amuck-landowner

DomainBop

Dormant VPSB Pathogen
Domains / SSL certs and DNS settings should be worth the hassle.
Filing the annual paperwork to keep the company's corporate status in good standing with the government should be worth the hassle too but BlueVM apparently doesn't think so since it didn't bother to file its paperwork this year.

A short recap of the last 9 months of low end domain problems:

UGVPS.com: domain "hijacked" by the real Crystal, domain temporarily suspended by ICANN for invalid WHOIS

DigTheMine.com: domain temporarily suspended by ICANN for invalid WHOIS

NWNX.net: domain temporarily suspended by ICANN for invalid WHOIS

BlueVM.com : domain hijacked
 

sv01

Slow but sure
they just move to cloudflare


;; ANSWER SECTION:
bluevm.com.        167254    IN    NS    eva.ns.cloudflare.com.
bluevm.com.        167254    IN    NS    hank.ns.cloudflare.com.


that was fast, only took 2 day :D
 

DomainBop

Dormant VPSB Pathogen
CVPS gets exploited pretty frequently - this isn't really much of a surprise.
Maarten over on LET now requires proof when you make any negative CVPS/123sys statements so I'll help you out with the proof.

https://www.google.com/search?q=chris+fabozzi+cvps.sql&ie=utf-8&oe=utf-8 (scroll down the results page, the database dump appears to be from February 2013...I don't recall any announcements of a hack in Feb 2013 but  obviously there was one, so that makes at least 4 known Solus/WHMCS compromises from Nov 12/Oct 13).
 

AThomasHowe

New Member
Anyone know if bluevm was always using google for their MX records? Reason I ask is that right now it's pointing to google and if it wasn't them that did that.....


Francisco

they just move to cloudflare

;; ANSWER SECTION:
bluevm.com.        167254    IN    NS    eva.ns.cloudflare.com.


bluevm.com.        167254    IN    NS    hank.ns.cloudflare.com.

that was fast, only took 2 day  :D
I think cloud flare was what they were using before.

Anyway, homepage now says:

We’ll be back soon!


Sorry for the inconvenience but we’re securing the client area and Feathur at the moment due to a recent hijack of our domain. No client services have been affected by this. We’ll be back online soon!

Thank you for your cooperation.

— Management
 
Last edited by a moderator:

Shados

Professional Snake Miner
Quite simple.


Activate Two-Factor-Authentification: https://www.namecheap.com/support/knowledgebase/article.aspx/9253/45/how-to-two-factor-authentication


Domains / SSL certs and DNS settings should be worth the hassle.
Quite a few high profile 'hacks' have happened precisely because someone convinced a DNS or server provider to disable two-factor authentication on their target's account because they'd lost their device or such.


Of course, it ups the work required / difficulty involved on an attackers part, but don't mistake that for any sort of guarantee.
 

sv01

Slow but sure
If someone only hijack their domain, why they need to securing their client area and Feathur?

We’ll be back soon!

Sorry for the inconvenience but we’re securing the client area and Feathur at the moment due to a recent hijack of our domain. No client services have been affected by this. We’ll be back online soon!

Thank you for your cooperation.

— Management
 
Last edited by a moderator:

mikho

Not to be taken seriously, ever!
One example;


If one of the admin accounts used a @BlueVM.com email and the attacker used the "forgot password" function.
 

AThomasHowe

New Member
In theory you could also have kept feather up, back proxy the traffic to the real server and log/sniff traffic I guess. That's a lot of work though.
 

WebSearchingPro

VPS Peddler
Verified Provider
Looks like the site is back up, though from IRC it seems that its not up to 100% functionality yet. Hopefully a more detailed incident report will be published soon.
 

SwitchBlade

New Member
No official statement yet? Does the BlueVM guy have a account here? Hope it is just a domain issue and not more severe.
 

Jade

NodeServ
Verified Provider
Wonder what the statement will say :p
 
Last edited by a moderator:
Top
amuck-landowner