

VAServ 'hacked' - all web sites and hosted VMs down - pert
http://66.71.245.2/~vaservc/

======
skramnz
Status message via their main web address:

At approx 7pm GMT VASERV HyperVM was hacked and it appears that all nodes have
some level of damage. We are currently working on the situation and will be
putting updates here.

Currently we have no ETA on this

23:18 GMT. We are going to bring the support desk back online shortly so we
can start getting a track of where customers are.

Per DC

LA FSCKVPS - People are onsite working on the system

WireSix Atlanta - People are working onsite

TMS - Expecting someone onsite within 1 hour

UK - We have 4 people onsite and gauging status

Overall it looks like /boot on the nodes has been removed. Some nodes are
definitly missing /vz data and others have it intact. We will be going node by
node to get things going ASAP.

Our HyperVM db's are intact so this means we can link everyone to their VPS

23:56 GMT: We now have a rolling action plain in place for all nodes and are
starting checks/restores. Please note we are expecting at least 24-48 hours to
get things even remotly stable

00:32 GMT: We have so far done some test rebuilds on 5 boxes and results look
semi promsing for the root VPS data (/vz). /etc/ was removed meaning config
files need rebuilding however this is easy enough to do from HyperVM database.
As it stands we will NOT be giving public access to HyperVM for the forseable
future. We may/may not still use it internally via some very strong firewall
controls. For rebuilds etc we will be asking people to do support tickets etc

------
pert
I can hardly believe what I'm reading here ('ISSUE #24' is the most
impressive):

<http://securityreason.com/wlb_show/WLB-2009060016>

"Kloxo (Previously Lxadmin) The most flexible software on this planet. From
Kloxo HostInaBox, World's lightest and the most efficient webhosting platform,
to Kloxo Enterprise, which can manage 100s of thousands of domains on hundreds
of servers."

It's 'flexible' a euphemism for 'full of holes'?

------
pert
I was looking for the change-log for 'HyperVM' and found this thread on their
own user forum, where some users are requesting a change-log!

[http://forum.lxlabs.com/index.php?t=msg&th=3605](http://forum.lxlabs.com/index.php?t=msg&th=3605)

------
pert
Can you say 'oops'?

[http://www.webhostingtalk.com/showpost.php?p=6221034&pos...](http://www.webhostingtalk.com/showpost.php?p=6221034&postcount=5)

------
pert
Lots more chat here: <http://www.webhostingtalk.com/showthread.php?t=867100>

------
pert
Hmm... I can't seem to edit the main URL and the status page seems to have
moved here:

<http://www.vaserv.com/>

Can anyone edit the URL for me?

