amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.

FHN-Eric

Member
Verified Provider
SolusVM management told me they are looking into it.

solus3.png
 

ashworth

New Member
Now now. Let's try to keep this on topic.

Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?

I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?
Just this at 2:26 AM PST in a ticket:

SolusVM was hacked, and a user started deleting data. We are not sure what the total overall damage is yet.
If you are offline, its because the data was deleted, not that we turned them off. If you are in any location other than Atlanta, we have backups

Regards

---------------

Chris Fabozzi

CEO / Director of Operations
 

MCH-Phil

New Member
Verified Provider
1.) Why have you not informed your clients yet? C'mon man. You should have learned from the other hack. Don't leave your clients in the dark. Just send out a mass email like all the other hosts have and explain the situation.
Not emailing your customers is just bad.  Great job @CVPS_Chris!
 

rds100

New Member
Verified Provider
I have seen the source to and can confirm that there are some examples of really bad coding (which I have sent to SolusVM and hence those "blocks of code" refered to here http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/ which I'm sure others have notified them of too). Also, I do agree it's unwise to release source here, once it gets in the wrong hands.. Well I'm sure it already is in the wrong hands already but we don't want more.
If you've seen the code just post it somewhere and let everyone else see it, goddamnit. That's the best thing you can do and that's the only thing that could help secure the damn code.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Hey guys, CVPS customer here, just checking in.

I've got a buffalo server and it's completely up and running.  

SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS


navarr@navarr:~$ uptime
 09:32:20 up 30 days, 18:32,  2 users,  load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?  

Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
Thanks for the report, glad to know it's up and running and not everyone was impacted with downed servers / data loss. I do think the fact they've yet to make any public announcements to warn their customers about their information being leaked is very, very worrying. I hope they do that soon.

Also, welcome to vpsBoard. I hope you stick around and enjoy your stay!

Just this at 2:26 AM PST in a ticket:
Thanks for the update! Good to see they're around and actively responding to tickets.
 

JDiggity

New Member
Nope, you've got the complete wrong end of the stick. ;-)

Doesn't take a genius to figure out who I am or netstat is.
I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.
 

concerto49

New Member
Verified Provider
I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.
notFound can be found on LET as a mod. Hint hint.
 

FHN-Eric

Member
Verified Provider
I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.

notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.
Just to point out, I joined before him. Why does he keep following me? 24khost, I got to webhostrally.com before you did.
 

mnsalem

New Member
Hey guys, CVPS customer here, just checking in.

I've got a buffalo server and it's completely up and running.  

SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS


navarr@navarr:~$ uptime
 09:32:20 up 30 days, 18:32,  2 users,  load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?  

Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.
Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?

If you've got a VPS up or down, I think it's beneficial to post what node you're on so other members on the same node can comment if they're up/down too.
 

FHN-Eric

Member
Verified Provider
Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.


my MISTAKE is not looking up CVPS online before ordering.
If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring data
 

saliq

New Member
Anyone know where I can get this database file ? I would like to see if I`m in it... 

Im in NY DC and no downtime so far, everything is working..

10:14:39 up 30 days, 21:47,  3 users,  load average: 0.00, 0.00, 0.00
 

netnub

New Member
Loved or hated but never ignored.


I contacted solusvm in ticket my ticket was deleted. Will upload pictures later when I get off iPhone.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring data
After they got hacked in November they added backup nodes. Not sure how many or how often backups of VMs are made. Not sure if it's automatic or an additional feature customers have to activate themselves or what. If you're in Atlanta, and your vps data is gone, it's gone. Chris or Adam or someone said on LET all locations are backed up other than Atlanta. So who knows?
 

mnsalem

New Member
Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?

If you've got a VPS up or down, I think it's beneficial to post what node you're on so other members on the same node can comment if they're up/down too.
Thanks!

How do I find out? Is there a way to find out which is it without Solus (which is offline until now)?


If their IP Addresses are split on nodes, then I'm on the one with the 192.227.xxx.xxx subnet (UPDATE: buf19 node) (if there's a risk posting this feel free to remove it)


I'm trying to check via the client area for any information on that ... unsuccessful so far. the billing site is vey slow at the moment.
 
Last edited by a moderator:
Status
Not open for further replies.
Top
amuck-landowner