amuck-landowner

RamNode Down?

Aldryic C'boas

The Pony
What's the beef between you two anyway?
His affiliation with the LulzSec group (and other unsavories), to put it shortly.  From http://www.guardian.co.uk/technology/2011/jun/24/lulzsec-irc-leak-the-full-record :

Jun 02 18:10:38 joepie91 uhJun 02 18:10:40 joepie91 Topiary

Jun 02 18:10:40 joepie91 ..

Jun 02 18:10:43 joepie91 that is a Frantech IP

Jun 02 18:10:48 Topiary FIREFIREFIREFIRE

Jun 02 18:10:52 Topiary FUCK YOU FRANTECH\111

Jun 02 18:10:52 joepie91 DDoS it

Jun 02 18:10:54 sabu everybody stfu

Jun 02 18:10:54 joepie91 it will disappear

Jun 02 18:10:55 storm ?

Jun 02 18:10:56 joepie91 in a few minutes
Jun 02 18:13:42 joepie91 Topiary: just a tip, Frantech has an automated nullrouting system in place. If you DDoS Laurelais IP, he will disappear from the internet for a while, and if you keep doing it he will be booted from their service.[...]

Jun 02 18:14:31 joepie91 it'll get nullrouted for ~1 hour at first I believe

Jun 02 18:14:36 joepie91 after a few nullroutes he will get suspended

Jun 02 18:14:37 joepie91 :)
I tend to take issue with someone actively trying to turn negative attention towards our network.  There are other reasons as well, but the above pretty much makes a good summary.
 

fapvps

New Member
Verified Provider
Wow...That is a pretty messed up situation, I truely hope RamNode will make a full recovery soon...
 

pcan

New Member
For a moment, I had the illusion to be back again in 1996, when you could read news like this: "15 years kid disables a service provider using its personal computer from home".

I was dreaming: almost 20 years have passed, Internet has a crucial role now, security is way better...

...or maybe not. It is precisely this type of issues that prevents the web service industry to be taken seriously on some kinds of business. Security is often neglected, and it shows. Here we have at least two major failures: a unbelievabily huge security hole on SolusVM, and lots of people that do a default install and don't remove the unused features.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
For a moment, I had the illusion to be back again in 1996, when you could read news like this: "15 years kid disables a service provider using its personal computer from home".

I was dreaming: almost 20 years have passed, Internet has a crucial role now, security is way better...

...or maybe not. It is precisely this type of issues that prevents the web service industry to be taken seriously on some kinds of business. Security is often neglected, and it shows. Here we have at least two major failures: a unbelievabily huge security hole on SolusVM, and lots of people that do a default install and don't remove the unused features.
And we also live in a world where all a 'hacker' has to do is follow a guide that is easier to follow than installing a LAMP stack or use booters to DDoS servers.
 

HalfEatenPie

The Irrational One
Retired Staff
or maybe not. It is precisely this type of issues that prevents the web service industry to be taken seriously on some kinds of business. Security is often neglected, and it shows. Here we have at least two major failures: a unbelievabily huge security hole on SolusVM, and lots of people that do a default install and don't remove the unused features.
 

Well, this is the thing.  While many industries and fields have been developing for decades if not generations, the entire "online industry" is still very young.  Because of this there's still no "normal".  Also, the very nature of the service we provide allows even a newcomer to create something new, and when given that platform (especially since the entire world is connected on such a platform) a single major flaw could create similar events as this. 

I mean we can all do much better to work on security, but I feel like this issue is far from being solved.  
 

pcan

New Member
I mean we can all do much better to work on security, but I feel like this issue is far from being solved.

I agree: this will not be solved quickly. The prevalent idea is that functionality comes well before security. The same mindset was common on other engineering branches, but things changed after some disasters that struck the imagination of the people (think of the Zeppelin, or Titanic). There has been no mayor security disaster on web tecnology.  Yet.
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
I agree: this will not be solved quickly. The prevalent idea is that functionality comes well before security. The same mindset was common on other engineering branches, but things changed after some disasters that struck the imagination of the people (think of the Zeppelin, or Titanic). There has been no mayor security disaster on web tecnology.  Yet.
 

And also the entire fact that those technologies have been around for a while.  Even in Civil Engineering we're using analysis equations developed in 1958.  
 

maounique

Active Member
There has been no mayor security disaster on web tecnology.  Yet.
I am not so sure about that. There were a lot of things leaked and probably a lot of secret stuff made it's way to terrorists or god knows who.

If the americans could install a worm in the Iranian computers that control nuclear stuff what makes us think it was not possible the other way around, that chinese will install some trojan in the dept of defense computers ? There is increasing evidence they did and one day the wars will no longer be started by the US president at the call of the US churches or corporations but by the talibans by remote control.

It is that bad, I think.
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
I feel like not a lot of people outside of the actual tech industry fully understand the importance of security.  I mean for many people it's "Ok it works, don't break it", but with servers even if it works it doesn't mean it's secure, and we do end up seeing this many times.

I mean remember CurtisG's old "live chat" system he was building?  Once he showed us snippets of the codes many people informed him how it could have been exploited.  His response was "it's not production anyways" or just "this was a quick start".  I feel like not enough stress is placed on security and sanitation of variables.  
 
Last edited by a moderator:

MCH-Phil

New Member
Verified Provider
Definitely not enough pressure is put on the importance of securing systems.  It's a very amateur thing to not sanitize input before usage.  

Security through obscurity is not security people!
 

Supicioso

New Member
Screen%20Shot%202013-06-16%20at%2010.12.01%20AM.png

Screen%20Shot%202013-06-16%20at%2010.24.06%20AM.png

As for the time zones, I think I might have been logged out. It's pretty well stated. The IP traces back to the Richmond / Seattle, WA area where he is, and the gem Aldyric just gave sort of shows us he at least ran the exploit / got the script planted.

If he actually ran the script paste a download of a DB? Not sure. Probably was a bit worried and called when he realized he got the index page replaced. But he did put the gears in motion / use his account to basically allow someone to damage RamNode.
That's not too convincing in my eyes. It's way to vague. It wouldn't fly in court, so you lot shouldn't pass it off as true until all the facts are laid out.
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
That's not too convincing in my eyes. It's way to vague. It wouldn't fly in court, so you lot shouldn't pass it off as true until all the facts are laid out.

What we do have is an understanding (proof if what Nick_A says is true) that RobertClarke did at the very least initiate the process.  

By following those directions on RamNode's installation of SolusVM, he has compromised their systems.  Now we don't have any proof that he was the individual to initiate the damage, but he's basically someone who has left the door wide open for another person to come in and wreck havoc (without proper authorization or permission to initiate this in the first place).  

We also have proof that he has tried this on another host (link: http://vpsboard.com/topic/733-ramnode-down/?p=10588 ) and he himself have stated that he initiated it on RamNode (publicly and privately from what Nick stated).  

What else do you need?  To me this is good enough information until more information is provide in the final analysis of the logs and information available.  
 
Last edited by a moderator:

maounique

Active Member
he has compromised their systems
I strongly disagree with that. He did not compromise anything, the exploit compromised every solusvm installation out there, it wasnt even needed to be released, solus was still compromised.

He only installed a tool to make it easy, granted, I dont say he is not to be blamed, he shouldnt have done that, however, you cannot honestly say someone compromised the security of your home unlocked doors if they took out the plasma TV in the yard making it easier to be stolen. Anyone could have done that, the security was compromised before this thing happening.
 
Last edited by a moderator:

shovenose

New Member
Verified Provider
you cannot honestly say someone compromised the security of your home unlocked doors if they took out the plasma TV in the yard making it easier to be stolen.
You're right, because most plasma TVs are really heavy, especially from ones a couple years old, and they'd have a hard time moving it :p
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
I strongly disagree with that. He did not compromise anything, the exploit compromised every solusvm installation out there, it wasnt even needed to be released, solus was still compromised. He only installed a tool to make it easy, granted, I dont say he is not to be blamed, he shouldnt have done that, however, you cannot honestly say someone compromised the security of your home unlocked doors if they took out the plasma TV in the yard making it easier to be stolen. Anyone could have done that, the security was compromised before this thing happening.
 

Ehh, true.

I guess what I meant to say was he made it one step easier for someone to inflict damage to their system.  In my own opinion, he initiated this entire ordeal by performing such actions.  
 

maounique

Active Member
OK, what I also mean is that whoever deleted the VPSes using that exploit is really the culprit. RK is an accessory, but not the main perpetrator if it is true he didnt delete anything, nor downloaded AND  released the DB.

He is a bright kid and I am sorry for his troubles, while there are other kids which know better, I know that knowledge does not bring responsibility in thinking and this is true for many adults too.

This will hopefully be the last lesson he needed to learn in his way to maturity.
 

Aldryic C'boas

The Pony
Ehh, true.

I guess what I meant to say was he made it one step easier for someone to inflict damage to their system.  In my own opinion, he initiated this entire ordeal by performing such actions.  
Assuming he didn't do the actual hit to begin with.  On a more amusing note, someone has been trying to use the http://code.google.com/p/slowhttptest/ tool from a couple different VPSes (I'll be emailing the providers shortly) to try and slam the exploit link with us.  Stallion doesn't have this exploit, of course... but it looks like someone paniced from my earlier posts, and was trying to fill the httpd logs and ensure their IP got trimmed out.  Too bad for them, I already saved copies of the original logs long before they tried this little tactic.  

And now you've given me additional points to hunt you from - the game begins <3
 
Top
amuck-landowner