I might be slightly late to the party, but I personally have negative opinions about RobertClarke, and this is why.
1. RobertClarke has been known to be involved in some pretty shady things and to roll with pretty shady individuals. In addition, while on paper he may seem "reasonable", I have several logs of him being disrespectful and harassing individuals whom I personally respect (e.g. Nick_A from RamNode).
2. I was online on IRC during the period the Solus exploit was released. I witnessed (and have logs) RobertClarke confirming the exploit. I believe he stated he targeted someone else's installation of Solus to confirm the exploit. He then continuing to ask who else runs SolusVM (I will admit at that time I was unaware of what specifically was going on because I was performing my own investigations).
3. We receive confirmation that RobertClarke has attempted the exploit on several other hosts, as well as CVPS. Is this for malicious intent? We don't know. But we do know that RobertClarke initiated the script to start the exploit of the Solus script.
Now, I'm not sure if he himself initiated the code to delete the nodes, but I do find him on the negative side of the fence for initiating it. I'm not saying Pen-testing is bad, but I find it unacceptable for him to break the lock on a door and then let someone else (or himself) in. As far as I'm concerned, he compromised the security of the company and their clients with his "testing", especially with a vulnerability that was going to become "popular" due to the amount of press it received.
If you want to test someone's system, that's fine. I'd suggest you contact the individual you're targetting and/or the provider you're targetting first to get the "ok" (even on a VPS "testing" DDoS in my opinion in unacceptable as it may affect the services of the other clients on the same node). RobertClarke received no agreement or the "yes" to test each provider's Solus installation, again why I dislike him and his operation.
Really, for anyone else who wanted to "test" their provider's Solus with each new exploit, please don't. Contact their support department and ask if they've taken care of the security exploit. It's their job to make sure Solus's exploits are taken care of, and not your job to "test" their security. Regardless it should be seen as a malicious attempt (because it was an attempt to compromise the provider's systems regardless of the intentions) and you even as a client should not have been there to begin with.
Unrelated to the entire DDoS debate,
@manacit, I apologize but in my perspective you're not this "protector of the underdogs" or "defender of those who can't", but instead an individual who doesn't understand the full situation yet. I mean obviously you and I will have different opinions on different topics (or this one too) and that's fine, but I'd like for you to please understand the situation before criticizing or attempting to back-hand complement other members here.
-Pie's Brain Garbles
