amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? (Content Restored) [PT. 1/2]

Status
Not open for further replies.
drmike

drmike

100% Tier-1 Gogent
Well we are at the 5 day mark.  120 hours now downtime for folks still offline ...

Who else is still down and what server/location?
 
S

srichter

New Member
As we finish up installing the new VPS' on the final machines I wanted to give an update. Within the next 5 hours, all OpenVZ VPS' should be installed and completed ready for you to restore.

We still have a few Xen machines that had severe damage to them, we are still going to working on them and will be ready tomorrow. I will make a decision tonight about compesation and release another email in the morning. We would like to thank everyone once again for all your patience.

Here at ChicagoVPS we want to ensure this will never happen again in the future. We are in the progress of working closely with a security firm for a complete audit over our infrastructure.

Thank you

The ChicagoVPS Team
Click to expand...
 
Last edited by a moderator:
M

mnsalem

New Member
srichter said:
As we finish up installing the new VPS' on the final machines I wanted to give an update. Within the next 5 hours, all OpenVZ VPS' should be installed and completed ready for you to restore.

We still have a few Xen machines that had severe damage to them, we are still going to working on them and will be ready tomorrow. I will make a decision tonight about compesation and release another email in the morning. We would like to thank everyone once again for all your patience.

Here at ChicagoVPS we want to ensure this will never happen again in the future. We are in the progress of working closely with a security firm for a complete audit over our infrastructure.

Thank you

The ChicagoVPS Team
Click to expand...
Click to expand...
"completed ready for you to restore" ???


So .. no news about the backups at alll? :/
 
drmike

drmike

100% Tier-1 Gogent
srichter said:
srichter, on 22 Jun 2013 - 04:07 AM, said:   Quote We are in the progress of working closely with a security firm for a complete audit over our infrastructure.    
Click to expand...
 

Oh boy.   That quotable he'll wish in the future that the internet wouldn't remember or be able to be found.
 
S

Swift

New Member
mnsalem said:
"completed ready for you to restore" ???


So .. no news about the backups at alll? :/
Click to expand...
Saw that and got really worried.

VPS up here but not restored or anything. Sent them a ticket, hopefully they answer with a specific answer rather than a generic copy and paste reply.
 
saltspork

saltspork

New Member
My VPS on la-vps20 is up with my default root password, but imaged with CentOS 5 (which I had never used). It looks the same story for every other machine on the node, judging by the default Apache page. Better than nothing...

I haven't got any useful response to my fresh installation ticket yet, just two generic copy-pastes.
 
upsetcvps

upsetcvps

New Member
ok so vps is back up but this is troubling: my ssh client is not warning me that the server's fingerprint has changed so I assume it matches what it was before the hack.  However, I also cannot log in using ssh keys so not everything is the same (and I can't seem to log in using passwords either...).  Can anyone provide some insight?
 
Last edited by a moderator:
M

maounique

Active Member
upsetcvps said:
ok so vps is back up but this is troubling: my ssh client is not warning me that the server's fingerprint has changed so I assume it matches what it was before the hack.  However, I also cannot log in using ssh keys so not everything is the same (and I can't seem to log in using passwords either...).  Can anyone provide some insight?
Click to expand...
Use solus console to login then change password and key.
 
J

jfreak53

New Member
As we finish up installing the new VPS' on the final machines I wanted to give an update. Within the next 5 hours, all OpenVZ VPS' should be installed and completed ready for you to restore.
We still have a few Xen machines that had severe damage to them, we are still going to working on them and will be ready tomorrow. I will make a decision tonight about compesation and release another email in the morning. We would like to thank everyone once again for all your patience.

Here at ChicagoVPS we want to ensure this will never happen again in the future. We are in the progress of working closely with a security firm for a complete audit over our infrastructure.

Thank you

The ChicagoVPS Team
Click to expand...
So basically they lied about everything, thanks Chris, and they have zero backups and we are on our own! :) That's fine but they should have said that to begin with and I wouldn't have trusted their TOS saying they "had" backups. So now I've been lying to my customers this entire time saying the company had backups of some and they might get it ha ha ha Thanks a lot cVPS.
 
J

jacobsta811

New Member
upsetcvps said:
ok so vps is back up but this is troubling: my ssh client is not warning me that the server's fingerprint has changed so I assume it matches what it was before the hack.  However, I also cannot log in using ssh keys so not everything is the same (and I can't seem to log in using passwords either...).  Can anyone provide some insight?
Click to expand...
The slices that are back up use whatever password *solusvm* has for you (nothing restored - they reinstalled over my chicago slice that was back down). So the password is whatever the hacked file says it is, ironically. IE if you changed your password using "passwd" they don't have it, so they couldn't reset it to that password, and they *didn't* reset all passwords even though they should; and I agree, I am not actually using these slices until I can reimage a fresh install on and change the password *immediately*. If you want to see what they brought up, dig up the initial email from when they provisioned you and it should have the password that is currently on the slice. Not sure why your key didn't change though - all of mine did; that might be a client issue on your end with it not alerting you.

My only VPS offline this morning is the one that I shut down, but all my Ubuntu nodes still fail apt-get so something is wrong with the nameservers in whatever image they were using.

Edit to add, no, they clearly had some backups from some time - my chicago node initially was restored intact it looked like, then taken down and later reimaged over with a fresh install. So they had some level of backups (for some nodes - not atlanta) but no procedure for restoring them in any mass way.
 
Last edited by a moderator:
J

jfreak53

New Member
Well for me the passwords used at signup, I have them all stored, yet those are not it. So even though fresh installs are there I can't give passwords to my clients because I have no clue what they are ha ha. Great cVPS.
 
bellicus

bellicus

New Member
I'm on Chicago-44 and I've been down since then, And they can't seem to give me an honest answer about my vps or not..
 
upsetcvps

upsetcvps

New Member
jacobsta811 said:
 Not sure why your key didn't change though - all of mine did; that might be a client issue on your end with it not alerting you.
Click to expand...
I don't think it's a client issue.  The last write to my ~/.ssh/known_hosts was about a month ago, I've visually confirmed the fingerprint in ~/.ssh/known_hosts and the new one presented to me match, and my client alerts me if I change a key on a different server.
 
Status
Not open for further replies.
Top
amuck-landowner