Ramnode down after SolusVM vulnerability exposed
ramnode.comRamnode's SolusVM was hacked earlier and attempting to log in gave you a list of every single subsciber's email address, name, and root password (plain text) to their VPS as well as IP address. Source: http://www.reddit.com/r/webdev/comments/1gga3n/ramnode_hacke...
http://localhost.re/p/solusvm-11303-vulnerabilities
http://www.webhostingtalk.com/showthread.php?t=1276286
If you use SolusVM: http://blog.soluslabs.com/2013/06/16/important-security-aler...
"We are working to get things back online. We were hit with a SolusVM exploit late last night." (https://twitter.com/RamNode)
Happy Father's Day!
Confirmation from Ramnode twitter "We are working to get things back online. We were hit with a SolusVM exploit late last night."
Is this known to only affect authorised users in Solus?
Apparently there are allegation going around that it was done by a competitor, servercrate.
http://lowendtalk.com/discussion/comment/284016/#Comment_284...
there's apparently a running joke for the less ethical types on lowendtalk to go around pwning people's sites and pretending to be robertclarke. He even got swat'ed the other day. Having read robertclarke's previous posts and knowing his ignorance of even basic Linux system administration, pretty sure he's just on the unfortunate end of an immature joke.
Heh, I was unaware of that. How odd...Thanks!
Unofficial RamNode PostMortem: https://gist.github.com/ElliotSpeck/66943b70c8b98e5b2afb
Honestly the usage of SolusVM, WHMCS etc (i.e. things written in PHP which have no business being written in at least, the way a PHP typically is written) has been the main security problem of the entire industry.
We need more things like OpenStack out there -- competently designed and implemented toolstacks that actually work correctly and have a remotely acceptable security model.
It's a nightmare for them and I'm sure they'll lose customers over it, but I'm staying when two days ago I was planning on canceling my vps due to underuse.
It was ridiculously fast for a vm (>700MB/s with vpsbench, all tests), but the $5/mo Digital Ocean instances were fast enough with PostgreSQL/Sphinx that none of my (free) users were complaining. I like Digital Ocean, I'm keeping some stuff over there, but I appreciate Ramnode's transparency & dedication during this. It doesn't hurt that they're probably going to be constructively paranoid now that they've gotten burned. This is one of those things my partner saw all the time running a restaurant - screwups are unavoidable, but handling them well can actually get you a loyal customer.
Sigh. I'm glad I didn't give them any billing information (monthly invoice paid each time via Paypal). It's not clear to me how/why root passwords are compromised by this exploit; anyone care to elaborate?
It's talking about the auto-generated root password that gets emailed to you upon creation of your VM initially. Most everyone would, hopefully, have changed his/her root password manually, upon receiving it in email via cleartext.
I'm getting conflicting reports about the passwords. Were these plaintext passwords ONLY the autogenerated ones, or are there other passwords that have been compromised as well. Also, has anyone been able to get a list of everything that was displayed on the page?
Stupidity, or appalling ignorance on the part of the SolusVM developers.
Any news? my VM is down and I see here that all the nodes are still down:
Nodes appear to be back up.