amuck-landowner

ChicagoVPS / CVPS Hacked. New SolusVM exploit? [PT 2/2]

weservit

weservit

New Member
Verified Provider
PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSIONS OF SOLUSVM, INCLUDING BETA VERSIONS.

As you may be aware we are currently running a full in house and external code audit. This release contains several important security fixes for all versions of SolusVM.

We highly suggest you update your system as soon as possible. Updates are available through the normal channels.

Latest Stable Version: 1.14.00 R5
Latest Beta Version: 1.13.05

Please be aware the audit is still underway and more updates may follow.

Thank you for your co-operation and understanding.

Regards,
Soluslabs Security Team
 
drmike

drmike

100% Tier-1 Gogent
Official thing there @weservit?  Have a URL to confirm that?

Glad to see Soluslabs getting off their arses and doing something other than denying.
 
Marc M.

Marc M.

Phoenix VPS
Verified Provider
@Mun,

I would add this: "Created a function to delete all VMs from all nodes just to see if the hacker can find it..." ROFL

and

this: "Added dead simple functionality to facilitate a MySQL injection exploit to see if anyone could find it in less than two months..." again ROFL ... well, it took the hacker almost two months minus four days to find it. IIRC about two months ago someone posted a iDezender decoded SolusVM online.

Classic Gold Mun :lol:
 
weservit

weservit

New Member
Verified Provider
I see multiple modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..
 
Last edited by a moderator:
Marc M.

Marc M.

Phoenix VPS
Verified Provider
weservit said:
I see a lot of modified files in the /usr/local/solusvm/www folder. Looks like they found more than 1 exploit..
Click to expand...
@weservit I'm glad that something got them from sitting around on their d**** all day long and finally doing a full security audit. This begs the questions if a disaster is necessary every time for them to do something about it?!
 
Marc M.

Marc M.

Phoenix VPS
Verified Provider
Mun said:
Shhh, they really added new ones.
Click to expand...
@Mun it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.
 
M

Mun

Never Forget
marcm said:
@Mun it's either that or they are paying their coders so poorly that every so often their employees plant one or two Easter eggs in the code. Since they don't audit it unless a disaster like this one happens, no one cares. I don't see them jumping on their swords any time soon because they've messed up.
Click to expand...
Or they had so much bad press that an addition to a line here and there makes it all better.

Mun
 
I

ItsGermy

New Member
CVPS_Chris said:
Jfreak, we are still working to get the remaining nodes online.
Click to expand...
This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.

Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."
 
Aldryic C'boas

Aldryic C'boas

The Pony
ItsGermy said:
We don't have time to update....
Click to expand...
Well, he did find the time to come in here and try to brush off the Adam/Kevin situation, so I'm sure he'll at least make just as much time to post more status updates ASAP. To do otherwise would just be downright insulting to the clients waiting to hear something important.
 
M

maounique

Active Member
The question is:

Is it safe to put it back on ?

I would say they patched so far the exploits that have been shown to them.

There should be others because I dont buy that audit stuff they are claiming.

Basically it is like this:

1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;

2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;

3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;

4. They release a fix after an "audit" saying there are more to come.

If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.

In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.

This is beyond ridiculous, what a bunch of clowns...
 
Last edited by a moderator:
concerto49

concerto49

New Member
Verified Provider
Mao said:
The question is:

Is it safe to put it back on ?

I would say they patched so far the exploits that have been shown to them.

There should be others because I dont buy that audit stuff they are claiming.

Basically it is like this:

1. Solus hack on CVPS. Solus says they did an audit and it is not their fault;

2. Centralbackup disaster strikes. Solus can no longer say there is no exploit, it takes them HOURS, at least half a day after the disclosure to release a fix, but they do aknowledge it;

3. CVPS hacked again, Solus again sais it wasnt their fault, they claim there is no exploit, they were not notified, etc, the classical dance;

4. They release a fix after an "audit" saying there are more to come.

If there was no 4, I am sure some folks started to believe them there is no exploit and CVPS and others are lying, as I started to think maybe it is the time to bring solus back online.

In the light of these events, we are considering bringing solus back but allow only the IPs of salvatore and me to access it, as well as the billing panels.

This is beyond ridiculous, what a bunch of clowns...
Click to expand...
1. The first hack no one has published evidence on what happened.

2. That was explicit and acknowledged by Solus.

3. Solus didn't say it wasn't their fault in this 2nd hack this time around.

4. More like we and others reported the exploits.
 
M

Mun

Never Forget
ItsGermy said:
This isn't helpful. We've been down for almost 24 hours now and some sort of regular updates as to where you're at with restores and an ETA for the remaining nodes would be great.

Please don't hide behind the typical excuses of, "We don't have time to update...., We're dedicating all our resources....". Your customers need information and they need better information than, "We're working on it...."
Click to expand...

Then find a new host. You are asking way too much from Cvps_chris, and I have told him this before. You bought a service with a company with a rep. for not giving out informative updates. 

Here is a list of some other providers: http://vpswiki.us/
 
M

maounique

Active Member
concerto49 said:
1. The first hack no one has published evidence on what happened.

2. That was explicit and acknowledged by Solus.

3. Solus didn't say it wasn't their fault in this 2nd hack this time around.

4. More like we and others reported the exploits.
Click to expand...
1. In light of what happened later, does anyone need any evidence ?

2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?

3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.

4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.

The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.
 
concerto49

concerto49

New Member
Verified Provider
Mao said:
1. In light of what happened later, does anyone need any evidence ?

2. Yeah, I wonder if it was not disclosed so brutally, would it have been the same ?

3. They did, kept saying like the first CVPS hack that there is no evidence, blah-blah.

4. Yes, the audit is a another hoax like the previous audit that yielded no proof there is an explot to be blamed for cvps hack. They seem to slowly aknowledge and patch only the publicly disclosed holes, therefore, instead of condemning, I commendd the people that did this.

The way solus handled it so far makes me believe the poeple claiming their private reports were ignored. In light of latest events, soluls looks THAT bad.
Click to expand...
What's your take then? Let's collaborate and build a new panel shall we?  :lol:
 
You must log in or register to reply here.
Top
amuck-landowner