which means if this happened, as you imply, every customer should FEAR.  Fear their account info is now in public, fear a database dump with your info in public, fear anything you can relate to your BlueVM account and especially where you had common username and password credentials.

    Or like many in these parts, you can just ignore it all and hope for the best ;)  I hope customers hold whoever is running the show at BlueVM responsible.

    It has been hours now and BlueVM continues to scramble.  Aside from a Twatter post that was later recanted, yeah where's the public massage?

    May I say this,  I more than anyone want to see BlueVM NOT BE A CC / CVPS acquisition.  I want them to gain ZERO customers through such deals.

    I've been told what the dollar value of some prior deals were and I shit more worthy piles of crap than those deals.  I'll assume those acquisitions had hardly any customers left by takeover time.

    For those of you out there who have followed along with the UGVPS stuff..... Doesn't this seem like the November 2013 issues ChicagoVPS had where UGVPS.com was suddently offline... Where they blamed their domain registry and it went on for months and months... Meanwhile the rightful owner of UGVPS.COM (Crystal) took control of the domain and threw Fabozzi and Co. out?
     
    Last edited by a moderator: Aug 23, 2014
    DomainBop likes this.
  19. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Well, it looks like it's a domain hijack and not an actual sale.

    https://twitter.com/BlueVM_VPS/

    Plus their domain was pointing to a free web host, and not something on the CC network.

    I don't think they have sold, at least not in any official manner.
     
  20. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    If they have control over their Twitter again, would it be safe to imagine they have control over their domain now too?

    Twitter support is non-existent. I've tried contacting those bastards so many times in the past. I can only assume that they got Twitter access again from regaining control of the domain?