ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

[drmike]

From LET:

ihatetonyy Member


7:57AM edited 7:57AM





In Chicago, not sure what node:

-bash-4.1# ls
Segmentation fault
-bash-4.1# uptime
Segmentation fault
-bash-4.1# ls
Segmentation fault
-bash-4.1# ps ax
Segmentation fault
-bash-4.1# ls
Segmentation fault
-bash-4.1# uptime
Segmentation fault
-bash-4.1#

 

[MannDude]

Just heard someone say they have 3 VPSes down at CVPS now.

Anyone else have things down over there?

I don't know anyone who has a VPS with them, LET probably has more who do than from here. Quick Twitter search shows a few people complaining about VPSes being down: https://twitter.com/search?q=chicagovps&src=typd

After the last incident they setup backup servers so hopefully everyone who is down has a backup made.

 

[maounique]

Guys, maybe cvps and chris in particular are unsavoury and liars, however, this is a very serious stuff, if there are 3 more vulnerabilities and maybe a full "crate" of those, we are seriously screwed and have to replace Solus.

Francisco's Stallion looks very good now, in fact too good. Coincidence ?

 

[mpkossen]

My VPS in NJ appears to be down.

 

[drmike]

Francisco's Stallion looks very good now, in fact too good. Coincidence ?

 

Didn't Stallion originally have roots in Solus?  (not to get off track)

I've never heard of Fran bringing Stallion to market as a product for other providers.  Might not be a bad idea though.

 

[Francisco]

Guys, maybe cvps and chris in particular are unsavoury and liars, however, this is a very serious stuff, if there are 3 more vulnerabilities and maybe a full "crate" of those, we are seriously screwed and have to replace Solus.

Francisco's Stallion looks very good now, in fact too good. Coincidence ?

It isn't for sale.

I will likely give a few hosts a free copy but I haven't decided who.

Francisco

 

[ashworth]

Yep right now we're down. Posted here:

http://www.webhostingtalk.com/showthread.php?p=8730252

Friggin' lame. This is getting old.

 

[Magiobiwan]

I doubt BuyVM would do this. Too risky. Anyways, if you're a provider and HAVE NOT taken SolusVM down, YOU SHOULD!

 

[MannDude]

Does anyone have a CVPS VPS that is ONLINE?

CVPS_Chris is reading this thread but I'd imagine he's too busy to respond right now.

Best of luck to everyone and hopefully their backups can be restored quickly.

 

[drmike]

if you're a provider and HAVE NOT taken SolusVM down, YOU SHOULD!

 

To reiterate, someone has posted that they have at least 3 hacks for SolusVM that are unknown and have given a 12 hour timeline for providers to lock things down.

Their rationale is that they reported the vulnerabilities to Solus and Solus hasn't done squat.

 

[mpkossen]

Does anyone have a CVPS VPS that is ONLINE?

CVPS_Chris is reading this thread but I'd imagine he's too busy to respond right now.

Best of luck to everyone and hopefully their backups can be restored quickly.

On Skype he told me they are aware of the situation, so I guess they're working on it.

 

[ihatetonyy]

Does anyone have a CVPS VPS that is ONLINE?

CVPS_Chris is reading this thread but I'd imagine he's too busy to respond right now.

Best of luck to everyone and hopefully their backups can be restored quickly.

Yes. One in LA that hasn't had any data fuckery yet and has reasonable load again.

[root@fundamental ~]# uptime
 12:17:16 up 27 days,  8:08,  1 user,  load average: 0.03, 0.13, 0.15

 

[ashworth]

Chris Fabozzi just updated in a ticket that they're working on it and will release a statement shortly (after I went crazy in a ticket).

Glad to know someone's listening at least, and that the CEO can take a moment to respond.

 

[Magiobiwan]

And read this thread too?

 

[D. Strout]

Just got an e-mail from Versatile IT stating that they have shut down SolusVM for a while - basically until after the vulnerabilities are released and the damage can be assessed.

 

[MannDude]

And read this thread too?

I'd imagine he's got the thread open on any forum talking about it hitting F5 between cussing and answering tickets. I'd be trying to stay as in the loop as possible too.

 

[ashworth]

Yeah, no kidding. Pretty much what I'm doing right now 

 

[drmike]

What a shame, I PM'd @CVPS_Chris prior to this going public telling him I wasn't sure that Kevin was doing a good job checking on system compromises since in fact Kevin doesn't exist.

Ghost employees really make lousy employees.

 

[Francisco]

Didn't Stallion originally have roots in Solus?  (not to get off track)

I've never heard of Fran bringing Stallion to market as a product for other providers.  Might not be a bad idea though.

We originally used solus but broke away after they pulled BS with us and modifying a few pages.

Stallion 1 still uses a very old solusvm skin though.

Francisco

 

[Kris]

My 3 are down. No funky messages even. Good call on the central backups. How doesn't Solus have some sort of mod security type rules in-between the web server?

The developers clearly can't secure the program, going to need predictive Mod Security / OWASP rules in between their shit software.