amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? [PT 2/2]

upsetcvps

upsetcvps

New Member
marcm said:
How much warning do you need as a software provider about your code being poorly written? And why do you write code like this? Sorry, but I can't fault any provider that was hit by this attack, and all I can say is that I am sorry that some of you guys had to suffer because of this:


<?php
if ($_POST['delete']) {
$xc = $db -> query('SELECT * FROM centralbackup WHERE id = \'' . $_POST['deleteid'] . '\'', true);
#[...]
if ($xc[status] == 'failed') {
exec('php /usr/local/solusvm/system/bus.php -- --comm=deletebackup --serverid=' . $xc['bserver'] . ' --nodeid=' . $vdata['nodeid'] . ' --vserverid=' . $vdata['vserverid'] . ' --filename=' . $xc['filename']);
#[...]
}
}
?>
D. Strout There's been a decoded version floating around the web for a while now, I guess that's how the vulnerability was found and exploited in the first place. Pretty lame, but it is what it is.

Guys, here is something simple that you should do immediately: restrict access to the admin path. Restrict it by IP, with a password, or ideally both. @Kujoe had some good advice as well on how to secure SolusVM.

Kind regards,

Marc
Click to expand...
what. the. fuck.
 
MannDude

MannDude

Just a dude
vpsBoard Founder
Moderator
Mun said:
MannDude, I know you don't work there, but Urpad got hit too?
Click to expand...
Yeah, don't work there anymore.

I messaged Jason earlier this morning and told him what was going on and it may be best to shut the Solus master off for a while.

Doesn't matter, Adam Ng ("Kevin Hillstrand") has had the URPad WHMCS and SolusVM DB (both dated) for a while and has always threatened to post it anytime we made him mad. I'd change your passwords anyways since I could never get the old owner to force password resets on everyone, nor have the new owners yet. Both parties have indeed been informed that this kid has dated DBs and has threatened, multiple times, to post them if we don't back off on things that upset him. (Like poking the Adam/Kevin thing, etc)
 
Last edited by a moderator:
Amitz

Amitz

New Member
That's somehow unrelated, but is this 'Adam Ng' in any way related to Adam, the former owner of VPSLatch? I still have a bone to pick with that a**hole...
 
MannDude

MannDude

Just a dude
vpsBoard Founder
Moderator
Amitz said:
That's somehow unrelated, but is this 'Adam Ng' in any way related to Adam, the former owner of VPSLatch? I still have a bone to pick with that a**hole...
Click to expand...
Yes. That requires a thread of it's own, however. Be my guest.
 
Francisco

Francisco

Company Lube
Verified Provider
netnub said:
So wait, I'm not allow to post code snippits, but he IS?
Click to expand...
The snippet from above was the source of the last exploit. If there's new code and solus patches it? You're then "fine" to post it since you've at least done due diligence by the vendor.

0-day'ing it is seen as 'poor taste' :p

Francisco
 
M

Mun

Never Forget
netnub said:
So wait, I'm not allow to post code snippits, but he IS?
Click to expand...
So you are allowed to steal WHMCS, but someone else isn't?

So you are allowed to scam people, but someone else isn't?

So you are allowed to steal databases, but someone else isn't?

These are all related to you, and it is getting to the point that you really need to grow a brain, as well as mature into something more then a sniveling rat.
 
Dan

Dan

New Member
MannDude said:
I messaged Jason earlier this morning and told him what was going on and it may be best to shut the Solus master off for a while.
Click to expand...
 

Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...
 
Otakumatic

Otakumatic

New Member
Didn't they sell URPad a while back? I thought I read about a bunch of changes at URPad on LET a while back....
 
MannDude

MannDude

Just a dude
vpsBoard Founder
Moderator
athk said:
Would of been nice of them to contact their clients about this ... Urpads support has started to go down hill too...
Click to expand...
I assumed they would have. Out of my hands.

Otakumatic said:
Didn't they sell URPad a while back? I thought I read about a bunch of changes at URPad on LET a while back....
Click to expand...
Yes, towards the beginning of May. First or second week. Can't remember.
 
fileMEDIA

fileMEDIA

New Member
Verified Provider
Solusvm 1.14.00 BETA R5 is available..no changelog yet.

This is an important security fix. You are encouraged to update as soon as possible. A full detailed report will be published at a later date.
 
Last edited by a moderator:
M

Mun

Never Forget
fileMEDIA said:
Solusvm 1.14.00 BETA R5 is available..no changelog yet.
Click to expand...
Changelog:

Removed old exploits that we forgot about

Added new exploits so we can see how well our panel is doing

Added a new feature to DDOS Stallion cause it is too good.

Created a function to ask for confirmation if you want to delete all nodes, just to make sure the hacker really wants too.

Added a Clarke button that pops up a picture of him.

Created a new function so rofl.php show a picture of a dog when it is used against the newer version because we don't like that guy.

Added new feature to make it look like CVPS is incompetent, though we really didn't need to do much.

Claimed everything is Green now, since we use more code, that does less.

Called up our lawyers to see if we are going to get sued, and they told us nope as long as you add this little tid bit in the agreement for installing this new patch.

This is all joking of course, or is it O_O

Mun
 
You must log in or register to reply here.
Top
amuck-landowner