ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]
- Thread starter Magiobiwan
- Start date
-
- Tags
- chicagovps cvps exploit solusvm
- Status
wlanboy
Content Contributer
Yup. 54 members, 104 guests are on board now.
Yes, I stated in a above post which you removed that "for solusvm security, here is obfuscated version" which is obfuscated functions/variables.
amazing at what requesting managent to see it can do. I'll let you know what managent says when they reply.
@netnub
I can't really see you proving you've found anything. This topic is beyond a joke, looks like CVPS didn't patch quick enough like they stated. So now everyone is turning off SolusVM all because these idiots lied to cover there ass and this NetNub is making false claims!
Read SolusVM blog - it seems to be all rumours
I can't really see you proving you've found anything. This topic is beyond a joke, looks like CVPS didn't patch quick enough like they stated. So now everyone is turning off SolusVM all because these idiots lied to cover there ass and this NetNub is making false claims!
Read SolusVM blog - it seems to be all rumours
Netnub has posted source. He's sent a PM to myself with the source code as well.
I don't think it's wise to post these publicly, it's best SolusVM reviews and patches first. We don't want more hosts being impacted. I've seen some of the hits this forum has gotten from Google and judging my certain search phrases that are bringing them here I can guarantee if the source was posted on here it'd be used for anything but good.
I don't think it's wise to post these publicly, it's best SolusVM reviews and patches first. We don't want more hosts being impacted. I've seen some of the hits this forum has gotten from Google and judging my certain search phrases that are bringing them here I can guarantee if the source was posted on here it'd be used for anything but good.
Last email I have from them is an Invoice.
We most certainly did, please do not call us a liar. Just like the first hack in November Solus said nothing was wrong on their end, and then Ramnode happened and this happened.
I even asked Phil if its a possibility that hack from RamNode was the same in November and he said YES. Of course they will call it rumors so they dont look bad and the terrible product they released.
I have seen the source to and can confirm that there are some examples of really bad coding (which I have sent to SolusVM and hence those "blocks of code" refered to here http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/ which I'm sure others have notified them of too). Also, I do agree it's unwise to release source here, once it gets in the wrong hands.. Well I'm sure it already is in the wrong hands already but we don't want more.
Last edited by a moderator:
Pretty much same as what you've done. Blamed it on SolusVM? How come i know websites still running SolusVM and they've not been hacked? Bit mysterious that.........
CVPS_Chris, since you are here:
1.) Why have you not informed your clients yet? C'mon man. You should have learned from the other hack. Don't leave your clients in the dark. Just send out a mass email like all the other hosts have and explain the situation.
2.) Still going to deny the Adam = Kevin thing? I had a shit-ton of proof but was waiting to post it when (or if ever) prompted for it. Looks like I don't need to post my proof anymore.
3.) What has been impacted aside from the DB being leaked? What sort of issues are you guys experiencing? Data loss? Corrupt files? What's going on?
1.) Why have you not informed your clients yet? C'mon man. You should have learned from the other hack. Don't leave your clients in the dark. Just send out a mass email like all the other hosts have and explain the situation.
2.) Still going to deny the Adam = Kevin thing? I had a shit-ton of proof but was waiting to post it when (or if ever) prompted for it. Looks like I don't need to post my proof anymore.
3.) What has been impacted aside from the DB being leaked? What sort of issues are you guys experiencing? Data loss? Corrupt files? What's going on?
Last edited by a moderator:
Nope, you've got the complete wrong end of the stick. ;-)
Doesn't take a genius to figure out who I am or netstat is.
Hey guys, CVPS customer here, just checking in.
I've got a buffalo server and it's completely up and running.
SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS
navarr@navarr:~$ uptime
09:32:20 up 30 days, 18:32, 2 users, load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?
Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
I've got a buffalo server and it's completely up and running.
SSH, HTTP, nothing seems affected but control panel. - No Contact from CVPS
navarr@navarr:~$ uptime
09:32:20 up 30 days, 18:32, 2 users, load average: 0.04, 0.05, 0.00
It's a shame that passwords were leaked, in what looks to be a SHA1 hash - which speaks loads to the security of the system (why are they not using an actual secure password system?
Anyone who's ANYONE in the PHP world knows to use Bcrypt instead of SHA1), which would at the very least prevent rainbow tables!
Last edited by a moderator:
- Status