amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.

texteditor

Premium Buffalo-based Hosting
30 hr ago system shutdowned

I have 4 VPS

1) Atlanta Location (Important Data)

2) Chicago1 (Important Data)

3) Chicago2 (Low Important)

4) LosAngeles (Low Important)

You were hosting it on ChicagoVPS, it couldn't have been that important
 

zero

New Member
No they did not and if they did then you have made promises you cannot keep that is your fault and your responsibility alone, you are no more important than any other customer of CVPS, it will be done when it is done, I have no doubt they are working hard to bring things up opening tickets and updating forums is only distracting them.

yes my fault i miss my backups but, i pay for money for service and stability is this cpvs problem not mine. But problem or hack or whatever happed. I 'm wait statement or any respose from cpvs u understand me. 
 

zero

New Member
You were hosting it on ChicagoVPS, it couldn't have been that important
ok before sale cvps say to customer/s if your data not important i will host you. had to say If your important data please leave us.

This problem for me, no money no time 
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
yes my fault i miss my backups but, i pay for money for service and stability is this cpvs problem not mine. But problem or hack or whatever happed. I 'm wait statement or any respose from cpvs u understand me. 
I think the best case scenario is you may get a free month of service for the servers impacted. I assume they're quite busy, I'm not quite sure what all was impacted nor how many nodes or backups they've got to restore but I'd imagine you're in queue and will get processed soon. I'd refrain from bumping your ticket, as most providers will process requests at the top of the queue who have waited the longest. Responding to your own ticket updates it, and places it back at the bottom of the queue.

Why would your customers sue you? Your SLA should not promise anything more than the SLA CVPS has for you.

Best of luck in getting it all sorted,
 

redjersey

New Member
I am pissed off. Someone is trying to destroy the whole SolusVM based economy. I am seeing it but I can't believe it. If the Hostbill and WHMCS 0day exploits are true it is just the beginning.

How should providers work if they can't use SolusVM and WHMCS?

I am using this monoculture too. Nothing to laugh at!
this wouldn't happen if those programmers did their job.

you can't just "hide" the code by using ioncube and hope that no one will find the exploit.

if code can be encrypted, it can be decrypted. if you don't believe go visit decry.pt.
 

zero

New Member
"Why would your customers sue you? Your SLA should not promise anything more than the SLA CVPS has for you."

data, money, time you choose :)
 

netnub

New Member
ChicagoVPS, treating you as a number, not a name:

6298,

This is a further status update to the recent security breach that ChicagoVPS has experienced. We have successfully restored some nodes, and the vast majority of our VPS customers are online, however we have a small percentage of nodes which still need to be worked on. Some of the nodes we are working on had data loss that we cannot restore. These nodes are LA18, ATL1, ATL4, ATL5. I you on are on one of these nodes you can safely start to rebuild, or open a ticket asking for this months refund.
    
On a positive note, it seems like SolusVM has released a new update in light of the recent incidents ( 
http://blog.soluslabs.com/2013/06/19/security-updates-available-for-all-solusvm-versions/ ). However, at this time we do not feel comfortable enabling SolusVM access at this minute as we were a victim of their security vulnerabilities two times in the past 7 months. We are evaluating other alternative panels, but at the moment our priority is taking care of our customers and getting the impacted nodes back in working order.
    
Please understand that we have all hands on deck working tirelessly to restore service connectivity for those impacted. Therefore, our ticket response times are affected to allow us to effectively work without anything slowing us down. We apologize for the delayed ticket response times but we assure you we are making progress and working hard to get everything back to normal.

Our goal is to have everything 100% restored tomorrow. Those affected by this incident will recieve compensation.
    
Regards,

ChicagoVPS Team
 

Flapadar

Member
Verified Provider
My Customers threat with lawsuit. 

ChicagoVPS cant answer the tickets.

When system up and running ?

I need net time for system up and running!
Easy solution to that. Set their services to be cancelled at the end of the billing period, tell them "We won't respond any more. Please have your lawyer contact us / our lawyer by snail mail"

And then problem solved. 
 

johnnyd95

New Member
Me and Curtis G are releasing 0day vun for hostbill and whmcs in 2 days on Friday at noon 12pm est. :popcorn:

And yes, we can hack engwish
 

Reece-DM

New Member
Verified Provider
Me and Curtis G are releasing 0day vun for hostbill and whmcs in 2 days on Friday at noon 12pm est. :popcorn:


And yes, we can hack engwish
Of course you are!


Next you'll be releasing remote root access to cpanel I hope?


Oh hold up that won't happen either your just some kid trying to get publicity in an idiotic delusional way.
 

johnnyd95

New Member
Of course you are!


Next you'll be releasing remote root access to cpanel I hope?


Oh hold up that won't happen either your just some kid trying to get publicity in an idiotic delusional way.

Releasing remote root access to cPanel, not a bad idea, I'll have to suggest that to Curtis G. Thanks for the idea :popcorn:
 

epaslv

New Member
yes my fault i miss my backups but, i pay for money for service and stability is this cpvs problem not mine. But problem or hack or whatever happed. I 'm wait statement or any respose from cpvs u understand me. 
My friend, You take a big risk by using a LEB for mission critical service.

 

1) You have to spend more money and get backups in place with another provider.

2) Then then spend more money again, and backup the backups to a different provider in another country.
 

epaslv

New Member
I have some backups not at all.

I'm still waiting but CVPS not respond any ticket or not make statement for us "customers"

Whats happen right now? I'm in darkness.
This can happen as they are probably in "all-hands-on-deck" mode, trying to recover from a disaster.

I have worked with many companies who are ITIL certified. In the ITIL world they place more importance on "Incident Management" than trying to restore the fault. This is because notifying and updating your customers of the incident is of more value than restoring the fault.

I am not saying it is not important. It just that while you are dealing with a "disaster" you have to take care of the business side of things.
 

rbreding

New Member
Have read enough of this....have to comment now.

I have a VPS with them and it wasn't affected, passwords changed, moved on.  This VPS is a backup and a test area.  BUT I still have my own backups.

When I take on a new client the first thing that is done is new backups are made a a daily backup system is made.  If someone pays you to "service" them don't you value your time in trying to recover ?  All of my clients have AT LEAST 2 local and 1 remote backup.  If they aren't willing to let me make sure they are protected then I will not take them on as a client.  But the flipside of that is then I am responsible to make sure it is done and tested periodically.

Shame on people for not making sure they have their own backups.
 

chronos511

New Member
It totally blows my mind the number of people screaming because they didn't have their own back up. All I lost on my VPS was my backup MX config, a ZNC install I had just done and an OTRS install I was just playing around with. I admit I didn't have a backup but ya know what? Had say, the OTRS been a bloody live help desk I would have had a back up. You *never* rely on someone else to do your backups for you even if they say they will. I hadn't done one because quite frankly I don't care one way or the other if I lost it all.

With that said, I'd love to know when I can get back in. I miss my ZNC. ;-)
 

upsetcvps

New Member
cvps says it makes backups after the last incident.  Turns out they have no clue.  Some nodes don't have backups at all and they're not even sure how old the last backups were for the nodes that do have backups.

If this was the first time this happened to you, cvps, ok maybe I cut you some slack.  But it's not.  And you should know better.  You should learn from your mistakes in the past.  You should know to inform your customers in a timely manner and keep them up to date.  But you don't.  Sure, I didn't expect much from you.  But having used more expensive providers like Linode, I didn't think the premium paid for the name was worth what they provide (and it's not).  But cvps, you managed to surprise me even with my low expectations of you.  You could have handled this worse, but not by much.
 

texteditor

Premium Buffalo-based Hosting
I don't give a shit if you are paying $3/mo or $300/mo on a service,

DON'T RELY ON YOUR PROVIDER FOR BACKUPS, YOU IDIOTS
 
Status
Not open for further replies.
Top
amuck-landowner