Is there any evidence backing up their claim? I mean aside from the ChicagoVPS hack?To reiterate, someone has posted that they have at least 3 hacks for SolusVM that are unknown and have given a 12 hour timeline for providers to lock things down.
Their rationale is that they reported the vulnerabilities to Solus and Solus hasn't done squat.
Is there any evidence backing up their claim? I mean aside from the ChicagoVPS hack?
Definitely agree, but I'm just trying to figure out how much chance that this is just some guy making idle threats.Ahh, nope. But real providers would be mighty foolish not to take strong precautionary actions to prevent being a victim.
If this is the case I will not be using SolusVM any longer.If SolusVM was truly warned about a new exploit, and did not act on it, then shame on them.
...If only it were that easy. There is no really good, no-compromise alternative. SolusVM comes with its own compromises, but generally it works. And people are familiar with it. It won't be easy for any provider to just wave bye-bye to something so well-established.If this is the case I will not be using SolusVM any longer.
There is no really good, no-compromise alternative. SolusVM comes with its own compromises, but generally it works.
@BradND said: Pulled our solus, seriously suggest everyone else does also
@Patrik: Done the same.
@Magiobiwan: I just pulled BlueVM's SolusVM down as well.
@Maounique: Yes, did too, shut down the machine just to make sure this is not a backdoor left by someone using the old exploit, checked before but you can never be sure, if the 3 new exploits are jokes, we will just reinstall, but so far looks grim.
@john: We've also taken our SolusVM offline now. Better safe than sorry.
@trewq: Versatile IT's SolusVM is now shutdown.
@AnthonySmith: Shut the solusvm masters down completely to avoid being hit, this is just messed up.
That's hilarious. I've been saying it all along.Liam over at LET has read the Kevin = Adam info and he....
About damn time. Permabanning the account would be the right thing to do.
We had patched the centralbackup.php almost immediately on Sunday morning, and per a post on LEB ( http://www.lowendbox.com/blog/solusvm-vulnerability/#comment-121070 ) - there may be more problems with SolusVM. We've been told that other code besides the originally exploited centralbackup.php also utilizes the PHP exec function, and I personally do not believe it is safe as of right now for any provider to have their SolusVM install on right now until we have a better understanding of things. SolusVM's management staff are engaged and working closely with us.
Further updates will be posted shortly as we work through this ordeal.
BradND Member
9:21AM
@CVPS_Adam I'm not sure anyone cares about you being hacked, why did you lie about being kevin?
Bradley, NodeDeploy