ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

[FHN-Eric]

SolusVM management told me they are looking into it.

 

[ashworth]

Now now. Let's try to keep this on topic.

Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?

I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?

Just this at 2:26 AM PST in a ticket:

SolusVM was hacked, and a user started deleting data. We are not sure what the total overall damage is yet.
If you are offline, its because the data was deleted, not that we turned them off. If you are in any location other than Atlanta, we have backups

Regards

---------------

Chris Fabozzi

CEO / Director of Operations

 

[MCH-Phil]

1.) Why have you not informed your clients yet? C'mon man. You should have learned from the other hack. Don't leave your clients in the dark. Just send out a mass email like all the other hosts have and explain the situation.

Not emailing your customers is just bad.  Great job @CVPS_Chris!

 

[Mun]

My question is why don't providers have nginx block things that aren't needed by clients?

 

[rds100]

I have seen the source to and can confirm that there are some examples of really bad coding (which I have sent to SolusVM and hence those "blocks of code" refered to here http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/ which I'm sure others have notified them of too). Also, I do agree it's unwise to release source here, once it gets in the wrong hands.. Well I'm sure it already is in the wrong hands already but we don't want more.

If you've seen the code just post it somewhere and let everyone else see it, goddamnit. That's the best thing you can do and that's the only thing that could help secure the damn code.

 

[MannDude]

Hey guys, CVPS customer here, just checking in.

I've got a buffalo server and it's completely up and running.  

SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS


navarr@navarr:~$ uptime
 09:32:20 up 30 days, 18:32,  2 users,  load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?  

Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!

Thanks for the report, glad to know it's up and running and not everyone was impacted with downed servers / data loss. I do think the fact they've yet to make any public announcements to warn their customers about their information being leaked is very, very worrying. I hope they do that soon.

Also, welcome to vpsBoard. I hope you stick around and enjoy your stay!

Just this at 2:26 AM PST in a ticket:

Thanks for the update! Good to see they're around and actively responding to tickets.

 

[JDiggity]

Nope, you've got the complete wrong end of the stick. ;-)

Doesn't take a genius to figure out who I am or netstat is.

I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.

 

[concerto49]

I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.

notFound can be found on LET as a mod. Hint hint.

 

[JDiggity]

ahhh that says it all.

 

[MannDude]

notFound can be found on LET as a mod. Hint hint.

I know who he is, but not sure if he wants to me tell or not. There are a lot of members with aliases on here from LET... =]

 

[FHN-Eric]

I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.

Just to point out, I joined before him. Why does he keep following me? 24khost, I got to webhostrally.com before you did.

 

[FHN-Eric]

I know who he is, but not sure if he wants to me tell or not. There are a lot of members with aliases on here from LET... =]

This might be a wild guess, but could it be Liam?

 

[GIANT_CRAB]

So much drama, I like.

 

[mnsalem]

Hey guys, CVPS customer here, just checking in.

I've got a buffalo server and it's completely up and running.  

SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS


navarr@navarr:~$ uptime
 09:32:20 up 30 days, 18:32,  2 users,  load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?  

Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!

Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.

 

[MannDude]

Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.

Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?

If you've got a VPS up or down, I think it's beneficial to post what node you're on so other members on the same node can comment if they're up/down too.

 

[FHN-Eric]

Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.

If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring data

 

[saliq]

Anyone know where I can get this database file ? I would like to see if I`m in it... 

Im in NY DC and no downtime so far, everything is working..

10:14:39 up 30 days, 21:47,  3 users,  load average: 0.00, 0.00, 0.00

 

[netnub]

Loved or hated but never ignored.


I contacted solusvm in ticket my ticket was deleted. Will upload pictures later when I get off iPhone.

 

[MannDude]

If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring data

After they got hacked in November they added backup nodes. Not sure how many or how often backups of VMs are made. Not sure if it's automatic or an additional feature customers have to activate themselves or what. If you're in Atlanta, and your vps data is gone, it's gone. Chris or Adam or someone said on LET all locations are backed up other than Atlanta. So who knows?

 

[mnsalem]

Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?

If you've got a VPS up or down, I think it's beneficial to post what node you're on so other members on the same node can comment if they're up/down too.

Thanks!

How do I find out? Is there a way to find out which is it without Solus (which is offline until now)?


If their IP Addresses are split on nodes, then I'm on the one with the 192.227.xxx.xxx subnet (UPDATE: buf19 node) (if there's a risk posting this feel free to remove it)


I'm trying to check via the client area for any information on that ... unsuccessful so far. the billing site is vey slow at the moment.