amuck-landowner

RobertClarke/Server Crate back ?

manacit

New Member
Anyone good at making a DDos? I need to do some "testing" on a 128MB DDOS protected server. >_>

Mun
Because that's *exactly* the right thing to do, more DDoSing? Seriously? Does that even make you any better than Robert (no), maybe we should ban you for openly threatening to DDoS another provider here - even if it *is* a joke.

I'm seriously tired of this - before anyone accuses me of shilling or anything, I have a RamNode, it was down due to the attack, I wasn't exactly happy about it. Can we all get over it?

Jumping at him and posting in his WHT thread aren't going to do ANYONE good at ALL. Threatening to DDoS him won't do ANY good. We don't even know if he did anything other than run the cursory script to test the exploit. I know when the kernel exploit came out a few months ago, I ran it in one of my openvz vpses because I hadn't heard whether it worked or not, and I wanted to let everyone know (in private) if it did. Some providers were threatening to suspend service for that - was I any more guilty than him? Maybe not.

This is why this community is so damn annoying - everyone acts just about as mature as a 16 year old, you're all just to immature to notice that standing on your stupid self-erected pedestal about this issue isn't helping anyone. Grow up. 
 
Last edited by a moderator:

Nick_A

Provider of the year (2014)
I'm hopeful WHT doesn't want someone like that taking part in their community since his presence reflects negatively.
 

Mun

Never Forget
Because that's *exactly* the right thing to do, more DDoSing? Seriously? Does that even make you any better than Robert (no), maybe we should ban you for openly threatening to DDoS another provider here - even if it *is* a joke.

I'm seriously tired of this - before anyone accuses me of shilling or anything, I have a RamNode, it was down due to the attack, I wasn't exactly happy about it. Can we all get over it?

Jumping at him and posting in his WHT thread aren't going to do ANYONE good at ALL. Threatening to DDoS him won't do ANY good. We don't even know if he did anything other than run the cursory script to test the exploit. I know when the kernel exploit came out a few months ago, I ran it in one of my openvz vpses because I hadn't heard whether it worked or not, and I wanted to let everyone know (in private) if it did. Some providers were threatening to suspend service for that - was I any more guilty than him? Maybe not.

This is why this community is so damn annoying - everyone acts just about as mature as a 16 year old, you're all just to immature to notice that standing on your stupid self-erected pedestal about this issue isn't helping anyone. Grow up. 

1) I said "testing" for a reason.

2) How would this make me any worse then I already am. I run a gaming network. (I am allowing small boys to play with killing)

3) Go ahead and ban me :)

4) Who said it was a joke..... NM

5) Hey I have a RAMNODE too, and my client info is now floating around the internet somewhere.

6) So standing back and watching as multiple people buy a service from a person who just leaked and damaged multiple companies would be a better solution?

7) I wasn't threatening, I want to "test" his DDOS functionality for a "review".

8) .... and then leak the database to the internet.

9) facedesk, so its okay to test to see if you can delete all the nodes, for testing purposes, then why can't I test his DDOS functionality.

10) I am 16, and so is Robert. XD

11) Im working on growing up right now, every year that goes by I mature 1 year.

12) Where is the pedestal, I want one.... MOMMMMY!

Mun 
 
Last edited by a moderator:

manacit

New Member
Stuff

Mun 
Most of this doesn't even warrant a response - I think we all know that "testing" DDoS protection and "testing" for an exploit so you can warn someone asap before it's taken advantage of are two very different things. I'm not even the only person that said this. 

You're assuming that Robert deleted the nodes and leaked the data, can we at least stick to what we know? I'm not even sure where you're getting half of the crap you're saying. Your age shows. 

None of this is doing any good for anyone, grow up. 
 

Aldryic C'boas

The Pony
We don't even know if he did anything other than run the cursory script to test the exploit.
He attempted the exploit on other providers as well, including those he had no reason to "helpfully warn" (including us, and yes I have proof).


Some providers were threatening to suspend service for that
I think that was just us, actually. And aye, I did threaten termination on the folks that tried it discreetly (ie - tested without saying anything) - the clients that immediately opened a ticket with us afterward asking if they should be concerned were profusely thanked for the heads-up, and assured that Stallion was not vulnerable to that exploit.
 

manacit

New Member
He attempted the exploit on other providers as well, including those he had no reason to "helpfully warn" (including us, and yes I have proof).


I think that was just us, actually. And aye, I did threaten termination on the folks that tried it discreetly (ie - tested without saying anything) - the clients that immediately opened a ticket with us afterward asking if they should be concerned were profusely thanked for the heads-up, and assured that Stallion was not vulnerable to that exploit.
Correct me if I'm wrong - did he not  have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?

You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets? 
 

Mun

Never Forget
@manacit

What I find really funny about you is how ironic you can be.

"I know when the kernel exploit came out a few months ago, I ran it in one of my openvz vpses because I hadn't heard whether it worked or not, and I wanted to let everyone know (in private) if it did."

Thus it is okay for you to test something and not me. I have been fully joking other then for the fact that robert did run the exploit, but I don't know if he actually did delete the nodes. He is probably going to be charged by Nick_A and I really hope Nick wins. 

You should google "forum troll" as that is what I like to do. I want people to laugh and giggle since we are all generally stressed. 

You may still find it wrong for me to "threaten" robert with a DDOS, but I find it wrong for him to leak my personal data to the internet. That is one reason people were able to find that he did it. It showed who dumped the database.

Yours Truly,

Mun

P.S. laugh some more :)
 

jarland

The ocean is digital
Correct me if I'm wrong - did he not have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?


You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?
Correct me if I'm focusing on the wrong detail but did you sign up here to defend Robert Clarke? I know you signed up a while ago but 100% of your posts go to...
 
Last edited by a moderator:

Mun

Never Forget
Correct me if I'm wrong - did he not  have service at the time (or wasn't it very recently terminated?). It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked, so he moved on to another one to see. I'm not indicating that this is definitely what happened, but it's certainly possible, no?

You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets? 

Then why can't I test a DDOS? He tested a security exploit. I want to test his DDOS protection :)

Mun
 

Aldryic C'boas

The Pony
Correct me if I'm wrong - did he not have service at the time (or wasn't it very recently terminated?).
You're correct - his service with us had ended several days prior.


It stands to reason he would test to see if it worked - especially if he tried it on your system first, where it wouldn't have worked
An interesting way of looking at it - except that he knew we didn't run Solus, and had no reason to be trying to run exploits on our system at all.


You do have every right to terminate people who try to maliciously exploit your services, Robert claims he immediately attempted to contact Nick regarding the exploit, isn't that the same thing people were doing by opening tickets?
You may have misunderstood me there - yes, he claims to have contacted Nick. He never contacted us. And the clients that did try to test it on us and then ticketed to let us know were thanked, not punished, for bringing it to our attention. I took issue with the folks that tried to run the exploit without even admitting to it until confronted (and one of them even tried to deny doing so, all the while replying from the same residential IP the exploit attempt originated from).
 

notFound

Don't take me seriously!
Verified Provider
Any response? Looks like the WHT mods removed the posts about his attacks on other providers.
It was in the Premium Members chat thread, but it doesn't seem like there is any proper response yet (only from a Community Liason, whatever that is):

9Nyc06X.png
 
Last edited by a moderator:

manacit

New Member
Then why can't I test a DDOS? He tested a security exploit. I want to test his DDOS protection :)

Mun
Since you seem hell-bent on getting me to answer this question, I'll take a stab at it.

There's a world of difference between running an exploit that has absolutely no known side-effects other than allowing you root access to the machine that you run it on and a DDoS attack. I made sure I examined the source along side the explanation before I ran it. I took a gamble that it wouldn't crash and burn an entire node worth of VMs because no one had encountered that problem running it on any other system (and, in fact, I tried it locally in virtualbox before I even tried it on a openvz VM).

A DDoS, on the other hand, is an inherently malicious attack that, if successful, will have a negative impact on a significant amount of people aside from yourself (where as even if my testing had completely ruined MY VM, I would be the only person affected). You and I both know that your original post, while a joke/troll, was using the word "testing" as a euphemism for trying to take down his network. 

I'm not even the only person in the thread that's brought this up. I know you're trolling, most of my initial post wasn't even directed at your stupid and frankly mediocre forum trolling, but now that you're pestering, I might as well reply so I can further my point.

@Aldryic: It is curious that he tested it on you when he knew you didn't even run solus at all - I'm not sure I can explain that. It's also probably why he didn't contact you (maybe he realized how dumb it was to try a solus exploit on non-solus software, heh). I'm only operating under the pretense that he isn't lying when he said he attempted to contact Nick, I have no insider information, but I hate seeing a witch hunt. 

My only point was that you did thank the people that tried the exploit and then contacted you about it - which is what Robert claims to have done as well - an action that would generally (and, clearly, has in the past) cause the doer to receive praise, not hate. 

@jarland: I figured someone would bring this up eventually - I'm not here to solely defend Robert, I just generally don't post. You can see my LET account: http://www.lowendtalk.com/profile/21154/manacit (though I've been lurking for far longer) and my WHT account: http://www.webhostingtalk.com/member.php?u=183526 (joined '07, eek!). I just feel bad for the dude, and I want to combat the utter, ahem, immaturity of this community a little bit. 

In fact, by posting this, I'm probably pissing off Nick_A, who I really like a lot (sorry).  
 

Aldryic C'boas

The Pony
There's a world of difference between running an exploit that has absolutely no known side-effects other than allowing you root access to the machine that you run it on and a DDoS attack.
The catch about the exploit though is that it doesn't just give -you- access... it gives ANYONE root access. If all he had done was test the vulnerable file itself, that would've been one thing. He effectively root kitted the box and left it WIDE OPEN for the next person to come along and wipe out the nodes... that's of course operating under the assumption that he didn't actually cause the damage himself (given his history, that's something that most of us are rather skeptic on). Besides, why would a "provider" (and I use that term VERY loosely) go around 1) running code when he doesn't know what it does, and 2) do so on other people's gear.


My only point was that you did thank the people that tried the exploit and then contacted you about it - which is what Robert claims to have done as well - an action that would generally (and, clearly, has in the past) cause the doer to receive praise, not hate.
If Robert claimed to have contacted us, that was a dead lie. His first comment on the issue was AFTER I disclosed that I caught his IP trying to exploit us as well, and even then the 'explanation' did not add up with the other excuses he was giving (the most prominent being that he was "just testing SolusVM providers he had service with"). Not only did he not have service with us, his parting as a client was less than amicable: given how he generally behaves, one could very easily conclude that his exploit attempt on us was 100% malicious in nature.


I just feel bad for the dude,
From an outside perspective, 100% understandable. But it would be worth looking into _why_ he's so disliked as well... generally speaking, you have here a community mostly full of respected providers, tech-heads, and freelancers. We're not exactly HackForums, and we're not going to just sit and unload on someone for no reason.
 

manacit

New Member
The catch about the exploit though is that it doesn't just give -you- access... it gives ANYONE root access. If all he had done was test the vulnerable file itself, that would've been one thing. He effectively root kitted the box and left it WIDE OPEN for the next person to come along and wipe out the nodes... that's of course operating under the assumption that he didn't actually cause the damage himself (given his history, that's something that most of us are rather skeptic on). Besides, why would a "provider" (and I use that term VERY loosely) go around 1) running code when he doesn't know what it does, and 2) do so on other people's gear.

I was assuming he'd only admitted to running the GET request and not using rofl.php - if it was the latter, it's definitely different, I do agree with you. Either way, I'm not in any way saying it was a good decision to run code that you haven't vetted yourself (although I was under the impression he didn't use rofl.php at all, which would make examining the code very possible). It could be reasoned that he was just trying to be responsible and telling his fellow companies that they were vulnerably.

If Robert claimed to have contacted us, that was a dead lie. His first comment on the issue was AFTER I disclosed that I caught his IP trying to exploit us as well, and even then the 'explanation' did not add up with the other excuses he was giving (the most prominent being that he was "just testing SolusVM providers he had service with"). Not only did he not have service with us, his parting as a client was less than amicable: given how he generally behaves, one could very easily conclude that his exploit attempt on us was 100% malicious in nature.
As far as I know he never tried to contact you, maybe because he realized how stupid it would look to have tried an exploit on non-solus system. He behaves impulsively and sometimes inappropriately, I will admit, but whether or not everyone wants to admit it, they ARE jumping to the conclusion that it was completely malicious in nature.

From an outside perspective, 100% understandable. But it would be worth looking into _why_ he's so disliked as well... generally speaking, you have here a community mostly full of respected providers, tech-heads, and freelancers. We're not exactly HackForums, and we're not going to just sit and unload on someone for no reason.
I've been here for the DDoS attacks and whatnot, the (annoying) Georgia/Nick trolling, etc. I will admit he brings it on himself on occasion, I just don't like seeing someone get torn apart like this without any defense. Call it me sticking up for the underdog.
 

Mun

Never Forget
So attacking a server so that it can be seen from the outside world is NOT OKAY, but compromising a system so that you can get root on a node is? I would rather have a DDOS any day.

Mun

P.S. From my recollection, though I can't find it this sec, robert did run rofl.php.
 

mikho

Not to be taken seriously, ever!
Texteditor posted in that WHT thread about what happened before (Roberts involvment) and that post was removed.


EDIT: here's to me for leaving a window open for to long before replying.
 
Last edited by a moderator:
Top
amuck-landowner