ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]
- Thread starter Magiobiwan
- Start date
-
- Tags
- chicagovps cvps exploit solusvm
- Status
@weservit I'm glad that something got them from sitting around on their d**** all day long and finally doing a full security audit. This begs the questions if a disaster is necessary every time for them to do something about it?!
Of course, at least 3 were reported directly to them as of yesterday.
@Mun it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.
Or they had so much bad press that an addition to a line here and there makes it all better.
Mun
This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.
Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."
Aldryic C'boas
The Pony
Well, he did find the time to come in here and try to brush off the Adam/Kevin situation, so I'm sure he'll at least make just as much time to post more status updates ASAP. To do otherwise would just be downright insulting to the clients waiting to hear something important.
The question is:
Is it safe to put it back on ?
I would say they patched so far the exploits that have been shown to them.
There should be others because I dont buy that audit stuff they are claiming.
Basically it is like this:
1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;
2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;
3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;
4. They release a fix after an "audit" saying there are more to come.
If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.
In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.
This is beyond ridiculous, what a bunch of clowns...
Is it safe to put it back on ?
I would say they patched so far the exploits that have been shown to them.
There should be others because I dont buy that audit stuff they are claiming.
Basically it is like this:
1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;
2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;
3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;
4. They release a fix after an "audit" saying there are more to come.
If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.
In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.
This is beyond ridiculous, what a bunch of clowns...
Last edited by a moderator:
Then find a new host. You are asking way too much from Cvps_chris, and I have told him this before. You bought a service with a company with a rep. for not giving out informative updates.
Here is a list of some other providers: http://vpswiki.us/
1. In light of what happened later, does anyone need any evidence ?
2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?
3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.
4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.
The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.
And you guys stated I was kidding about vulnerabilities. http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/
I believe joepie91 was already on something like that ?
We would gladly donate something to the project as long as it remains open source.
I lost hope solus would wake up after this (yet another) disaster, their whole preocupation now looks like leaning towards damage control, how much can be still denied and how much they have to aknowledge. That is no way to act in this business.
Do you have more information on this please. No reports were made.
and you stated you changed a leaf and wouldn't do anything "fishy" any longer, yet you still do.
Mun
Why don't you ask good old Humza who I gave him snippits to give to you.
Don't act dumb, it really bugs me.
Yes they were. Infinity reported it. Raised a ticket. A lot of others followed. Go through the tickets escalated.
- Status