@weservit I'm glad that something got them from sitting around on their d**** all day long and finally doing a full security audit. This begs the questions if a disaster is necessary every time for them to do something about it?!I see a lot of modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..
Of course, at least 3 were reported directly to them as of yesterday.I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..
I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..
@Mun it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.Shhh, they really added new ones.
Or they had so much bad press that an addition to a line here and there makes it all better.@Mun it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.
This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.Jfreak, we are still working to get the remaining nodes online.
Well, he did find the time to come in here and try to brush off the Adam/Kevin situation, so I'm sure he'll at least make just as much time to post more status updates ASAP. To do otherwise would just be downright insulting to the clients waiting to hear something important.We don't have time to update....
1. The first hack no one has published evidence on what happened.The question is:
Is it safe to put it back on ?
I would say they patched so far the exploits that have been shown to them.
There should be others because I dont buy that audit stuff they are claiming.
Basically it is like this:
1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;
2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;
3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;
4. They release a fix after an "audit" saying there are more to come.
If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.
In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.
This is beyond ridiculous, what a bunch of clowns...
This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.
Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."
1. In light of what happened later, does anyone need any evidence ?1. The first hack no one has published evidence on what happened.
2. That was explicit and acknowledged by Solus.
3. Solus didn't say it wasn't their fault in this 2nd hack this time around.
4. More like we and others reported the exploits.
What's your take then? Let's collaborate and build a new panel shall we? :lol:1. In light of what happened later, does anyone need any evidence ?
2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?
3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.
4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.
The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.
I believe joepie91 was already on something like that ?What's your take then? Let's collaborate and build a new panel shall we? :lol:
Do you have more information on this please. No reports were made.Of course, at least 3 were reported directly to them as of yesterday.
And you guys stated I was kidding about vulnerabilities. http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/
Why don't you ask good old Humza who I gave him snippits to give to you.Do you have more information on this please. No reports were made.
Yes they were. Infinity reported it. Raised a ticket. A lot of others followed. Go through the tickets escalated.Do you have more information on this please. No reports were made.