1
ma6174 2013-06-18 17:22:03 +08:00
强烈关注
|
2
haruhi 2013-06-18 17:26:02 +08:00
SolusVM漏洞吧?昨天还是前天我就收到oneasiahost的邮件了…马上ssh修改root密码,网页重置面板登陆密码…
|
3
2code 2013-06-18 17:33:00 +08:00
吓出一声冷汗,请问一下信息来源?
|
4
binux 2013-06-18 17:34:43 +08:00
使用paypal付款 √
禁用ssh密码登陆 √ 独立密码 √ 没有数据 √ 应该问题不大。。 |
5
molinxx 2013-06-18 17:35:32 +08:00 via Android
我的图床挂了。。。WTH
|
6
zencoding 2013-06-18 17:37:24 +08:00
无有看到,正常呀
|
7
vibbow OP @binux 对于我个人来说:
使用Paypal付款 Yes 禁用SSh密码登录 No 独立密码 Yes 没有数据 (怎么可能是No,要不然你买VPS干嘛) 反正这个VPS只是装最新版PHP折腾用的,挂了就挂了... |
10
yanwen 2013-06-18 18:08:44 +08:00
貌似是很久之前的事情???
|
11
welsmann 2013-06-18 18:11:00 +08:00
这事儿很久之前了
|
12
yylzcom 2013-06-18 18:13:53 +08:00
是16号(北京时间17号)的solusVM的sql注入密码吧,不过好像受影响的就只有ramnode啊,没听说chicagovps也受影响
|
13
gongyiyi 2013-06-18 18:26:11 +08:00
最近solusvm真是被人推到了风头浪尖啊!
|
14
yinxingren 2013-06-18 18:43:40 +08:00
默默的求个下载地址。。
|
15
xvbin 2013-06-18 18:51:51 +08:00
哎,我的VPN啊。。。。
|
16
chemhack 2013-06-18 18:52:38 +08:00
拖了很久了。。。。
|
17
wzxjohn 2013-06-18 19:21:36 +08:00
目测悲剧了。。。VPS好像Down了。。。
|
18
alphamm 2013-06-18 20:36:18 +08:00
求放出裤子。原下载地址不行了
|
19
darkbill 2013-06-18 21:04:21 +08:00
ramnode的邮件里面是这么说的,
The following information was contained in the leaked database: first names, last names, email addresses, and SolusVM account information. No telephone numbers, street addresses, or billing information was compromised. 就是只有名字、账户信息被泄露了。。。 |
21
princeofwales 2013-06-18 21:15:57 +08:00
假的,我的VPS今天没有停啊
top - 21:15:39 up 31 days, 18:39 |
22
darkbill 2013-06-18 21:19:22 +08:00 1
@vibbow 一早就禁止了root登录,问题不是独立密码,现在在废除旧密码中。。。不过还好,这个密码用的地方不多。。。
|
23
chainkhoo 2013-06-18 21:47:34 +08:00
=.-还好早就撤离了chicagovps 之前觉得他家超售太严重了 就闪人了
|
24
likuku 2013-06-18 22:15:22 +08:00
ssh 必须 only public_key 认证啊...
|
25
vibbow OP |
26
vibbow OP ChicagoVPS的官方说明出来了:
Around 3am Eastern Standat Time (EST) today, there was a security breach, due to a vulnerability in SolusVM that allowed a command line to be run to dump the ChicagoVPS SolusVM client database and attempt to delete all data from our nodes. Our staff is working tirelessly to get everything back online, along working with SolusVM to address the root issue and no furthur impact is expected. Now what does this mean for the customer? All passwords should be changed, this includes passwords for SolusVM control panel and your VPS. This data leak does not include billing information or credit card information. Thus far we are having great success in getting nodes back online with no data loss, however, there are a few that were not recoverable and will be restored using our offsite backups. Once the situation is 100% complete and back to normal we will send another email out. We understand the sevarity and importance to get everything back online quickly. With that in mind, please try to refrain from opening a ticket or replying to an old one as it only slows us down even more. We are doing our best, and hope to have this fully resolved within 24 hours. Thank you for your patience and understanding. Regards Your ChicagoVPS Team |
28
lll9p 2013-06-19 07:32:40 +08:00 via Android
SolusVM漏洞,貌似影响很大啊,host1free的vps也被一撸到底。。。
|
29
yylzcom 2013-06-19 09:14:24 +08:00
完了,是真的,我今天早上收到邮件了,速度去改密码
|
30
sdysj 2013-06-19 09:33:09 +08:00
chicagoVPS早给人拖好几次库了,还在混?
|
31
FanError 2013-06-19 09:37:06 +08:00
BuyVM好像也是SolusVM呀,没影响?
|
32
tititake 2013-06-19 09:48:23 +08:00
中招,到现在还是没法管理vps。
Virtual Server Control Status: Unavailable |
34
webflier 2013-06-19 10:14:22 +08:00
RamNode和ChicagoVPS都有我的vps。
其中RamNode挂了8个VPS,点背到极点~~~ |
35
jqw1992 2013-06-19 19:07:20 +08:00
我的也是...网站主题被人删了...
|
36
manoon 2013-06-19 22:55:59 +08:00
压力不大。。。很庆幸,上周有把所有VPS上面的数据备份了一下。哈哈。
|
38
sopato 2013-06-20 09:44:16 +08:00
哗~~~看来是大时间,强烈关注。
|
40
ibudao 2013-06-20 15:07:36 +08:00
应该是solusvm面板的0day漏洞引起。今天折腾起我在123systems上的vps,突然发现控制面板上不去了,于是发了个ticket过去,得到如下回复:
The exploit from 6/16/2013 has been patched by the software distributor, however, numerous reports are still stating that there are several other zero day exploits currently unknown to the software distributor and are still unpatched. 详见:https://www.123systems.net/policy.html |
41
pubby 2013-06-20 15:31:38 +08:00
额,123systems有没有沦陷啊,上面还有好几个vps
|
42
bearqq 2013-06-22 01:44:41 +08:00
@vibbow 可以求个裤子么。。想了好久还是来做伸手党了。因为之前在chicago上用过一段时间,后来扔了。当时root密码和我现在好多账号包括vps密码是同一个,如果裤子里还有的话。。。
|
44
tititake 2013-06-26 20:40:52 +08:00
现在你们的vps可以管理了吗?我怎么在 hxxps://billing.chicagovps.net/clientarea.php?action=products 找不到管理入口?邮件里面说应该有个"Virtual Server Control"。死活没找到。。。
|
45
vibbow OP @tititake 我发了Ticket,在排队等装回Ubuntu,现在是CentOS...
现在是在WHMCS里管理了,只能进行简单的开关机改root密码,更高级的诸如重装系统之类的需要发ticket |
46
tititake 2013-06-27 10:15:02 +08:00
|
48
vibbow OP |
50
vibbow OP @tititake 脱裤数据库,直接查询xpath://td[3][.='vps']/../td[6][.='1024 MB'] ,结果就一条。
|
52
tititake 2013-06-27 11:20:13 +08:00
|
55
ElmerZhang 2013-06-27 14:22:17 +08:00
@binux 我全Yes,买了个最小的VPS翻墙用的
|
56
tititake 2013-06-28 21:09:51 +08:00 via Android
再问个问题,chicago vps有说什么补偿方案吗?还是就这么过去了?
|