amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.

drmike

100% Tier-1 Gogent
If anyone still wants to know if their email appears in the dump, PM me and I'll run a search for you.

The dump doesn't include all accounts/some prior customer accounts.
 

Lanarchy

New Member
My NY node is responding to ping, but inaccessible. The count so far

1 fully functional

2 responding to ping but inaccessible

2 fully down
 

insaneguy

New Member
One of my VPS's is still down the other went down for a while and came back luckily that is the one with my most important customers data.
 

Lanarchy

New Member
My node that just came up has a new kernel.

Linux 2.6.32-042stab078.22

And another says

Linux 2.6.32-042stab076.8

Could have been my doing and it just rebooted for me to see it. But that's different from what I remember.

On both, yum says up to date.
 
Last edited by a moderator:

nunim

VPS Junkie
None - it's nonsense.
Well, ChicagoVPS could just be incompetent and been rooted from the centralbackup exploit, but netn00b posted some "code"  that he claimed was responsible, was looking for what file that was from.

Isn't CurtisG (netnub) the guy who was selling "dedicated servers" that were just shell accounts? 
 
Last edited by a moderator:

jfreak53

New Member
Considering cVPS is not the only one effected and Solus has launched their own post on the subject on their site, I'd fair to say it's the exploit ;)
 

MartinD

Retired Staff
Verified Provider
Retired Staff
Yes, that's the same person.

...how much weight do you want to put on what he says? Also, the code he showed wasn't a vulnerability either. He's obviously decided any instance of 'exec' in any kind of php code is a vulnerability.
 

MartinD

Retired Staff
Verified Provider
Retired Staff
Considering cVPS is not the only one effected and Solus has launched their own post on the subject on their site, I'd fair to say it's the exploit ;)
That was a different exploit that was patched. Solus held up their hands to that, too.
 

nunim

VPS Junkie
Yes, that's the same person.

...how much weight do you want to put on what he says? Also, the code he showed wasn't a vulnerability either. He's obviously decided any instance of 'exec' in any kind of php code is a vulnerability.
Which is why I'm trying to figure out what he claims the exploit to be so I can looksie,  it's fairly trivial to decode ioncube, not that I would do such a thing...

I would also take whatever CVPS Chris says with a grain of salt, as he couldn't explain their last hack that had their db released...  Good thing they have backups this time, except in Atlanta it seems?
 
Last edited by a moderator:

mmance

New Member
Chris has been very vague in his response to me personally today.  

17316044_screenshot.png


I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Ran a bunch of lookups for folks here to see if their details were in the dump.

I can confirm if you cancelled your services after the last hack in November - February, your details probably aren't in there.

Anyone else want info looked up, PM me.  

Will be back in a bit.
 

mnsalem

New Member
Just thought to drop by and mention that i just got the email with the report (that update which was posted several hours ago).
 

mmance

New Member
Chris has been very vague in his response to me personally today.  

17316044_screenshot.png


I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.
 
Last edited by a moderator:

saliq

New Member
Chris has been very vague in his response to me personally today.  

17316044_screenshot.png


I also had someone grep my username for the Client Area in the stolen data.  It came back 0 results.
If your site and email is same as the username here then you are in it :(
 
Last edited by a moderator:
Status
Not open for further replies.
Top
amuck-landowner