Jump to content


Photo

ChicagoVPS / CVPS Hacked. New SolusVM exploit? [PT 2/2]


  • Please log in to reply
209 replies to this topic

#1 Magiobiwan

Magiobiwan

    Insert Witty Statement Here

  • Verified Provider
  • PipPipPipPip
  • 342 posts

Posted 18 June 2013 - 02:25 AM

NOTICE

 

EDIT: Original thread content here: http://vpsboard.com/...vm-exploit-pt-1

 

The thread had to be split into two after some errors. All original posts have been restored in that thread. Further discussion can be had within this thread.

 

-MannDude

 

(Sorry Magiobiwan, could not remove your post as it's the first one so I had to edit it to display this message)


Edited by MannDude, 01 July 2013 - 05:19 AM.
Trying to fix stuff.

https://bluevm.com BlueVM | KVM and OpenVZ | Feathur Control Panel | 1Gbps Network | RAID 10 | 8 Locations | Low Prices!

Service in Zurich, Atlanta, Buffalo, Dallas, California, Kansas City, Chicago and New Jersey.


#2 zero

zero

    New Member

  • Members
  • PipPip
  • 24 posts

Posted 23 June 2013 - 12:22 PM

My Status update;

 

LA - Dont answer ping still down

AT - Still ping reply and empty vps, no data

Chicago 1 -  Still ping reply and empty vps, no data

Chicago 2 -  Still ping reply and empty vps, no data

 

CVPS cant answer the tickets. I fight my clients on the phone. 

 

CPVS dont care how about us ...

 

Thank you CPVS you push us in to dark.



#3 Gary

Gary

    New Member

  • Members
  • PipPip
  • 31 posts

Posted 23 June 2013 - 01:03 PM

I fight my clients on the phone.

 

What? You have clients hosted on these VPSes, and you're making them wait instead of bringing whatever it is that you're hosting up on other VPSes?

 

Apart from the fact that you're hosting things for clients on crappy budget VPSes, which is bad enough, you don't have a disaster plan, seriously?



#4 Mun

Mun

    Put something here

  • Members
  • PipPipPipPip
  • 755 posts

Posted 23 June 2013 - 01:05 PM

@zero

 

Try these guys out: http://catalysthost.com/

 

Review: http://www.lowendhel...st-host-review/

 

Mun


http://www.gaming-servers.net   http://www.lowendhelp.com  http://www.vpswiki.us/

 

Transparency: I work for no one!

 

HEP <3  


#5 MannDude

MannDude

    Free shrugs

  • Administrators
  • 2788 posts

Posted 23 June 2013 - 01:07 PM

Hey everyone, we're aware some (like 500) posts have disappeared from this thread.

 

Basically, a ton of threads got 'archived' due to bad settings when the feature was enabled. It caused threads like this to not allow new posts, but ALL 30+ pages of posts in the thread were still viewable. After UNarchiving it, the posts disappeared. They still exist in the DB, from what I am aware (and I have backups anyhow), so trying to explore options on how to restore this thread so the content that existed several hours ago is inserted back.


  • MannDude
  • Join us on IRC // [   irc.freenode.net #vpsboard    ] or [    IRC Web Chat: Click Here   ]
  • NOTE: I get a lot of PMs. Sorry if I do not respond immediately. Some I wait until the end of the week to respond to when I have the time to do so!

#6 drmike

drmike

    Never forget: Kevin Hillstrand... and I live in the famous state

  • Members
  • PipPipPipPip
  • 4340 posts

Posted 23 June 2013 - 02:01 PM

So, who is still down at ChicagoVPS?  Everyone get their accounts sorted out?



#7 bellicus

bellicus

    Registered Lurker

  • Members
  • Pip
  • 7 posts

Posted 23 June 2013 - 02:13 PM

So, who is still down at ChicagoVPS?  Everyone get their accounts sorted out?

All 3 of my vps's are online since lastnight. no restore needed on any of them.



#8 drmike

drmike

    Never forget: Kevin Hillstrand... and I live in the famous state

  • Members
  • PipPipPipPip
  • 4340 posts

Posted 23 June 2013 - 02:18 PM

All 3 of my vps's are online since lastnight. no restore needed on any of them.

 

0-for-3 = 0% success rate. :(

 

Were you on different geographic nodes and still managed this? 



#9 cvps_customer

cvps_customer

    Registered Lurker

  • Members
  • Pip
  • 5 posts

Posted 23 June 2013 - 02:27 PM

VPS's are up but still waiting to have my data restored from Central Backup. I'm curious if anyone has actually had their data restored yet?



#10 upsetcvps

upsetcvps

    VPS Hobbyist

  • Members
  • PipPipPip
  • 53 posts

Posted 23 June 2013 - 02:29 PM

I asked this before the posts got wiped, but would anyone mind posting the fingerprint for your server's public key if you have a fresh cvps openvz container with debian squeeze?  Also, what was your hostname on the fresh install?  Was it "test1"?  The fingerprint is what you see when you first connect to your server and you can obtain it afterwards by doing:

 

 ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key


Once this is all cleared up we take even more precautions and higher security so this will never happen again, along with finding a new Control Panel.

Regards

The ChicagoVPS Team


#11 bellicus

bellicus

    Registered Lurker

  • Members
  • Pip
  • 7 posts

Posted 23 June 2013 - 02:43 PM

Yep, I forgot what buf nodes i'm on But i have 2 on buf and 1 in chi.



#12 mnsalem

mnsalem

    New Member

  • Members
  • PipPip
  • 35 posts

Posted 23 June 2013 - 03:05 PM

My VPS on BUF19 (if tis still there and not moved to another host) is online and was restored from a backup since early morning my time .. which is about 4 AM GMT time



#13 zero

zero

    New Member

  • Members
  • PipPip
  • 24 posts

Posted 23 June 2013 - 04:05 PM

My VPS on BUF19 (if tis still there and not moved to another host) is online and was restored from a backup since early morning my time .. which is about 4 AM GMT time

 

you are a lucky guy pray it :)

 

I'm still waiting for restore



#14 zero

zero

    New Member

  • Members
  • PipPip
  • 24 posts

Posted 23 June 2013 - 04:08 PM

@zero

 

Try these guys out: http://catalysthost.com/

 

Review: http://www.lowendhel...st-host-review/

 

Mun

 

I learn my lesson. I dont buy anymore vps.

 

not Anyone not anywhere ...



#15 Drar

Drar

    Registered Lurker

  • Members
  • Pip
  • 4 posts

Posted 23 June 2013 - 04:26 PM

Rant

 

Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.

 

I opened multiple tickets since Day 1 asking them about the status of the data on my VPS and all I got is just canned response... After almost 6 days of giving out false hopes they will eventually tell me that my all data is unrecoverable and I need to restore using my own backups. BS Level to the max!!!

 

If only they will just be outright honest from Day 1 and inform the clients that they don't have weekly backup configured for my VPS (LA19) and the Central Backup of my VPS is lost as well then I can go ahead and make my own contingency plan.

 

 

 

6/23/2013

Hello,

Unfortunately backups for your container from our master backup repository are not available. If you utilized our free Central Backup feature to create a restore point for your service we can backup from that data. If you did not utilize that free service we do not have backups and will be unable to restore any of your data.
---------
Luc Ayotte
ChicagoVPS Support Tech
layotte@chicagovps.net

 

 

6/24/2013

Hello,

It looks like there was a corrupted file in your backup, this is making it so the files cannot be extracted. All we can do is give you a fresh VPS.
---------
Luc Ayotte
ChicagoVPS Support Tech
layotte@chicagovps.net

 

 

Back in 5/5/2013 I opened a ticket asking them if the weekly backup of my VPS is enabled or do I need to request for it and here is what they said:

 

5/5/2013

Hello,

We do this by default to all our nodes.
---------
Luc Ayotte
ChicagoVPS Support Tech
layotte@chicagovps.net

 

 

I will be looking for a new provider now and will leave Chicago VPS for good! God I hate those $%#^$%%$!!

As soon as I am done with my sites I swear I am gonna take time to warn everybody to stay away from this incompetent host!

 

/Rant



#16 drmike

drmike

    Never forget: Kevin Hillstrand... and I live in the famous state

  • Members
  • PipPipPipPip
  • 4340 posts

Posted 23 June 2013 - 04:55 PM

Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.

 

Wow.  That is bad.

 

That node was being backed up to server with Colocrossing in Los Angeles on a weekly basis (198.23.250.202):

 

 

select * from nodes where hostname like 'la-vps19%';
+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+
| nodeid | name | ip             | hostname                | idkey                                    | password                                                         | country | city        | port | status | type   | arch   | loadlimit | gziplimit | swapalert | cpualert | logmon | kernelmon | lvm | hvm | rootdevice | ftpip          | ftpusername | ftppassword                              | ftpport | ftpdir | ftpbackup | ftpfreq | ftpexc | ftphour | ftpminute | ftpday | ftprota | ftpmonth | ftptmpdir | ftpiop | ftpioc | ftpnice | ftptmpxendir | ftpvzbt | ftpxenbt | ftppassive | vnclisten | fname             | intipgateway | intipnetmask  | inipbridge | slvconnection | intcheck | licensetype | ntfsioenable | ntfsn | ntfsc | kvmbridge | kvmemu                | maxvps | locked | groupid | maxmem     | maxdisk    | xentoolstack | pvdhcp | ebtables | paeoverride | userate | vswap | publicnic | publicnetspeed | kvmguestcache | pxeenabled | pxeipaddress | pxefilename | osversion | ipv4incount | ipv4outcount | vzextras | vztun | vzppp | ftppbzipuse | ftppbzipthread | ddblocksize | consoledisable |
+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+
|    143 | la19 | 198.46.137.130 | la-vps19.chicagovps.net | LEUPHSN0WFE5JYL6FYZ5NBT4YC2QANCZ687EGJR4 | +kPKJvpZPHQmyu4Tjf3D2ZR347W5Zen9pv7r2NONEU4MJdUeQoQSM/fCBRXCPr4= | USA     | Los Angeles | 4022 | Active | openvz | x86_64 |        20 |       100 |         1 |        1 |      1 |         1 |     |   0 |            | 198.23.250.202 | backup      | 3UvWT+xRTMy7QsLrHCuqxMFdEqg9l038i7ITSg== |      21 | /      |         1 |       2 |        |       7 |         0 |      4 |       1 |        1 | /vz/dump  | 4      | 2      | 19      | /tmp         |       1 |        1 |          1 |         0 | Los Angeles VPS19 | 10.0.0.1     | 255.255.255.0 | xenintbr0  |             1 |        0 |           0 |            0 |     0 |     2 | br0       | /usr/libexec/qemu-kvm |    135 |      0 |       6 | 2147483647 | 2147483647 |            0 |      0 |        0 |           0 |       0 |     1 | eth0      |            100 |               |          0 | 127.0.0.1    | pxelinux.0  |         6 |           0 |            0 |        0 |     1 |     1 |           0 |              1 |        4096 |              0 |

+--------+------+----------------+-------------------------+------------------------------------------+------------------------------------------------------------------+---------+-------------+------+--------+--------+--------+-----------+-----------+-----------+----------+--------+-----------+-----+-----+------------+----------------+-------------+------------------------------------------+---------+--------+-----------+---------+--------+---------+-----------+--------+---------+----------+-----------+--------+--------+---------+--------------+---------+----------+------------+-----------+-------------------+--------------+---------------+------------+---------------+----------+-------------+--------------+-------+-------+-----------+-----------------------+--------+--------+---------+------------+------------+--------------+--------+----------+-------------+---------+-------+-----------+----------------+---------------+------------+--------------+-------------+-----------+-------------+--------------+----------+-------+-------+-------------+----------------+-------------+----------------+ 

 

 

If you send me you email address, I'll look to see if your backup ever ran for centralbackup.  This is a manual backup you would have performed yourself and SolusVM logs that activity in the database.



#17 lulzsecurity

lulzsecurity

    New Member

  • Banned
  • PipPip
  • 20 posts

Posted 23 June 2013 - 06:22 PM

well, they deserved it.



#18 Tactical

Tactical

    Where is the beer!

  • Members
  • PipPipPipPip
  • 181 posts

Posted 23 June 2013 - 06:34 PM

Rant

 

Wow the clowns over at Chicago VPS just notified me that they don't have the weekly back up of my VPS and my "Central Backup" is "Corrupted" so they will just give me a fresh VPS instead.

 

I opened multiple tickets since Day 1 asking them about the status of the data on my VPS and all I got is just canned response... After almost 6 days of giving out false hopes they will eventually tell me that my all data is unrecoverable and I need to restore using my own backups. BS Level to the max!!!

 

If only they will just be outright honest from Day 1 and inform the clients that they don't have weekly backup configured for my VPS (LA19) and the Central Backup of my VPS is lost as well then I can go ahead and make my own contingency plan.

 

 

 

 

 

Back in 5/5/2013 I opened a ticket asking them if the weekly backup of my VPS is enabled or do I need to request for it and here is what they said:

 

 

I will be looking for a new provider now and will leave Chicago VPS for good! God I hate those $%#^$%%$!!

As soon as I am done with my sites I swear I am gonna take time to warn everybody to stay away from this incompetent host!

 

/Rant

 

I understand your frustrations. But overall its your responsibility to backup your data. Im sorry this did happen though. Maybe just take it as a lesson to keep daily backups offsite if your information is that valuable.  Then keep backup of those backups. 



#19 jer

jer

    New Member

  • Members
  • PipPip
  • 17 posts

Posted 23 June 2013 - 08:53 PM

Wanted to let all know I'm still down.. wrong IPs, wrong OS, and I can't log into it.

 

I'm surprised no one has started a Consumer Awarness / Advocacy  group, for others.


I must go.. for I am their leader, and they have gone.


#20 drmike

drmike

    Never forget: Kevin Hillstrand... and I live in the famous state

  • Members
  • PipPipPipPip
  • 4340 posts

Posted 23 June 2013 - 10:02 PM

I'm surprised no one has started a Consumer Awarness / Advocacy  group, for others.
 

 

Well, I've done my part, more than anyone else :)

 

Best bet is to file with CVPS for account credit.  Me, I'd be interested in something more than one month since some of you were victimized twice inside one year with your account info being put out in public.

 

There are privacy concerns generally with a breech.  I'd be pursuing some remedy (i.e cash) for being outed as a customer and details of your account having been made public.  There exists other data in the dump that might also show your home/business ip address which could be concern to some.

 

ChicagoVPS boasts of being a BBB (Better Business Bureau) member.   The BBB handles unresolved issues and claims from customers put into weird situations like this:

 

http://www.bbb.org/u...tr-ny-235967102

 

There you can see CVPS' BBB record and details of one of the complaints.  You can also file a complaint there.