ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

[yolo]

   


Me and Curtis G are releasing 0 day vun for whmcs friday

*Curtis G and I

 

[drmike]

*Curtis G and I

 

Dude they are hackers.  They can hack Engwish too.

 

[texteditor]

Dude they are hackers.  They can hack Engwish too.

Grammar is for the sheeple in meatspace

 

[Magiobiwan]

Seriously you two. What are you getting out of this? Lulz? It's not helping the community any. Providers are locking down their stuff, unwilling to risk being compromised, which inconveniences their clients. The node wiping is causing people to lose their data, their time, the effort they've put in to setting stuff up, in some cases money and their own clients, and possibly their livelihoods. If you want to HELP the community (foreign idea, I know), let SolusVM and WHMCS know of the exploits BEFORE releasing them. Once you've informed the companies about the exploits and they've had a reasonable amount of time to respond, THEN you can release the code. Back to what YOU'RE getting out of this. Nothing really. Public hatred towards you. Potential legal action taken against you (civil and/or criminal), with potential jail time and/or monetary fines. You're ruining your future with this. So STOP. I'm sure the rest of the community agrees on this point. It's not helping ANYONE, just hurting. So don't do it any longer.

 

[maounique]

 let SolusVM and WHMCS know of the exploits BEFORE releasing them. Once you've informed the companies about the exploits and they've had a reasonable amount of time to respond, THEN you can release the code.

I think they did that ?

However, those companies are more interested by PR and spinning the things around instead of the quality of the code.

We have plenty of evidence about that, at least from Solus, I tend to believe them when they say they sent the exploits not only to the companies, but also to infinity and others.

From where I stand, they are doing a good thing, destroying company credibility means they will have to get it back by releasing a decent product for a change.

Everyone will benefit in the end, exploits will no longer stay hidden to be used only by criminals, the fixes will be forced out of the culprits, people will be more aware of security and will take more back-ups as well as not disclosing personal data, everyone will win.

Even solus will have a better product which will generate better sales if they are really thinking about changing their ways, fire a few PR spin doctors and hire better coders. After all, they are not a political party, just a company which has to deliver a product.

 

[drmike]

fire a few PR spin doctors and hire better coders. After all, they are not a political party, just a company which has to deliver a product

Chairman Mao is on fire!  So true.  Better coders and less PR spin. 

 

[peterw]

What a show!

First SolusVM and now Hostbill and WHMCS. It's exciting to see how vulnerable a monoculture is.

 

[Marc M.]

What a show! First SolusVM and now Hostbill and WHMCS. It's exciting to see how vulnerable a monoculture is.

@peterw yeah, I imagine it is. Imagine how exciting it will be when you will have to pay $30 for the lowest end VPS and close to a $100 to get something decent, like it was just a few short years ago. Then you'll miss this "crappy monoculture" that you like so much to laugh at!

 

[travmed]

Just got this email update from ChicagoVPS. My question is don't we need access to the SolusVM to initiate a reimage of our server is everything is lost?

[SIZE=small]This is a further status update to the recent security breach that ChicagoVPS has experienced. We have successfully restored some nodes, and the vast majority of our VPS customers are online, however we have a small percentage of nodes which still need to be worked on. Some of the nodes we are working on had data loss that we cannot restore. These nodes are LA18, ATL1, ATL4, ATL5. I you on are on one of these nodes you can safely start to rebuild, or open a ticket asking for this months refund.
    
On a positive note, it seems like SolusVM has released a new update in light of the recent incidents ( [/SIZE][SIZE=small]http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/[/SIZE][SIZE=small] ). However, at this time we do not feel comfortable enabling SolusVM access at this minute as we were a victim of their security vulnerabilities two times in the past 7 months. We are evaluating other alternative panels, but at the moment our priority is taking care of our customers and getting the impacted nodes back in working order.
    
Please understand that we have all hands on deck working tirelessly to restore service connectivity for those impacted. Therefore, our ticket response times are affected to allow us to effectively work without anything slowing us down. We apologize for the delayed ticket response times but we assure you we are making progress and working hard to get everything back to normal.

Our goal is to have everything 100% restored tomorrow. Those affected by this incident will recieve compensation.
   
Regards,

ChicagoVPS Team[/SIZE]

 

[peterw]

@peterw yeah, I imagine it is. Imagine how exciting it will be when you will have to pay $30 for the lowest end VPS and close to a $100 to get something decent, like it was just a few short years ago. Then you'll miss this "crappy monoculture" that you like so much to laugh at!

I am pissed off. Someone is trying to destroy the whole SolusVM based economy. I am seeing it but I can't believe it. If the Hostbill and WHMCS 0day exploits are true it is just the beginning.

How should providers work if they can't use SolusVM and WHMCS?

I am using this monoculture too. Nothing to laugh at!

 

[Marc M.]

I am using this monoculture too. Nothing to laugh at!

@peterw As long as providers take steps to secure them, they will be fine. There are plenty of simple solutions to prevent SQL injections and such, and on top of that providers can use CloudFlare as a reverse proxy (it's running Nginx as well). So no, the entire industry won't come crashing down.

 

[drmike]

Just got this email update from ChicagoVPS. My question is don't we need access to the SolusVM to initiate a reimage of our server is everything is lost?

I won't ask where and node you are on.  But like the last hack and fail at CVPS, they lost customer VPSes. 

. These nodes are LA18, ATL1, ATL4, ATL5.

As an end user you likely have clue which server you are on or want to waste an hour trying to figure that out.

I'd send them a ticket and ask if they lost your VPS or not.

 

[zero]

My Customers threat with lawsuit. 

ChicagoVPS cant answer the tickets.

When system up and running ?

I need net time for system up and running!

 

[MannDude]

My Customers threat with lawsuit. 

ChicagoVPS cant answer the tickets.

When system up and running ?

I need net time for system up and running!

How long have you been down for?

I'd imagine they're still quite busy and they're likely working on getting everyone back up.

What node or location were you in, out of curiosity?

 

[zero]

27 hr ago system shutdowned

I have 4 VPS

1) Atlanta Location (Important Data)

2) Chicago1 (Important Data)

3) Chicago2 (Low Important)

4) LosAngeles (Low Important)

 

[mnsalem]

30 hr ago system shutdowned

I have 4 VPS

1) Atlanta Location (Important Data)

2) Chicago1 (Important Data)

3) Chicago2 (Low Important)

4) LosAngeles (Low Important)

From their reports, the lost data on [SIZE=small]LA18, ATL1, ATL4 and ATL5[/SIZE] is gone ... irrecoverable. If your No. 1 and No. 4 VPS are on any of these .. they're a goner.

But the chicago locations weren't mentioned, so i'm guessing the backup exists for them.

Mine is still down at the moment as well ... BUF19

 

[Amitz]

I still do not understand why people who have "important" data on a VPS do not keep own backups. Really. I even have backups of the most unimportant data. If one of my VPS providers goes down, it will take me a max. of 5 hours to be fully operational at another place. And I am just a "hobbyist"... Shame on all "professionals" for not having backups.

 

[peterw]

My Customers threat with lawsuit. 

ChicagoVPS cant answer the tickets.

When system up and running ?

I need net time for system up and running!

Your customers do not have backups? You do not have backups of services you offer?

My estimation for cvps "next week". Go to another provider, untar your backups and point the domains to the new ip. 4 hours of work and everthing is fine.

 

[zero]

I have some backups not at all.

I'm still waiting but CVPS not respond any ticket or not make statement for us "customers"

Whats happen right now? I'm in darkness.

 

[AnthonySmith]

My Customers threat with lawsuit. 

No they did not and if they did then you have made promises you cannot keep that is your fault and your responsibility alone, you are no more important than any other customer of CVPS, it will be done when it is done, I have no doubt they are working hard to bring things up opening tickets and updating forums is only distracting them.