Just this at 2:26 AM PST in a ticket:Now now. Let's try to keep this on topic.
Those of you with servers at CVPS, have they sent out client wide emails yet informing their clients to reset passwords? Any official word from them?
I don't see anything on their Twitter or Facebook, so curious if they're taking this instance more serious than the last one. Are all the VPSes back online now?
SolusVM was hacked, and a user started deleting data. We are not sure what the total overall damage is yet.
If you are offline, its because the data was deleted, not that we turned them off. If you are in any location other than Atlanta, we have backups
Regards
---------------
Chris Fabozzi
CEO / Director of Operations
Not emailing your customers is just bad. Great job @CVPS_Chris!1.) Why have you not informed your clients yet? C'mon man. You should have learned from the other hack. Don't leave your clients in the dark. Just send out a mass email like all the other hosts have and explain the situation.
If you've seen the code just post it somewhere and let everyone else see it, goddamnit. That's the best thing you can do and that's the only thing that could help secure the damn code.I have seen the source to and can confirm that there are some examples of really bad coding (which I have sent to SolusVM and hence those "blocks of code" refered to here http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/ which I'm sure others have notified them of too). Also, I do agree it's unwise to release source here, once it gets in the wrong hands.. Well I'm sure it already is in the wrong hands already but we don't want more.
Thanks for the report, glad to know it's up and running and not everyone was impacted with downed servers / data loss. I do think the fact they've yet to make any public announcements to warn their customers about their information being leaked is very, very worrying. I hope they do that soon.Hey guys, CVPS customer here, just checking in.
I've got a buffalo server and it's completely up and running.
SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS
navarr@navarr:~$ uptime
09:32:20 up 30 days, 18:32, 2 users, load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?
Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
Thanks for the update! Good to see they're around and actively responding to tickets.Just this at 2:26 AM PST in a ticket:
I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.Nope, you've got the complete wrong end of the stick. ;-)
Doesn't take a genius to figure out who I am or netstat is.
notFound can be found on LET as a mod. Hint hint.I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.
notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.
I know who he is, but not sure if he wants to me tell or not. There are a lot of members with aliases on here from LET... =]notFound can be found on LET as a mod. Hint hint.
Just to point out, I joined before him. Why does he keep following me? 24khost, I got to webhostrally.com before you did.I am not sure who netstat is but signed his post /johnny which I figured since Eric is here JohnnyDbag can't be far behind.
notFound not sure haven't read alot of your posts, so can't tell who you are based on this thread.
This might be a wild guess, but could it be Liam?I know who he is, but not sure if he wants to me tell or not. There are a lot of members with aliases on here from LET... =]
Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.Hey guys, CVPS customer here, just checking in.
I've got a buffalo server and it's completely up and running.
SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS
navarr@navarr:~$ uptime
09:32:20 up 30 days, 18:32, 2 users, load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?
Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?Seems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.
my MISTAKE is not looking up CVPS online before ordering.
If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring dataSeems like you're one of them lucky ones ... in Buffalo here as well and my VPS is down .. Maybe I'm on a different node .. who knows? What i know for sure is that I'm moving out the moment its back up from the backup.
my MISTAKE is not looking up CVPS online before ordering.
After they got hacked in November they added backup nodes. Not sure how many or how often backups of VMs are made. Not sure if it's automatic or an additional feature customers have to activate themselves or what. If you're in Atlanta, and your vps data is gone, it's gone. Chris or Adam or someone said on LET all locations are backed up other than Atlanta. So who knows?If your looking for a new provider, 24khost, NodeDeploy, WSWD, and SonicVPS are good providers. Hope CVPS did good backups on a regular bases, if the backup is corrupt that wont be usefull in restoring data
Thanks!Welcome to vpsBoard as well. Seems a few new members have been joining when searching about the CVPS hack it seems? What node are you on?
If you've got a VPS up or down, I think it's beneficial to post what node you're on so other members on the same node can comment if they're up/down too.