amuck-landowner

ServerCrate compromised

joepie91

New Member
Hello Sven,

We regret to inform you that on Monday March 3rd at 10:16PM PST our systems were compromised. ServerCrate staff reacted quickly to the intrusion, shutting off our network to locate a point of entry in our systems, which has since been found. Unfortunately 3 VZ nodes were wiped in the intrusion, we were able to recover data from DALSSDVZ1 and DALSSDVZ2, but backups had to be restored onto DALSSDVZ5. All VPSs are up at this time, if your VPS is having issues or is offline, please submit a support ticket: https://billing.servercrate.com/submitticket.php


If you have a Minecraft server with us, we're looking into issues with a few Minecraft servers being down at this time.

We recommend clients immediately change their client area login passwords: https://billing.servercrate.com/clientarea.php?action=changepw

We also recommend that clients change any root passwords that would have been sent when you when you initially purchased from us.

We’ll be doing a thorough audit of our backend systems over the next few days, and will be monitoring carefully for any additional signs of intrusion. We’ll be keeping Multicraft and SolusVM access limited while we look into this issue further, and for additional client security.

ServerCrate appreciates your patience while we deal with this situation, if you have any questions regarding this intrusion, please don’t hesitate to get in touch: https://billing.servercrate.com/submitticket.php

Regards,

-- ServerCrate
 

drmike

100% Tier-1 Gogent
Poor Solus, always getting blamed.

It's like the new DDoS excuse for providers.

Could be true though :)   Surely they had compromises in the past.  It is software after all and a piece that every lowend* e-hoodlum sitting in mom's basement drolls about exploiting.  

My question is:  What was the nature of the attack and how was it detected?
 

Aldryic C'boas

The Pony
It was not SolusVM.  I can't disclose at this time what it was though.
So now the upstream is involved - that makes me wonder if the issue took place above Clarke's level of access.  Or is this a GVH situation, where you're just making commentary on behalf of a business relation?
 

kaniini

Beware the bunny-rabbit!
Verified Provider
So now the upstream is involved - that makes me wonder if the issue took place above Clarke's level of access.  Or is this a GVH situation, where you're just making commentary on behalf of a business relation?
Centarra itself is not involved.  I am personally involved as I was hired, independently, to do the audit.

Centarra does not provide security services, but I would have figured you guys already knew that I do on the side.
 

Francisco

Company Lube
Verified Provider
Centarra itself is not involved.  I am personally involved as I was hired, independently, to do the audit.

Centarra does not provide security services, but I would have figured you guys already knew that I do on the side.
I do, but probably not Ald :p

Fran
 

Aldryic C'boas

The Pony
You figured correctly.  My comment served the double purpose of rolling my eyes at another 'company' (just can't help myself there), as well as allowing you to clarify the situation before rumours started.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Well, to clarify, Centarra's only involvement was acting on feedback from Robert concerning what he wanted done with his VLAN, during the intrusion, as well as facilitating remote hands (basically moving his Lantronix KVM around from node to node) to enable investigation, containment and mitigation of the intrusion.
 

Virtovo

New Member
Verified Provider
Recovering backups can sometimes just mean that those nodes were not nuked.  The provider then puts on some spin that they managed to save the day for at least some of their clients.  Not saying it happened in this case.  Why do I not see Servercrate advertise anywhere?
 
Last edited by a moderator:
Top
amuck-landowner