Ramnode's SolusVM was hacked earlier and attempting to log in gave you a list of every single subsciber's email address, name, and root password (plain text) to their VPS as well as IP address. Source: http://www.reddit.com/r/webdev/comments/1gga3n/ramnode_hacke...
there's apparently a running joke for the less ethical types on lowendtalk to go around pwning people's sites and pretending to be robertclarke. He even got swat'ed the other day. Having read robertclarke's previous posts and knowing his ignorance of even basic Linux system administration, pretty sure he's just on the unfortunate end of an immature joke.
Honestly the usage of SolusVM, WHMCS etc (i.e. things written in PHP which have no business being written in at least, the way a PHP typically is written) has been the main security problem of the entire industry.
We need more things like OpenStack out there -- competently designed and implemented toolstacks that actually work correctly and have a remotely acceptable security model.
It's a nightmare for them and I'm sure they'll lose customers over it, but I'm staying when two days ago I was planning on canceling my vps due to underuse.
It was ridiculously fast for a vm (>700MB/s with vpsbench, all tests), but the $5/mo Digital Ocean instances were fast enough with PostgreSQL/Sphinx that none of my (free) users were complaining. I like Digital Ocean, I'm keeping some stuff over there, but I appreciate Ramnode's transparency & dedication during this. It doesn't hurt that they're probably going to be constructively paranoid now that they've gotten burned. This is one of those things my partner saw all the time running a restaurant - screwups are unavoidable, but handling them well can actually get you a loyal customer.
Sigh. I'm glad I didn't give them any billing information (monthly invoice paid each time via Paypal). It's not clear to me how/why root passwords are compromised by this exploit; anyone care to elaborate?
It's talking about the auto-generated root password that gets emailed to you upon creation of your VM initially. Most everyone would, hopefully, have changed his/her root password manually, upon receiving it in email via cleartext.
I'm getting conflicting reports about the passwords. Were these plaintext passwords ONLY the autogenerated ones, or are there other passwords that have been compromised as well. Also, has anyone been able to get a list of everything that was displayed on the page?
http://localhost.re/p/solusvm-11303-vulnerabilities
http://www.webhostingtalk.com/showthread.php?t=1276286
If you use SolusVM: http://blog.soluslabs.com/2013/06/16/important-security-aler...
"We are working to get things back online. We were hit with a SolusVM exploit late last night." (https://twitter.com/RamNode)
Happy Father's Day!