Portal Home > Knowledgebase > Articles Database > Kudos for RamNode!
Kudos for RamNode!
| Posted by FiberFy, 06-16-2013, 11:05 AM |
| Hello WHT Addicteds!
Well, I wrote this thread to express my complete happiness with RamNode. I know that RamNode was hit today with a 0day SoluSVM exploit but that's precisely the reason why I just wrote this.
I want to congratulate Nick and his team for coming back so fast.
I own 3 VPS, they were all offline when I woke up, but I'm very glad to see that Nick is indeed getting the nodes back up, running at full speed, 2 of my VPS are now online.
I'm sure some of you may be pissed off with the downtime/situation, but I that, in this situation, we should also congratulate for the work and fast speed involved to get all the nodes online once again.
Thank you RamNode!
|
| Posted by MostlyVirtual, 06-16-2013, 11:06 AM |
| I second that.
|
| Posted by doughnet, 06-16-2013, 11:18 AM |
| They are a great company. In this post it says a lot of information was taken/breached.
http://www.webhostingtalk.com/showpo...5&postcount=23
Don't really feel safe using them anymore.
"Yes. ~5000 VM logins compromised, ~55 host nodes IP, SSH port, ID key password, and their entire client database leaked."
guess this means ID key passwords/client database, VM logins, etc etc ... sad. i wonder why they haven't even sent out customer e-mails informing about the issues and that our entire personal information is leaked out.
|
| Posted by MostlyVirtual, 06-16-2013, 11:21 AM |
| That is true but in the end it was a 0day exploit, and its not really easy to defend against a 0day exploit is it now?
|
| Posted by Martin-D, 06-16-2013, 11:21 AM |
| Perhaps they're busy getting customers back online first?
|
| Posted by doughnet, 06-16-2013, 11:25 AM |
| what other information was leaked out?
based on the info from localhost.re:
"And, as a bonus, here's something to help you pwn. Just wget it to /usr/local/solusvm/www/rofl.php
It can run a command on all nodes, show decrypted passwords for all the users, etc."
|
| Posted by chukchuk, 06-16-2013, 11:30 AM |
| My vm is still offline.
|
| Posted by FiberFy, 06-16-2013, 11:31 AM |
| Current status: http://status.ramnode.com/ all nodes online, it seems (although one of my VPS is offline yet).
Edit: NVM, I had only seen one page :-P, it seems lots of VPS are down, but I'm sure Nick is gonna fix this!
From what I've been reading, they indeed got their SolusVM DB leaked.
I'm expecting an official announcement shortly, let's see..
:-)
Last edited by FiberFy; 06-16-2013 at 11:35 AM.
|
| Posted by doughnet, 06-16-2013, 11:34 AM |
| so pretty much emails, full names were leaked? are the passwords breached also? or just in SHA1 format?
|
| Posted by FiberFy, 06-16-2013, 11:35 AM |
| Email, Password and default root password, I presume.
|
| Posted by alexnuke, 06-16-2013, 11:49 AM |
| I was wondering my website was down with them. Never had an issue with BlueHost. I guess, i will have to wait till my node get's up and running.
|
| Posted by LH | Brant, 06-16-2013, 11:55 AM |
| Its always safe to change your password frequently anyway. Glad to see they're working diligently on getting their services repaired!
Though, for the people saying "I don't feel safe using them...", I don't really think its them you shouldn't feel safe using, its any company that uses SolusVM if you wanted to get technical. It was an exploit that was found and then hours later used to access information that shouldn't be accessed. Its not something on the hosts' end that they could control unless they were notified before the attack.
I personally believe that if anything, this has proven that RamNode cares a lot about the well being of their customers, and that they will do what they need to do to get their servers back online as quickly as possible, and for that i give two thumbs up!
|
| Posted by Blyze, 06-16-2013, 12:05 PM |
| My node and their site--self-hosted node?--are still dead, since about 8:30 EST. Lots of angry users IMing me, lol.
I'm not impressed. Impressive would have been catching the exploit beforehand and immunizing themselves by removing centralbackup.php -- several people here did in other threads. They had a good 5 hours to do so assuming a generous 30-minute attack window for this script kiddie SQL injection pwnage.
Sucks, because I specifically moved to RamNode from urpad to get away from the constant 2m downtimes and semiweekly outages my instance had there.
Guess its time to give with VPSes and go dedicated.
|
| Posted by Afterburst-Jack, 06-16-2013, 12:08 PM |
| Here's a full list (from what I'm reading in the rofl.php file posted on localhost.re)
Users:
Username , Sha1Pwd , Email , Firstname , Lastname , Vcode (lost pwd)
VM's:
Client,IP,Hostname,Type,OS,RAM,Root Password
Nodes:
Node ID,Name,IP,Hostname,IDKey,IDPassword,Type,SSH Port
and an SQL dump of the Solus database. It would also search for an active administrator session, setting the attacker's cookie to that of the administrator, allowing them full administrator access to solusvm.
|
| Posted by ultrabizweb, 06-16-2013, 12:10 PM |
| I have several vps with ramnode kvm and openvz it is unfortunate that this happened, however these things do happen from time to time. A few of my nodes are back online. I am sure nick is doing all he can right now to get everything restored.
I did have a backup going this morning at about 2am EST and it completed file size compared to yesterdays backup was about the same so hopefully the backup was good. So the attackers must have compromised the system after that or were in the process of compromising it. I have faith in Ramnode. They have been a very good host to me.
|
| Posted by techjr, 06-16-2013, 12:12 PM |
| That would be assuming they monitor WHT 24/7 and some just recently index hack site.
Fact is if Steven hadn't posted here, few would have likely noticed and more people could be hit.
I'd say they were pretty unlucky considering the exploit requires someone to have a vm with the company so it was either an existing customer doing it or someone signed up with presumably fake details. Or an existing customers information was found.
The fact that multiple hosts on this forum wasn't or hasn't been hit yet is surprising to me.
Last edited by techjr; 06-16-2013 at 12:16 PM.
|
| Posted by UNIXy, 06-16-2013, 12:25 PM |
| Rumor has it ser_ver*cr_rate (obfuscation mine) did it: http://paste.ee/p/jtSva
|
| Posted by PersonalJ, 06-16-2013, 12:42 PM |
| Nick confirmed it was in fact him in a post on LET.
|
| Posted by Blyze, 06-16-2013, 12:45 PM |
| I take proactive vulnerability management seriously even on my not-for-profit boxen. I expect my host to do the same on their layer. Certainly, I assume anyone with 24/7 support capability would be heavily incentivizing that kind of behavior at least for their mission critical software, yes.
|
| Posted by FiberFy, 06-16-2013, 12:59 PM |
| That's sad!
|
| Posted by WPCYCLE, 06-16-2013, 01:00 PM |
| I have to give thumbs up to Ramnode too. A true host will get all his customers up and running before getting his own site up.
I was with urpad for a bit and they started going downhill after 2 years, but Ramnode has always been online...always.
One time downtime and everyone is almost crying foul. Ramnode and Bluehost are not even in the same playing field. If you want to compare a fast and true host with basically zero downtime with the exception of today to a host with billions of customers that goes down every 3 days
If anyone can name ONE host that has not had a similar issue as today, I would love to see that list.
I guess this goes as a warning to all those that put all their eggs in one basket. A smart setup has resources installed on separate networks, so an issue like today doesn't destroy your whole operation.
|
| Posted by FiberFy, 06-16-2013, 01:31 PM |
| Allow me to re-quote, TWICE your great message "I have to give thumbs up to Ramnode too. A true host will get all his customers up and running before getting his own site up."
Indeed.
|
| Posted by haiku, 06-16-2013, 01:37 PM |
| One of my Ramnode VPS is down, one is still up. I don't remember if I used the Solus CP to change my root password or the passwd command from the shell, but I probably should change my password regardless.
From what I'm reading, there was some bad blood between the hacker and Ramnode, so it's us customers that are collateral damage. Take away the kid's computer, let him work in the salt mines for a few years.
|
| Posted by helpman, 06-16-2013, 01:39 PM |
| Ramnode just posted this update on LET.Hope helpful for anyone who hosting there
|
| Posted by techjr, 06-16-2013, 01:50 PM |
| Lets see what this member has to say about it http://www.webhostingtalk.com/member.php?u=418347 and if there will be any legal action. Hate to see a company get hacked but would love to see whoever did it get punished to the full extent of the law.
|
| Posted by Steven, 06-16-2013, 01:55 PM |
| Under the circumstances, Ramnode is doing an amazing job at getting their customers online and keeping them informed.
|
| Posted by Blyze, 06-16-2013, 01:56 PM |
| Mebbe he thinks people will go over to his service? Lol...
Regardless...it seems like most of us are still down.
http://stats.pingdom.com/pgaiienekorf/853954
I dunno, I've never used Bluehost, so I can't speak for their service. All I know is I migrated off urpad and now I'm down to one 9(!) for my total time of service with Ramnode--a little less than a month, and actually only marginally better than the last month at the old host. And now I'm finding out that my node may have been wiped,
So...not feeling a whole lot of love here. Definitely not the enthusiastic two thumbs up others are giving.
|
| Posted by WPCYCLE, 06-16-2013, 02:14 PM |
| Sorry to hear. The nature of hosting is a hit or miss. I've said many times that even the greatest host can have dark moments. I've been through them too. The reason were giving the thumbs up is because of the communication and uptime compared to others. If there's an issue, a quick ticket and it's resolved...not like others that will publicly blame the customer or goes down a few times a week...or you pay for a service and it never works. Then when you email support they tell you to talk to billing for a technicall issue?!?!?!?! who then transfers you back to support who then tells you nothing, takes your money, and still no service.
Sorry to throw a rant in there, but there are some really bad hosts that ARE fly-by nights and will rip you off, and then there's the unlimited's (a whole can of worms)...in any case Ramnode is not a part of any of those.
|
| Posted by Mr. Obvious, 06-16-2013, 02:51 PM |
| Yes, Blyze - a host being hit with a 0day exploit means that they clearly know nothing about security.
Doesn't help that a minor in control of a hosting "company" hit them in the middle of the night.
|
| Posted by cloudrck, 06-16-2013, 02:52 PM |
| If RamNode continues to use such lazy software there's bound to be more where this came from, I would be sure to keep backups. You can call it 0day or whatever you want, but this was a preventable and very basic exploit.
|
| Posted by WPCYCLE, 06-16-2013, 02:59 PM |
| So do we blame the host or the software company.
Solusvm had the issue = blame the host, not Solus.
WHMCS has issues = blame whmcs, not the host.
How does that work?!?!!?!?
If cPanel were to have an issue, would we blame ALL the hosts that uses cPanel?
|
| Posted by cloudrck, 06-16-2013, 03:04 PM |
| So you're telling me you don't expect your host to run security checks on software? Software that stores sensitive information, as well as manage your server? This isn't exactly a difficult exploit. Especially software that's closed source since you have no clue what sloppy code you're buying. I'm not blaming anyone, but security needs to be tight on web-based software that has root access. I don't trust code I can't see and neither should anyone else.
In my opinion every host needs to be checking/reporting security issues. We have too many hosts running software they know nothing about.
Last edited by cloudrck; 06-16-2013 at 03:09 PM.
|
| Posted by WPCYCLE, 06-16-2013, 03:11 PM |
| I agree with you and I do expect a host to run security checks on everything, within a reasonable schedule, and not rely on the vendor, BUT when WHMCS was caught many times for their issues, the host in question was almost forgotten since all the blame went on WHMCS. In this case, Solus is the least talked about here even though the issue was withing their software, but instead Ramnode is taking all the heat for Solus' error.
Won't even get into that one. The 10 posts and your a host members. WordPress has the same arguments. One would think there should be advice telling people to not do one-click installs and load 45 free themes from untrusted sources into their sites. I have yet to see an encrypted theme that wasn't full of exploits.
Last edited by WPCYCLE; 06-16-2013 at 03:17 PM.
|
| Posted by eric418, 06-16-2013, 03:15 PM |
| I don't know and I'm not a ramnode customer, but if my bank account is hacked, I will blame HSBC for sure, instead of understanding what are their platforms, who built them, and if it's a security hole of a certain script.
All I know is I'm a customer of the bank only, not their IT vendor, suppliers, business partners. HSBC is the only responsible body to me.
|
| Posted by cloudrck, 06-16-2013, 03:20 PM |
| I think RamNode is handling this very well, but I was bringing up the issue with software vendors and their coding standards (or lack-thereof), and webhosts not being active in security.
|
| Posted by WPCYCLE, 06-16-2013, 03:23 PM |
| Which makes logical sense. I would do the same since I'm dealing with the bank directly.
But again, it just seems to be an out of place argument. If we compared WHMCS to your bank scenario, then everyone would be blaming the IT company and not the bank. They would almost forget a bank was even involved from all the bad mouthing of the IT company.
|
| Posted by FiberFy, 06-16-2013, 03:23 PM |
| I agree with some points you guys have made. But this thread is not to discuss that.
I mean, nothing is hack-proof, everything is exploitable. Even NSA got hacked. However, Nick is bringing nodes online first, then his company website, then all the tickets after this.
Congratulations, once again, Nick.
Now about SolusVM, as I previously said, everything is exploitable. These kind of things happen, what they can do is prevent those from happening and it seems they're dealing with it quite well.
|
| Posted by WPCYCLE, 06-16-2013, 03:28 PM |
| I could see 300 posts regarding this. Some of them, their security standards is the Windows xp password from home. Coding...not a clue. Tell them to convert php to html and you get deers in headlights.
It's equivalent to my previous music career. Some people are real musicians or have talent/training like coders....some just buy a reseller account and claim hosting like downloading cracked music software and making horrible music.
|
| Posted by cloudrck, 06-16-2013, 03:32 PM |
| This is the Hosting Security and Technology category, right? You should have posted this in the VPS forum, I would have this moved.
|
| Posted by kaniini, 06-16-2013, 03:40 PM |
| Frankly, I would avoid either software -- either as a hosting company or a customer. Both are filled with plenty more atrocious 0days where that came from, I assure you.
No, really, the code is that bad in both cases.
|
| Posted by Martin-D, 06-16-2013, 03:41 PM |
| Yes, to discuss the issue and disseminate information I would imagine, not throw dirt at the thousands of hosts who use SolusVM.
p.s. your user title = ironic.
|
| Posted by FiberFy, 06-16-2013, 03:45 PM |
| Exactly :-P, posts in WHT easily go off-topic, and I like when it goes off-topic when we can get to conclusions.
|
| Posted by cloudrck, 06-16-2013, 03:47 PM |
| No one is throwing dirt, if people take offense to security discussions than I'm sorry. If it doesn't apply let it fly.
I know
|
| Posted by Steven, 06-16-2013, 03:48 PM |
| Nothing is hack proof - only hack resistant.
|
| Posted by WPCYCLE, 06-16-2013, 03:50 PM |
| Ok, here's my both sides of the fence argument;
As a host...there are many companies using these scripts. Let's say WHMCS...how many vendors use WHMCS that we rely on (hosting, SSL, Storage, Scripts, Services).
As a customer...how many customers are knowledgeable enough to know the different types of billing systems? That would be like paying for public transportation and wondering who manufactured the seats and windows on the bus I'm riding. Why would I need this information? If I owned the bus then I would care, but hosting is the same as paying bus fare = service for your needs. Once the service ends, that's it.
Last edited by WPCYCLE; 06-16-2013 at 03:54 PM.
|
| Posted by alexnuke, 06-16-2013, 05:05 PM |
| My users are wondering because my forum has been down. Doesn't Ramnode used to do weekly back ups for their VPS...
Last month hard drive issues and they had to re install my whole VPS again and now this issue? I hope data on my VPS is fine.
This sucks.
|
| Posted by Patrick, 06-16-2013, 05:29 PM |
| What about the UNIXY.net?
http://www.unixy.net/advanced-hosting/no-hack/
They clearly claim to be hacker proof. What's their secret? (Sarcasm intended.)
|
| Posted by cloudrck, 06-16-2013, 05:30 PM |
| You should never depend on anyone to do backups but yourself. Did you ask if they have backups?
|
| Posted by UNIXy, 06-16-2013, 05:31 PM |
| Thank you for mentioning it. Our secret is we don't go around on net bullying people. Why do you have to turn into this bad person, Patrick? I have never seen you show such negative behavior before. This trend is worrying. Discovering vulnerabilities in other people's software doesn't mean you can bully them. It requires a great deal of humility.
And remember this is a community and its unwritten tenants are built on mutual respect.
Thanks
Last edited by UNIXy; 06-16-2013 at 05:36 PM.
|
| Posted by alexnuke, 06-16-2013, 05:43 PM |
| Last time they mentioned they do some weekly back ups or so for nodes. Not sure how much that is true. But that was during their hard drive issues.
|
| Posted by Blyze, 06-16-2013, 05:46 PM |
| Their support staff has been non-responsive/MIA since morning. Only word has been from Twitter and a note in the client area.
I _still_ don't know if/when the node will be back, whether to start lowering TTLs for a site move or not (thank god DNS and www weren't hosted there, just the MUSH itself...), what to tell my users about this weeks changes to their objects...
|
| Posted by FiberFy, 06-16-2013, 05:59 PM |
| They've been bringing the nodes back, just be patient and you'll get back online in no time
|
| Posted by ZKuJoe, 06-16-2013, 10:19 PM |
| I find it pretty amazing that WHT would allow somebody to post instructions on how to perform this exploit and that RamNode would not have been hacked had it not been for the thread posted here on WHT. A bit irresponsible for the person who posted the "How-To" guide on here which the WHT staff usually doesn't allow but in this case they made it a featured thread.
|
| Posted by Awmusic12635, 06-16-2013, 10:53 PM |
| I thought it was posted on localhost then brought to attention here to warn people if I recall correctly?
|
| Posted by Steven, 06-16-2013, 10:58 PM |
| This was being discussed other places besides webhostingtalk so the claim that the post on webhostingtalk caused it...is not exactly true.
I know several hosts that used this information to devise a plan to protect themself.
Last edited by Steven; 06-16-2013 at 11:02 PM.
|
| Posted by WPCYCLE, 06-16-2013, 10:59 PM |
| I find it interesting that some hosts who are known scammers are still allowed to post...but that's an argument for another day.
Aside from WHT staff, the community can also hit the report button to take down offending posts. But then it creates another issue....say nothing, and this exploit could have gone for a few days before being corrected.
|
| Posted by ZKuJoe, 06-16-2013, 11:09 PM |
| It is rather suspicious that RamNode was hacked shortly after the hacker replied to your post though. Could be a coincidence of course...
|
| Posted by FiberFy, 06-16-2013, 11:33 PM |
| Yeah, and wrong assumptions too...
|
| Posted by IH-Chris, 06-17-2013, 12:08 AM |
| Do I need to post a link?
|
| Posted by IH-Chris, 06-17-2013, 12:36 AM |
| There is really no need to PM me, unless you want to explain yourself. Otherwise I am curious to why you are posting here calling people "bullies"
|
| Posted by UNIXy, 06-17-2013, 12:48 AM |
| I thought I'd PM you to clear up any confusion in a civil manner. But I forgot this is WHT; drama takes the front seat. I don't understand why you're replying to a comment I'm addressing to Patrick. I didn't address that comment to you.
Thanks
|
| Posted by IH-Chris, 06-17-2013, 12:52 AM |
| It's all in general, and your response was generalized as per my speculation. This is a Ramnode thread, why would you respond in the manner you did? Are you a client?
|
| Posted by UNIXy, 06-17-2013, 01:00 AM |
| Did you read the comment Patrick made, which I quoted? I'm only responding to defend what I have the right to defend.
Thanks
|
| Posted by IH-Chris, 06-17-2013, 01:09 AM |
| again, the "link" explains words. This is in no way related to Ramnode. My apologies for being vocal, it's your opinion outside of this thread that you localized. An opinion was made by Patrick as that, an opinion, you turned it to personal and I voiced my opinion. How about we clear further responses for Ramnode and/or clients as they are the only one that can benefit from this thread - outside of your cyber power.
|
| Posted by UNIXy, 06-17-2013, 01:25 AM |
| It's very simple. if someone takes a cheap shot at my business in *ANY* thread, I have the right to respond and defend it and I will. Be it RamNode's or any. As much as I feel bad for derailing RamNode's, I did not initiate this skirmish.
We could have cut this thread down by a page or two had everything been cleared via PM.
Thanks
|
| Posted by IH-Chris, 06-17-2013, 01:30 AM |
| Cheap shot? Ok.. I do not speak terms in PM. WHT is a community forum?! I'm done here. All the best to Ramnode and clients.
|
| Posted by Steven, 06-17-2013, 01:44 AM |
| Over a hour from my post to his post. There was a lot of nonwht related discussion in that time period. i was going to bed when i got alerted. I stayed up for a hour doing patch work and in that time the discussion was going on in several places. Some people probably even got it off the zamfoo reddit thread as the localhost site was linked there.
|
| Posted by slyjackal, 06-17-2013, 02:20 AM |
| So the dad of robert c works for MS in Redmond?!?
|
| Posted by alexnuke, 06-17-2013, 02:27 AM |
| My VPS is still down with Ramnode. Can't access client area either. Where is the Ramnode support?
|
| Posted by WeServIT, 06-17-2013, 04:16 AM |
| You can follow updates on their Twitter. They are restoring the nodes which are (partially) wiped with backups they have. Restoring backups for VMs takes a lot of time. I'm sure they are working very hard to get everything back online as soon as possible.
|
| Posted by Nalfein, 06-17-2013, 04:47 AM |
| RamNode officially notified their customers 24h after the incident. My site went down for few hours then everything started working again. Happens everywhere, I thought.
Then few hours later I'm logging via SSH trying to set up one thing to see foreign processes and connections running on my host. That shouldn't happen. RamNode should have notified their customers ASAP so that they can take actions to protect their data, and their customers.
|
| Posted by alexnuke, 06-17-2013, 04:49 AM |
| Thank you! 2 months back they had RAID issue and lost all data but had to revert from back ups. Again similar issue.
I understand about the exploit but they should have some system where they should take back ups themselves even weekly if not bi weekly and if not monthly at least.
I am hoping for best.
|
| Posted by Martin-D, 06-17-2013, 04:51 AM |
| From what I gather they do have backups and are restoring them. As WeServIT mentioned, restoring lots of VM's from backups on to the nodes does take quite a while.
|
| Posted by Nick A, 06-17-2013, 05:02 AM |
| We notified our clients via Twitter within a few hours of the initial incident. The emails you received were delayed due to the work we had to do on both the SolusVM CP and our client area. We have been working on this issue around the clock, non-stop.
|
| Posted by Nalfein, 06-17-2013, 05:23 AM |
| Can we assume everyone is using Twitter nowadays?
I bet everybody has an email...
|
| Posted by Nick A, 06-17-2013, 05:26 AM |
| My point was that we were unable to send out emails immediately, so we used other media until our email options were available. In other words, we have not been lazy or unresponsive, just constrained by the magnitude of the incident.
Thanks for your patience and support.
|
| Posted by Matthew_B, 06-17-2013, 05:47 AM |
| Kudos for working tirelessly, its always tough being the one to get hit. Keith sure knows this after K-Disk.
However it is clear that you need some more disaster planning to say the least?
Why was your client area and site hacked? Was it on a SolusVM node, if so thats a big failure on your part, it should be hosted either in the same DC or a different DC preferably not on your own VPS node, thus if this ever happens again, you will:
1) Find it more easy to contact customers
2) Not have to mess around with large backups
3) Not put all your clients billing information at risk in the same manor.
Do you know for sure that the hacker / hackers didn't find your RamNode.com VPS and make a copy of the database, then download it? If it was deleted then you may not know this or not depending on the level of destruction of the logs etc.
This was something than can be seen coming by keeping your site on the same systems as your clients with little isolation. Many hosts on here advise you to do this not just myself.
Best of luck getting this set back up, hope you follow my tip regarding your client area.
Thanks
|
| Posted by alexnuke, 06-17-2013, 11:27 AM |
| Mine is still marked offline and last time they didn't had any back ups during their RAID HD failure. So had to redo all but at that time I had back ups on Bluehost so I re-did all but this time even my bluehost account is gone since its more then a month or so.
I hope they have back ups this time. I even PM'd Nick and hoping for best.
|
| Posted by Matthew_B, 06-17-2013, 11:51 AM |
| As I said above, its a pain when such a small company gets hit, it will take a while to get everything straight again, patience is key at this time.
I am sure Nick is doing his very best to get everything back up and running again as soon as possible. With over 50 nodes offline yesterday, he has done well to get all the nodes back up and running (http://status.ramnode.com/)
Data restoration can take a while, and I'm sure Nick is going flat out and will update you soon.
|
| Posted by MrLadoodle, 06-17-2013, 01:42 PM |
| Considering the events, your response has been way above board. It's such a shame that this has happened to you.
|
| Posted by wartungsfenster, 06-17-2013, 07:28 PM |
| sigh, and he called his VPS "myfirstKVM" so you get an idea about his qualification to be hosting virtual servers...
Well, where he's (presumably, if it really was him) going he won't be hosting many guests anyway.
Last edited by wartungsfenster; 06-17-2013 at 07:29 PM.
Reason: sorry could not resist.
|
| Posted by haiku, 06-17-2013, 10:02 PM |
| Host1free.com, the other provider hit w/ this exploit, still hasn't gotten their vps back online yet. I'm not saying this to be critical of host1free, but just to add to the general consensus that Nick and RamNode have handled this about as well as they could. Edit: Both of my VPS at RamNode are back up with minimal data loss (backup must have been restored from a very recent snapshot).
Last edited by haiku; 06-17-2013 at 10:05 PM.
|
| Posted by alexnuke, 06-18-2013, 02:14 AM |
| My hunch was true. They didn't have back up of my VPS. They didn't had 2 months back either. If they would outright say that hey we don't any back ups it would have helped a bit but saying oh we take weekly back ups is totally wrong.
Lesson Learned: Never believe in what host says of their weekly back ups. It just never works out.
|
| Posted by Nick A, 06-18-2013, 11:32 AM |
| We state clearly in our TOS and FAQ that backups are not guaranteed and that you are responsible for your own data. You can see from the post just above yours that we did indeed have backups for other clients. I am of course very sorry we could not salvage yours, but I believe I already explained the system through a ticket with you. We will implement a different system in days soon to come.
|
| Posted by FiberFy, 06-18-2013, 12:43 PM |
| You've done a great job. Everyone should backup their own VPS, that's keeping safe what is ours.
Best wishes.
|
| Posted by Aldryic C'boas, 06-18-2013, 02:06 PM |
| Considering that Clarke tried to run the same exploit against CVPS, and then against us (and we don't even use Solus), both from his residential ISP... doesn't paint a good picture for the kid.
|
| Posted by mawrr, 06-18-2013, 10:07 PM |
| Well, somebody successfully attacked CVPS now.
|
| Posted by Aldryic C'boas, 06-18-2013, 10:10 PM |
| True, but pretty much unrelated. I simply mentioned Clarke straight up trying to exploit other providers since it seemed everyone was too scared to say his name in this thread, and that it seemed folks were pretty much brushing off the fact that RamNode got nailed right after he did it like it was no big deal.
I have proof of him attempting to run the exploit on us as well (for a panel we don't even use XD) if the mods are interested at all. CVPS_Chris has proof as well - though I think he's still banned here, I'd be more than happy to present his httpd logs as well.
|
Add to Favourites 
Print this Article
Also Read
