

Ramnode down after SolusVM vulnerability exposed - jemka
http://www.ramnode.com/index.php

======
jemka
Ramnode's SolusVM was hacked earlier and attempting to log in gave you a list
of every single subsciber's email address, name, and root password (plain
text) to their VPS as well as IP address. Source:
[http://www.reddit.com/r/webdev/comments/1gga3n/ramnode_hacke...](http://www.reddit.com/r/webdev/comments/1gga3n/ramnode_hacked_names_emails_and_passwords/)

[http://localhost.re/p/solusvm-11303-vulnerabilities](http://localhost.re/p/solusvm-11303-vulnerabilities)

[http://www.webhostingtalk.com/showthread.php?t=1276286](http://www.webhostingtalk.com/showthread.php?t=1276286)

If you use SolusVM: [http://blog.soluslabs.com/2013/06/16/important-security-
aler...](http://blog.soluslabs.com/2013/06/16/important-security-alert-all-
solusvm-versions/)

"We are working to get things back online. We were hit with a SolusVM exploit
late last night." ([https://twitter.com/RamNode](https://twitter.com/RamNode))

Happy Father's Day!

~~~
bndr
Confirmation from Ramnode twitter "We are working to get things back online.
We were hit with a SolusVM exploit late last night."

------
aroch
Apparently there are allegation going around that it was done by a competitor,
servercrate.

[http://lowendtalk.com/discussion/comment/284016/#Comment_284...](http://lowendtalk.com/discussion/comment/284016/#Comment_284016)

~~~
kbar13
there's apparently a running joke for the less ethical types on lowendtalk to
go around pwning people's sites and pretending to be robertclarke. He even got
swat'ed the other day. Having read robertclarke's previous posts and knowing
his ignorance of even basic Linux system administration, pretty sure he's just
on the unfortunate end of an immature joke.

~~~
aroch
Heh, I was unaware of that. How odd...Thanks!

------
Wyrmkill
Unofficial RamNode PostMortem:
[https://gist.github.com/ElliotSpeck/66943b70c8b98e5b2afb](https://gist.github.com/ElliotSpeck/66943b70c8b98e5b2afb)

------
nenolod
Honestly the usage of SolusVM, WHMCS etc (i.e. things written in PHP which
have no business being written in at least, the way a PHP typically is
written) has been _the_ main security problem of the entire industry.

We need more things like OpenStack out there -- competently designed and
implemented toolstacks that actually work correctly and have a remotely
acceptable security model.

------
nieve
It's a nightmare for them and I'm sure they'll lose customers over it, but I'm
staying when two days ago I was planning on canceling my vps due to underuse.

It was ridiculously fast for a vm (>700MB/s with vpsbench, all tests), but the
$5/mo Digital Ocean instances were fast enough with PostgreSQL/Sphinx that
none of my (free) users were complaining. I like Digital Ocean, I'm keeping
some stuff over there, but I appreciate Ramnode's transparency & dedication
during this. It doesn't hurt that they're probably going to be constructively
paranoid now that they've gotten burned. This is one of those things my
partner saw all the time running a restaurant - screwups are unavoidable, but
handling them well can actually get you a loyal customer.

------
zedpm
Sigh. I'm glad I didn't give them any billing information (monthly invoice
paid each time via Paypal). It's not clear to me how/why root passwords are
compromised by this exploit; anyone care to elaborate?

~~~
Wyrmkill
It's talking about the auto-generated root password that gets emailed to you
upon creation of your VM initially. Most everyone would, hopefully, have
changed his/her root password manually, upon receiving it in email via
cleartext.

~~~
jscheel
I'm getting conflicting reports about the passwords. Were these plaintext
passwords ONLY the autogenerated ones, or are there other passwords that have
been compromised as well. Also, has anyone been able to get a list of
everything that was displayed on the page?

------
ledzgio
Any news? my VM is down and I see here that all the nodes are still down:

[http://status.ramnode.com/](http://status.ramnode.com/)

------
zrail
Nodes appear to be back up.

