Wouldnt hold my breath on him doing that.
ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]
- Thread starter Magiobiwan
- Start date
-
- Tags
- chicagovps cvps exploit solusvm
- Status
And if someone restricts access to only the admin api and only lets the WHMCS plugin access? Leaving solus down makes for angry villagersMaybe we should stop twittling our thumbs and do something about it?
The following code has been obfuscated for solusvms security:
Simple fact is, if he knows what the problem is and doesn't bother telling the developers then ultimately he's harming himself. No-one will trust him, no-one will want is control panel and no-one will want to provide him with services.
Look at this logically - he is holding every single provider who uses SolusVM to ransom. Do you really want someone like that hanging around?
I have reported the vulns I have been made aware of to SolusVM by that little birdy, it doesn't really take a genuis to figure any of them out once you have access to the un-encoded version of SolusVM. I'm not holding my breath on SolusVM responding.
(Yes, and I'm sure I've just given away to everyone who I actually am. ;-))
(Yes, and I'm sure I've just given away to everyone who I actually am. ;-))
Last edited by a moderator:
I just told solus about that as well, and linked them to this thread. Now to hope they get it to managent as requested
Nice IP address, you may want to hide that.I just told solus about that as well, and linked them to this thread. Now to hope they get it to managent as requested
Your point? I got nothing to hide, its just an ip.
Now now. Let's try to keep this on topic.
Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?
I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?
Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?
I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?
I don't see what the big deal is. Security researchers find bugs and exploits all day long. Most of the time they reach out to the vendor and either work a deal out with them on a release date of the bug/exploit or if they don't hear anything, they just release it as a 0day. He said he reached out to solus initially and never heard back from them, then as this thread blew up all of sudden solus is interested in hearing what's wrong with their product.
I would much rather hear about an issue with something I'm using and know the problem is there rather then not hear anything at all and just have my shit pwned all day long.
I would much rather hear about an issue with something I'm using and know the problem is there rather then not hear anything at all and just have my shit pwned all day long.
Wow a bit harsh. Sure Curtis found an exploit, but I highly doubt he is stupid enough to hack CVPS, of course I've been wrong before.
Personally, I'd like to see proof that anything that this curtis guy said he did is true. All of the stuff he posted till now is pretty much BS, including the parts of the Solus code he posted.
Exactly
- Status