amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.

MannDude

Just a dude
vpsBoard Founder
Moderator
That's somehow unrelated, but is this 'Adam Ng' in any way related to Adam, the former owner of VPSLatch? I still have a bone to pick with that a**hole...
Yes. That requires a thread of it's own, however. Be my guest.
 

Francisco

Company Lube
Verified Provider
So wait, I'm not allow to post code snippits, but he IS?
The snippet from above was the source of the last exploit. If there's new code and solus patches it? You're then "fine" to post it since you've at least done due diligence by the vendor.

0-day'ing it is seen as 'poor taste' :p

Francisco
 

Mun

Never Forget
So wait, I'm not allow to post code snippits, but he IS?
So you are allowed to steal WHMCS, but someone else isn't?

So you are allowed to scam people, but someone else isn't?

So you are allowed to steal databases, but someone else isn't?

These are all related to you, and it is getting to the point that you really need to grow a brain, as well as mature into something more then a sniveling rat.
 

Dan

New Member
I messaged Jason earlier this morning and told him what was going on and it may be best to shut the Solus master off for a while.
 

Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...
I assumed they would have. Out of my hands.

Didn't they sell URPad a while back? I thought I read about a bunch of changes at URPad on LET a while back....
Yes, towards the beginning of May. First or second week. Can't remember.
 

fileMEDIA

New Member
Verified Provider
Solusvm 1.14.00 BETA R5 is available..no changelog yet.

This is an important security fix. You are encouraged to update as soon as possible. A full detailed report will be published at a later date.
 
Last edited by a moderator:

Mun

Never Forget
Solusvm 1.14.00 BETA R5 is available..no changelog yet.
Changelog:

Removed old exploits that we forgot about

Added new exploits so we can see how well our panel is doing

Added a new feature to DDOS Stallion cause it is too good.

Created a function to ask for confirmation if you want to delete all nodes, just to make sure the hacker really wants too.

Added a Clarke button that pops up a picture of him.

Created a new function so rofl.php show a picture of a dog when it is used against the newer version because we don't like that guy.

Added new feature to make it look like CVPS is incompetent, though we really didn't need to do much.

Claimed everything is Green now, since we use more code, that does less.

Called up our lawyers to see if we are going to get sued, and they told us nope as long as you add this little tid bit in the agreement for installing this new patch.

This is all joking of course, or is it O_O

Mun
 

weservit

New Member
Verified Provider
PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSIONS OF SOLUSVM, INCLUDING BETA VERSIONS.

As you may be aware we are currently running a full in house and external code audit. This release contains several important security fixes for all versions of SolusVM.

We highly suggest you update your system as soon as possible. Updates are available through the normal channels.

Latest Stable Version: 1.14.00 R5
Latest Beta Version: 1.13.05

Please be aware the audit is still underway and more updates may follow.

Thank you for your co-operation and understanding.

Regards,
Soluslabs Security Team
 

drmike

100% Tier-1 Gogent
Official thing there @weservit?  Have a URL to confirm that?

Glad to see Soluslabs getting off their arses and doing something other than denying.
 

Marc M.

Phoenix VPS
Verified Provider
@Mun,

I would add this: "Created a function to delete all VMs from all nodes just to see if the hacker can find it..." ROFL

and

this: "Added dead simple functionality to facilitate a MySQL injection exploit to see if anyone could find it in less than two months..." again ROFL ... well, it took the hacker almost two months minus four days to find it. IIRC about two months ago someone posted a iDezender decoded SolusVM online.

Classic Gold Mun :lol:
 
Status
Not open for further replies.
Top
amuck-landowner