If someone has the snippet somewhere I can look it over really quick?
It's possible whatever it is, is just 'handled poorly' but if it's all internal already valid data it wouldn't cause issues.
Francisco
SolusVM Vulnerability
- Thread starter George_Fusioned
- Start date
-
- Tags
- exploit hack solusvm vulnerability
It's possible whatever it is, is just 'handled poorly' but if it's all internal already valid data it wouldn't cause issues.
Francisco
Different doesn't mean secure.
I know, but there is always a vulnerability if you use a large panel used by millions or a small panel used by 10 people. However when there are more panels its a lot more difficult for people to target a specific one. Think of it like Windows Virus's vs Linux Virus's vs Mac Virus's. Macs can get viruses but they aren't as big of a target as Windows.
Last edited by a moderator:
Linode got hacked, DO got "hacked", Hetzner did. These are just a few to name. No code is perfect because humans are not perfect. If you are online, you can get hacked/attacked any time. It is now how secure you are, it is how well you handle the situation. This is what that will set you apart and solus doing that pretty well with fast patches and updates.
Hearing from those that have seen the SolusVM decoded source code - it's pretty ugly and full of exploits everywhere. They haven't patched it for years it seems. It's just no one's decided to hack it. We'll be continuing to use Solus for a while and I wish they rehaul the whole thing.
Shados
Professional Snake Miner
The benefit an industry gets from using a variety of systems is not that any given system might be more secure, but rather that a flaw or weakness in any of the systems only affects a small subset of the industry at any given point in time, rather than all of them at once. Diversification is a fundamental survival tactic, as evolution has shown - there are very, very few surviving species that reproduce via mitosis rather than sexual reproduction.
I saw it... I have it... It's bad actually... Need the new source code to see if they patched everything... Hostbill, all I can say is I wonder if we try and send them the exploit if they're gonna charge us $75 to submit the ticket? lol (if that was out of line, I apologize)
That's the problem. Functionality is all and good, but hope there is a robust system behind the scenes.
You should charge Hostbill for doing their security audit, not the other way around
Yea, but the problem is that if it doesn't get fixed, the people that use it might get screwed up pretty bad...That's the problem. Functionality is all and good, but hope there is a robust system behind the scenes.
You should charge Hostbill for doing their security audit, not the other way around
Yet again, people are making claims about it being really bad and that there are countless vulnerabilities. Also the same people being oh-so vocal about how shit the whole situation is however none of you are bothering to tell Solus (or WHMCS, or Hostbill, or whoever) about these so-called problems you're aware of. You then get up and arms and go on a witch hunt. If you know something, TELL SOMEONE WHO CAN SORT IT. Yes, it is Solus's product. Yes, it's their shitty coding however, if you know something and don't tell them then get fucked over by some kid with a hardon then it's YOUR FAULT that it happened. You are to blame for anyone else getting screwed over too because YOU had the chance to get the problem rectified BEFORE the kidiots starting messing around.
GROW A BRAIN!!!
GROW A BRAIN!!!
I have to pay them and teach them how to do their job? It's the basics as pointed out here. As part of their pay, they should be doing the security audits and code reviews etc.
And FYI, we tried telling them, e.g. Infinity for sure has and others too.
I like them and will continue to use them, but things like breaking fqdn after an update is frankly silly. Where's the code review? Where's the testing? They released another update to patch it, but it just looks bad.
Have you bothered asking them? What good does bitching on here do?
No-one's telling you to pay them or tell them how to do their job but if you're aware of an issue it's your duty to inform them of it - not just for yourself but everyone else that uses the software.
No-one's telling you to pay them or tell them how to do their job but if you're aware of an issue it's your duty to inform them of it - not just for yourself but everyone else that uses the software.