ChicagoVPS hacked SolusVM, Bypassed Licensing, and is Running Illegal Cracked Copies of Solus

drmike

100% Tier-1 Gogent
Information has been swirling about ChicagoVPS, and SolusVM for the past two months roughly.

As some will recall, ChicagoVPS blamed Solus in the past for their hacks, and subsequent database dumps of CVPS' Solus information to the public.
See: ; and
http://www.webhostingtalk.com/showthread.php?t=1276885


Solus Labs was forced to reply to the ChicagoVPS hack, and claims of Solus being insecure. This included some form of external audit, lots of public grilling and patches.
See: http://blog.soluslabs.com/2013/06/18/statement-regarding-current-security-rumours/

What happened from the CVPS final hack (yes CVPS was hacked at least twice in a twelve month period) and CVPS' blame of Solus was legendary. Many hosts pulled their Solus panel down, and manually performed tasks for their customers. Eventually, the paranoia waned and there were hardly any related hacks (officially) to support the SolusVM vulnerability claim.

The latest wrinkle in this saga, and why we are here today is:
ChicagoVPS has hacked SolusVM. They bypassed the licensing and are running illegal unlicensed cracked copies of Solus.


I am unsure how long this lack of licensing / cracked Solus has been going on, but at least for past two months. It's likely longer than that.

Normally, I don't publish he-said / she-said hearsay. Plenty of it floats around and if not suitable as evidence in a legal setting, then not good enough as a source. That's how this license issue was presented multiple times.

I reached out to Solus Labs yesterday, hoping to get some input on the situation and some help from them to verify licensing. Idea was to get some instructions on how to independently verify licensing details (since I research many providers). Today, as-is, Solus doesn't provide an independent public license check mechanism like WHMCS does (and which many of us use).

The good news is, to all you cheapskates who have somehow bypassed that pesky $10 per server licensing, is SolusVM is currently working on a public license checker. Get licensed properly before that comes out and you get publicly shamed.

Back to ChicagoVPS, and those annoying $10 SolusVM licenses. A Solus representative said, and I quote:
“... we do not have any active licenses for the company you mentioned [ChicagoVPS]. Hope this helps!”
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
Also, not that anything surprises me nowadays in this industry... but for sake of this not being seen as 'made up', care to post proof of communication with Solus? Screenshot of ticket or something?
 

drmike

100% Tier-1 Gogent
With the IP specific,  I assume the Solus guys would note a new license issuance there (same IP) or overlapping details (company, sub company, address info physical, etc.).  They've been at this a long while and savvy enough not to trip up like that.
 

Artie

Member
Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.
 

SkylarM

Well-Known Member
Verified Provider
Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.
IF ChicagoVPS is running a nulled/older version of Solus, and then they got hacked after the initial exploit (Ramnode got hacked during this "initial" exploit), then I care a great deal. People took their Solus offline after the initial hack, brought it back online when given the "all clear", and then ChicagoVPS got hacked so it very promptly went back offline for the vast majority of providers for an extended period of time. ChicagoVPS directly caused quite the workload for hosts, and a lot of unnecessary scrambling if this turns out to be the case.

Edit: I'd like to specifically note the IF part. Based on the fact that cVPS happened to get hacked long after a solus update was available makes me very inclined to lean in buffa's favor on the facts, but without total proof I'd like to err on the side of speculation.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Interesting wrinkle @SkylarM.

Brings to mind the question if CVPS was licensed at the time of the "hacks".  Officially, they claimed two of those.  And if Solus was current version.

If only it only cost $10...
Not to pick on anyone, but $10 on a modern server per month?   I'd say lightly loaded providers probably are packing ~80 containers on an E3 32GB box. 80 x estimated income per = ???.

We saw what CVPS WAS doing at time of hacks.  They had hundreds of containers on a server.   If I kindly say 200 containers at $2 income each = $400 income a month.     Solus costs on that 2.5% of income a month.

Seems silly, shall we call it cheap, to really feel too pinched by a mere $10 spot.

Even at 150 servers we are talking about $1500 a month.   Nice chunk, but nothing big picture.

Now if you were cutting $10k a month to Solus naturally, you'd roll your panel as cost justifies/breaks even (given project goes as planned and inside of 2 years delivered/perfected).
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
Whatever happened to the custom panel they are/were working on? Does CVPS still use Solus, or are they only using parts of it?
 
Last edited by a moderator:

jarland

The ocean is digital
Why do you guys care? It seems the only one who should care is Solus Labs, who's obviously loosing revenue.
Easy. Just think of the marketing you could do to their supposedly large client base.


"We pay our bills"


"We plan on being around longer than the time it takes to get caught cheating our license providers"


Lots of people would care with good reason :)
 

DomainBop

Dormant VPSB Pathogen
.

If only it only cost $10...
ChicagoVPS is the largest low end provider and their low end market share is over 50% (source: ) so they would be spending considerably more than $10 for licenses for their hundreds thousands of nodes.
 
Top