amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.

mitgib

New Member
Verified Provider
Maybe we should stop twittling our thumbs and do something about it?

The following code has been obfuscated for solusvms security:

KRlaOS0.png
And if someone restricts access to only the admin api and only lets the WHMCS plugin access?  Leaving solus down makes for angry villagers
 

MartinD

Retired Staff
Verified Provider
Retired Staff
Wouldnt hold my breath on him doing that. 
Simple fact is, if he knows what the problem is and doesn't bother telling the developers then ultimately he's harming himself. No-one will trust him, no-one will want is control panel and no-one will want to provide him with services.

Look at this logically - he is holding every single provider who uses SolusVM to ransom. Do you really want someone like that hanging around?
 

notFound

Don't take me seriously!
Verified Provider
I have reported the vulns I have been made aware of to SolusVM by that little birdy, it doesn't really take a genuis to figure any of them out once you have access to the un-encoded version of SolusVM. I'm not holding my breath on SolusVM responding.

(Yes, and I'm sure I've just given away to everyone who I actually am. ;-))
 
Last edited by a moderator:

D. Strout

Resident IPv6 Proponent
So... have I missed something? When/where are/have been these vulnerabilities being/been posted?
 

FHN-Eric

Member
Verified Provider
I have reported the vulns I have been made aware of to SolusVM by that little birdy, it doesn't really take a genuis to figure any of them out once you have access to the un-encoded version of SolusVM. I'm not holding my breath on SolusVM responding.

(Yes, and I'm sure I've just given away to everyone who I actually am. ;-))
I just told solus about that as well, and linked them to this thread. Now to hope they get it to managent as requested :)

solus.png
 

notFound

Don't take me seriously!
Verified Provider
I didn't just tell about the thread, I have examples to them as they requested (they responded fast, let's see if they respond fast again). :)

EDIT: They're "looking into it now."
 
Last edited by a moderator:

netsat

New Member
The only kid around here is you. You enjoy making trouble for providers who are just trying to make a living - not to mention all the users.

/Johnny
 

vanarp

Active Member
This is interesting...

80 user(s) are reading this topic
26 members, 53 guests, 0 anonymous users
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Now now. Let's try to keep this on topic.

Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?

I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?
 

uidzer0

New Member
I don't see what the big deal is. Security researchers find bugs and exploits all day long. Most of the time they reach out to the vendor and either work a deal out with them on a release date of the bug/exploit or if they don't hear anything, they just release it as a 0day. He said he reached out to solus initially and never heard back from them, then as this thread blew up all of sudden solus is interested in hearing what's wrong with their product.

I would much rather hear about an issue with something I'm using and know the problem is there rather then not hear anything at all and just have my shit pwned all day long.
 

MartinD

Retired Staff
Verified Provider
Retired Staff
Personally, I'd like to see proof that he contacts Solus and that they ignored what he had to say.

It makes no sense for any developer to do that.
 

vld

New Member
Verified Provider
Personally, I'd like to see proof that he contacts Solus and that they ignored what he had to say.
Personally, I'd like to see proof that anything that this curtis guy said he did is true. All of the stuff he posted till now is pretty much BS, including the parts of the Solus code he posted. 
 
Status
Not open for further replies.
Top
amuck-landowner