SolusVM Vulnerability -- Extremely Critical

Portal Home > Knowledgebase > Articles Database > SolusVM Vulnerability -- Extremely Critical

Posted by Steven, 06-16-2013, 04:12 AM
I just got passed a link via a PM to this as I was going to bed. http://localhost.re/p/solusvm-11303-vulnerabilities Its quite serious. Last edited by Ash; 06-16-2013 at 09:47 AM.
Posted by UNIXy, 06-16-2013, 04:33 AM
So disappointing - poor squirrel...
Posted by PLE, 06-16-2013, 04:44 AM
Ouch! I thought that SolusVM was encoded with ionCube? deleteid is a numeric value? In this case the following workaround should help:
Posted by Steven, 06-16-2013, 05:11 AM
Reports it affects all versions including beta.
Posted by RobertClarke, 06-16-2013, 05:42 AM
I don't think the central backup tech is used anymore, so that file can be deleted straight up. This is a zero day SolusVM bug though, tested on all versions.
Posted by Martin-D, 06-16-2013, 05:48 AM
I have spoken to Phil this morning (on the phone now actually) and he's told me he'll get a patch released shortly.
Posted by harget, 06-16-2013, 06:13 AM
It was only a matter of time.
Posted by Martin-D, 06-16-2013, 06:20 AM
Confirmed with Phil that simply removing /usr/local/solusvm/www/centralbackup.php will clear the vulnerability.
Posted by George_Fusioned, 06-16-2013, 06:43 AM
The 1.14.00 betas are probably affected too, so Martin's suggestion to remove /usr/local/solusvm/www/centralbackup.php applies to everyone.
Posted by Atlanical-Mike, 06-16-2013, 07:08 AM
Wowcha who runs that site is on a roll today Thanks for posting about it because I wouldn't of checked it since they found Kevin's exploit.
Posted by cloudrck, 06-16-2013, 08:39 AM
I believe it does, but regardless Ioncube just makes it more difficult to view the source, it's not too difficult to reverse engineer. I don't understand how software developers can be so lazy, must be due to their software being encoded, they have a false sense of security.
Posted by sosys, 06-16-2013, 08:41 AM
thanks. chmod 000 for centralbackup.php now
Posted by ServeByte, 06-16-2013, 08:44 AM
Roflcopter indeed. Poor SQL code. Edit: Let me elaborate... any website not using prepared SQL statements for user input is asking for trouble. Last edited by ServeByte; 06-16-2013 at 08:47 AM.
Posted by SeriesN, 06-16-2013, 08:47 AM
It is sad that Ramnode got hit big time
Posted by Patrick, 06-16-2013, 09:03 AM
Absolutely. There are websites where you can pay to have ionCube files decoded and if you're talented enough, you can even roll your own system to do it all for you. It's not something an "average" user can do but then again, it's not usually average people finding or seeking out these kinds of flaws. I'm with you though, whether no one sees the code or everyone can see it, there is simply no excuse for such an easy SQL injection to happen. Using prepared statements for POST requests is like SQL 101... if people can't grasp such a basic concept they shouldn't be writing software until they can. Not only does such shoddy code make a developer look bad, in this case it's easily put countless people at risk.
Posted by suhailc, 06-16-2013, 09:03 AM
Does this affect SolusVM where the master node is separate to slave nodes where customer VMs reside?
Posted by DeltaAnime, 06-16-2013, 09:05 AM
YES. The exploiter gains full root to your solus master. DELETE THE FILE Francisco
Posted by suhailc, 06-16-2013, 09:06 AM
Answered my own question:
Posted by TazHost, 06-16-2013, 09:19 AM
Just recieved this email from SolusLabs There sure has been quite a few security flaws being found lately in all of the major popular software's that host's use. Glad to see SolusLabs are fast! Props to Phil over there! Last edited by TazHost; 06-16-2013 at 09:26 AM.
Posted by cloudrck, 06-16-2013, 09:23 AM
With this exploit?
Posted by SeriesN, 06-16-2013, 09:27 AM
Unfortunately yes .
Posted by TazHost, 06-16-2013, 09:28 AM
Just saw this thread. I posted a thread like this (soluslabs mass emailed every license holder. I posted it inside the hosting control panel center I posted Soluslabs was fast to email all that out. This is the email i got from SolusLabs Dear PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSION OF SOLUSVM, INCLUDING BETA VERSIONS. In the last few hours a security exploit has been found. This email is to inform you of a temporary fix to eliminate this exploit whilst the issue is patched and transferred to our file servers for release. Instructions: You will need root SSH access to your master server. You are then required to delete the following file: /usr/local/solusvm/www/centralbackup.php Example: rm f /usr/local/solusvm/www/centralbackup.php Once the file is deleted the exploit can no longer be used. This file only exists on the master server and the slaves will not be affected. You will receive a follow-up email once the patch versions are available. Regards, Soluslabs Security Team
Posted by Afterburst-Jack, 06-16-2013, 09:28 AM
Yes. ~5000 VM logins compromised, ~55 host nodes IP, SSH port, ID key password, and their entire client database leaked. Last edited by Afterburst-Jack; 06-16-2013 at 09:34 AM.
Posted by suhailc, 06-16-2013, 09:29 AM
Does look that way, what with over 50+ VPS server nodes showing as offline.
Posted by Grinny, 06-16-2013, 09:37 AM
Greatly disappointing, have two servers with ramnode, whilst working on some plugin testing for my services... Nek minnit, IT GONE!
Posted by cloudrck, 06-16-2013, 09:44 AM
Jumping jehosephat, glad I moved away from SolusVM
Posted by suhailc, 06-16-2013, 09:52 AM
What did you move to?
Posted by cloudrck, 06-16-2013, 09:52 AM
Proxmox VE, open source so I can see what I'm running. Need to be decent with Debian as it doesn't hold your hand. Last edited by cloudrck; 06-16-2013 at 10:00 AM.
Posted by Awmusic12635, 06-16-2013, 10:23 AM
This is bad. Removed the file from us
Posted by klisja, 06-16-2013, 10:38 AM
Client database = WHMCS database or just things visible to Solus?
Posted by TmzHosting, 06-16-2013, 10:42 AM
I believe this should only compromise the SolusVM DB, now WHMCS. - Daniel
Posted by techjr, 06-16-2013, 10:51 AM
Their site is down too. I don't want to come to any assumptions with a good company like they are but it almost seems like their site was also one one of their vms. So compromising the master etc could have potentially gotten the exploiter a hold of whmcs too. Haven't heard of any announcements from them though so I can't say if their WHMCS was taken. But if it was, that would be my first assumption on what caused it.
Posted by PersonalJ, 06-16-2013, 10:51 AM
Thanks for posting this Steven. Time to look at proxmox a bit more. Last edited by PersonalJ; 06-16-2013 at 10:56 AM.
Posted by TmzHosting, 06-16-2013, 10:51 AM
If their website was hosted on one of the VM's then your statement would be completely true. - Daniel
Posted by Afterburst-Jack, 06-16-2013, 11:02 AM
Just solus I believe
Posted by Steven, 06-16-2013, 11:26 AM
Completely depends. Depending on how the host setup their stuff, and how smart the attackers are.. its possible.
Posted by chukchuk, 06-16-2013, 11:29 AM
Dammit! that's why my vm with ramnode is offline.
Posted by helpman, 06-16-2013, 11:29 AM
Thanks for letting us know here first.Ramnode got hit badly.Still down
Posted by TazHost, 06-16-2013, 11:36 AM
Host 1 Plus just got hit by this.
Posted by chukchuk, 06-16-2013, 12:13 PM
Why would they write vulnerable code like that. When I code anything I always think all of the what ifs even if no one will be able to see my code.
Posted by cloudrck, 06-16-2013, 12:17 PM
There problem is, people can see your code if they want to, regardless if you use ioncube.
Posted by chukchuk, 06-16-2013, 12:22 PM
I know, as long as your computer/server can execute your code then you can still reverse engineer it.
Posted by Skylar MacMinn, 06-16-2013, 01:32 PM
Just got this email update:
Posted by Coolraul, 06-16-2013, 02:14 PM
Unfortunately no software is perfect. At least they patched quickly but it furthers my belief in the work that researchers do to find and alert vendors. Imagine if this had been found BEFORE Ramnode and others got hit by it. A lot of problems would have been avoided. While even audits are not perfect I think vendors as a matter of course should have an independent PEN test. I bet it wouldn't cost much to get that done.
Posted by Steven, 06-16-2013, 02:17 PM
The attitude of the company matters a lot.
Posted by cloudrck, 06-16-2013, 02:27 PM
You're very generous, but no one said it had to be perfect, just free of lazy coding that cause mass damage. Having a good attitude after the fact doesn't help their programming security. Last edited by cloudrck; 06-16-2013 at 02:34 PM.
Posted by Atlanical-Mike, 06-16-2013, 02:27 PM
I agree, this is the way to do it not like the other thread. It shows they care about their customers and that means customers trust them and will continue to use them.
Posted by PowerNode, 06-16-2013, 03:09 PM
I'm glad i got the email a few hours ago, what a horrible mess it could of been.
Posted by ServerWholesale, 06-16-2013, 05:40 PM
VERY disappointed, too many vulnerabilities and too critical for commercial mature code. Thank Steven for the link.
Posted by ServerWholesale, 06-16-2013, 05:45 PM
to what did you move ? Just saw it, Promox, thanks Last edited by ServerWholesale; 06-16-2013 at 05:51 PM.
Posted by ServerWholesale, 06-16-2013, 05:51 PM
Totally agree, Ioncube is no cure for bad code.
Posted by Coolraul, 06-16-2013, 08:44 PM
ok? I am not clear if it was lazy coding. Yes having a good attitude helps. When problems occur and they do in all OS's and applications having an attitude that is biased to action and closing security holes is good. It is much better than the alternative.
Posted by Afterburst-Jack, 06-16-2013, 08:48 PM
It really should have been found when centralbackup.php was added to the main branch. Non-escaped SQL + exec() calls should never be done in a public release. All it would have taken was a intval call and most/all of this would have been harmless.
Posted by fierce510, 06-16-2013, 09:22 PM
SQL shouldn't even be escaped, mysql_* is deprecated and no one should have been using it, no one should have been using it when solus first came out already..
Posted by cloudrck, 06-16-2013, 09:41 PM
Have you not seen the code in question?
Posted by xvarcoe, 06-16-2013, 09:44 PM
Thanks for the heads up. Patched it earlier after reading about RamNode being hacked.
Posted by Coolraul, 06-16-2013, 10:13 PM
No.. 10chars
Posted by DewlanceHosting, 06-17-2013, 07:59 AM
You can see decrypted password of users by using this vulnerability? This affect only Openvz or all type of virtualization users?
Posted by cloudrck, 06-17-2013, 08:02 AM
It has nothing to do with the virtualization technology used. All of the data (passwords, email, etc) are stored in SolusVM DB. So to answer your question, every user of SolusVM is at risk regardless of whether it's OpenVZ/Xen/KVM
Posted by Richboos, 06-17-2013, 08:17 AM
1 Agree Of course I'm a little biased as my affected VPS was turned back 7 days to what I assume was the most recent backup.
Posted by WebHostDog, 06-17-2013, 12:29 PM
SolusVM was pretending they are secure ... Seems not that much after yesterday ...
Posted by CH-Jeffrey, 06-17-2013, 04:06 PM
If anyone is curious to see who ran the exploit towards RamNode, please view this thread over at LowEndTalk - http://lowendtalk.com/discussion/111...lnerability/p1 People believe it was Robert Clarke, a 15 year old teenager in Seattle who runs http://servercrate.com.
Posted by UNIXy, 06-17-2013, 05:13 PM
There's no such thing as absolute security. There will always be someone to outsmart the smartest guy ad infinitum. But it doesn't mean you can't do your utmost best to secure a system. This is one sad study case where actions taken can have dire consequences. Yes, go ahead and "stick it to the man." Post an exploit online without due diligence and proper disclosure. That'll teach them! And you decimate someone's livelihood overnight. Not that anyone cares, right? Is this what security is about?
Posted by thedediguy, 06-17-2013, 09:16 PM
Someone has mentioned releasing 3 more vuns today at some point, hopefully we will see if it is a true vun or not.
Posted by FiberFy, 06-17-2013, 10:48 PM
And those providers paying and trusting that man, will have their clients getting hacked ;-) that makes sense, doesn't it? Oh come on. You're feeling sorry for someone who simply does not care and has proven it in this very same thread
Posted by techjr, 06-17-2013, 10:54 PM
Multiple Virtualization panels out that I can't imagine it being too much of an issue moving away from SolusVM if people find it's needed. From what I hear Virtualizor has the same features as Solus if not more. No clue if that will be still true once v2 of solus is released though. Paying a few bucks more is worth the piece of mind and I can't imagine those fees to be enough to cause a host to close down.
Posted by Steven, 06-17-2013, 11:31 PM
Since you are obviously trying to take a stab at me. How dare you offer a no hack guarantee then? How dare you advertise that your customers will never get hacked? ... when you state that there is no such thing as a absolute security. Before you make statements like this, think very hard about what you sell your customers and how your statement contradicts what you sell. Like I have been saying, there is no such thing as unhackable or as you put it 'no hack', you are only hack resistant. Last edited by Steven; 06-17-2013 at 11:36 PM.
Posted by Steven, 06-17-2013, 11:39 PM
Virtualizor is sort of a scary solution. The solusvm exploit allowed the escalation of privileges due to a suid binary.. while Virtualizor actually runs most of the frontend php as the root user so an exploit in it from a file modification to executing commands is potentially bad news.
Posted by UNIXy, 06-17-2013, 11:41 PM
I'm not defending the software vendor. I'm upset at how vulnerabilities are being irresponsibly disclosed. That's all. A responsible security researcher worthy of respect is one that follows due process; who you almost never hear about; doesn't go around wanting to take "credit" for discovering a vulnerability; doesn't need attention from the community, etc. There are good folks doing great work and are so altruistic they don't leave a trace and not even a name. They just want to live in a better net/world by getting things done.
Posted by UNIXy, 06-17-2013, 11:48 PM
I wasn't implying anything about you with that comment. I'm not sure how you came to that conclusion. I don't think I'm saying anything new either.
Posted by Steven, 06-18-2013, 12:26 AM
Responsible disclosure is good, I will not disagree.... but responsible disclosure as you describe it also has cons. There are so many exploits that are reported to vendors where the vendor doesn't tell their end users to update. They silently patch it. As a result there are lots of people vulnerable to exploits because they did not patch it or feel the need to upgrade because the company didn't tell anyone they needed it. Lots of people are compromised like this, and don't even know what the actual problem problem was. Common practice is people upgrade after the fact just to be safe not because there was an actual problem they were aware of. We had found a vulnerability in a software a few years ago, it was patched silently with no details in their change log. For 2 years I encountered servers that were still vulnerable and the people have no idea they were.. A large number people only upgrade when its security related, for various reasons. Many people will turn off auto updates to prevent being compromised if a vendor is compromised and wait until they release a security related update.
Posted by ccalby, 06-18-2013, 06:29 AM
SolusVM need to get their asses in gear and realize that if they are producing such a software it needs to be constantly audited. Apparently another exploit has been discovered according to an email from my host. I, as a programmer, understand security vulnerabilities happen; but such a simple SQL injection should not happen. They should have an SQA team and audit all their major realizes. Severely disappointed in SolusVM and won't be using them anytime soon.
Posted by TmzHosting, 06-18-2013, 07:43 AM
Yes, it does seem like there is another exploit from various of reports. We have completely disabled SolusVM, until we get an update from them on whats going on. - Daniel
Posted by cloudrck, 06-18-2013, 10:11 AM
What reports?
Posted by MannDude, 06-18-2013, 10:15 AM
On vpsBoard I have been PMed by a member asking permission to post the decoded source of SolusVM and the exploits he has found. I told him not to, and to contact SolusVM if he has found additional exploits. ChicagoVPS claims to have patched for the original exploit, then yesterday on the 17th they were hacked, DB stolen and data destroyed. SolusVM supposedly has not received any word of any further exploits despite what I have been told and what was mentioned in a thread on LET. Right now there are atleast 20+ providers who have disabled SolusVM as an extra precaution until everything gets figured out.
Posted by cloudrck, 06-18-2013, 10:18 AM
Interesting
Posted by MannDude, 06-18-2013, 10:23 AM
Basically, you've got people saying one thing and SolusVM saying another. I honestly do not know who to believe. All we know is it's a messed up situation and hopefully it gets resolved ASAP before more providers are impacted negatively.
Posted by Alinaro, 06-18-2013, 10:33 AM
100%, I am questioning myself in whether to give with Solus after such a disaster..
Posted by Skylar MacMinn, 06-18-2013, 10:38 AM
Unless there is a better alternative, I'm locking down access to the master and using the ModulesGarden Solus module for the client frontend. It's still in beta but it's 100% functional minus a few tidbits. Was planning to move everything to a fully integrated billing area anyways, looks like this just speeds that process up a bit. Maybe now's a good time for another panel to step their game up and really get involved in the VPS panel market.
Posted by cloudrck, 06-18-2013, 10:41 AM
Not to defend anyone, but this is why people post exploits publicly. SolusVM can say anything they want until someone exposes them. I never saw what was so appealing about SolusVM, except that it's easy for anyone to start hosting with little to no expertise. I personally tend to stay away from these types of panels.
Posted by Alinaro, 06-18-2013, 10:49 AM
Looks good, Best of luck Skylar. I don't know wheter there is another Virtulization platform as cheap and straight forward as solus.. There's Virtpanel, But they need to step up there game i'd say.. Could be a chance for them to shine? Maybe..
Posted by ZKuJoe, 06-18-2013, 11:16 AM
Just throwing this out there for those providers who want to keep SolusVM online while blocking direct attacks: http://vpsboard.com/topic/760-how-to...ts/#entry11242 Additionally if you're interested in joining myself and a few other VPS providers in financing a SolusVM replacement, send me a PM and I'll provide the details if you meet the criteria.
Posted by web-project, 06-18-2013, 07:50 PM
from URL: http://blog.soluslabs.com/2013/06/18...urity-rumours/ I can't believe that it's second time happened to VPS control panels, as first one was hypervm, some facts from the past: http://www.theregister.co.uk/2009/06/08/webhost_attack/ http://www.geek.com/news/lxlabs-boss...m-hack-802132/ http://abneru.wordpress.com/2009/06/...0k-sites-lost/ http://www.web2secure.com/2009/06/ze...in-lxlabs.html Are these companies are using the same coders?
Posted by Steven, 06-18-2013, 08:02 PM
For what its worth, they can patch for it but from what I read it was done a at least a hour after it came out. That is enough time for someone to hit the server, place in a backdoor, and leave. So my question is, did they perform a real audit on the server rather than just checking for the presence of rofl.php. Or maybe the file was there still... it could be named anything and placed in a sub folder aswell.
Posted by TmzHosting, 06-18-2013, 08:03 PM
I PM'ed you. I am very interested in doing this ASAP. - Daniel
Posted by TmzHosting, 06-18-2013, 08:09 PM
It seems like someone is DDOSing lowendtalk now. - Daniel
Posted by BrianHarrison, 06-18-2013, 08:23 PM
Prepared statement *and* input sanitization. Prepared statements don't do anything for you if you, for example, allow users to store values like for their full name. Thanks for the heads up on this Steven.
Posted by Computaholic, 06-18-2013, 08:38 PM
One solution is getting the module garden addons and integrating them with WHMCS, that way you can fully control the VM from WHMCS and cant temp disable solus
Posted by brianoz, 06-18-2013, 09:05 PM
Let's not get into a feeding frenzy here about replacing SolusVM. How do you know your solution will be better? Any system can be hacked and a new implementation is going to be twice as vulnerable unless you really know what you're doing. It's really important here to understand that security is getting harder and needs a lot more thought. This all raises a critical general point. The failure here is the lack of layers in security. Nobody will every write code that is 100% secure and that needs to be an assumption built into any system that regards itself as secure. Unless you have layers, cross checks and balances, you can never guarantee security. Dan Bernstein got this right long ago when he released qmail and djbdns - the parts needing secure access were isolated into small, secure apps that serviced the other parts which ran with very little privilede. Much harder to break in with a structure like this, and djb's solution is not the only valid methodology. While djb has been perceived as a little strange, there's a lot to learn from his wisdom and approach and he changed the face of the internet forever (hotmail ran on qmail initially, crypto export regulations, etc). In this case, though I haven't seen the code, the exploit vector here does sounds like a sloppy mistake and probably something that shouldn't have happened. I'd be more interested, though, in assessing whether this is a one-off (file committed into release tree) or a more systemic failure. I'd also be interested to see whether SolusVM comes to the party in terms of making some real honest commitment to getting things right. Sometimes a vendor needs to get it wrong before they get it right. Let's see what happens. In this market space, there can be no doubt they can't afford to keep on getting it wrong. Last edited by brianoz; 06-18-2013 at 09:10 PM. Reason: quote, expand a little
Posted by filemedia, 06-18-2013, 09:26 PM
Update to the new Version, new security fix: Solusvm 1.13.05 or 1.14 Beta 5: This is an important security fix. You are encouraged to update as soon as possible. A full detailed report will be published at a later date.
Posted by Afterburst-Jack, 06-18-2013, 09:31 PM
The first of several, I'd imagine. At least its looking like they might actually be running an audit now.
Posted by Awmusic12635, 06-18-2013, 09:32 PM
At least they found something
Posted by Vinayak_Sharma, 06-18-2013, 09:48 PM
Got email form them. But how come Latest Stable Version: 1.14.00 R5 Latest Beta Version: 1.13.05
Posted by Awmusic12635, 06-18-2013, 09:53 PM
What part is confusing?
Posted by ServerZoo, 06-18-2013, 09:56 PM
well, good to hear that they are now doing "external" audition
Posted by Vinayak_Sharma, 06-18-2013, 09:57 PM
Are they going in reverse order.
Posted by Awmusic12635, 06-18-2013, 09:58 PM
It is a mislabel then. The beta version is 1.14, stable is 1.13
Posted by BrianHarrison, 06-18-2013, 10:26 PM
External auditing, and I wouldn't be surprised if they've brought on the Rack911 folks.
Posted by technut, 06-18-2013, 10:32 PM
Hi, we just received this email notice: ======================================= Soluslabs Ltd Wednesday, June 19, 2013 03:06:42 AM GMT 0 PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSIONS OF SOLUSVM, INCLUDING BETA VERSIONS. As you may be aware we are currently running a full in house and external code audit. This release contains several important security fixes for all versions of SolusVM. We highly suggest you update your system as soon as possible. Updates are available through the normal channels. Latest Beta Version: 1.14.00 R5 Latest Stable Version: 1.13.05 Please be aware the audit is still underway and more updates may follow. Thank you for your co-operation and understanding. Regards, Soluslabs Security Team 2008-2013 © Soluslabs Ltd. All Rights Reserved Please add us to your safe senders list to ensure you keep receiving these emails. ===================================================
Posted by ServerZoo, 06-18-2013, 11:43 PM
looks like it will take time to end...
Posted by BrianHarrison, 06-18-2013, 11:59 PM
A patch has already been issued by SolusVM.
Posted by technut, 06-19-2013, 12:03 AM
This must be the year of SQL injection's
Posted by ServerZoo, 06-19-2013, 12:05 AM
Solusvm:: ** Please be aware the audit is still underway and more updates may follow. **
Posted by ServerWholesale, 06-19-2013, 12:43 AM
I am not so sure that is the way to go, you could be very well multiplying the insecure factor by 2, now from where I am sitting and not defending Solus, other software vendors with vulnerabilities have not been trampled as hard by the community because the vulnerable code ( which is really just bad/poor/lazy code ) has not been revealed as in the case, for all we know other vendors flaws could have been much worst. As for any provider that still has Solus admin up and or accessible is simple, don't, if it had such critical vulnerabilities, 99% chances it will have others. Now having said that, I have to say Solus worked for me, I mean it solved things, I am more disappointed then upset about this whole thing.
Posted by ServerWholesale, 06-19-2013, 12:48 AM
I honestly think who ever disclosed this did all of us a favor, the bad scenarios are too many to be even considered, every single Solus vps in the world could have been wiped by now. Could it have been better handled to suit us Solus clients, yes, did the discloser had any obligation to try and get this sorted internally with Solus, I don't think he did, is not like he is a payed employee/contractor of Solus or ours. Whoever you are masked man, thanks. Last edited by ServerWholesale; 06-19-2013 at 12:59 AM.
Posted by ServerWholesale, 06-19-2013, 01:45 AM
100% True. It is really nifty, for very little I can worry about aspects other then the provisioning / re-provisioning itself, coding this myself would burn time I use in other areas, at least that was the reasoning at the time, now I am not really sure anymore.
Posted by LittleApps-Nick, 06-19-2013, 02:18 AM
I got 5+ emails today from all my different VPS providers telling me their SolusVM has been taken offline. I'm (sort of) glad this time around that SolusLabs was able to pick up the security flaws before someone else (erm... ServerCrate) finds them and uses them against someone else (erm... RamNode). I can't believe how lazy programmers are these days that they can't sanitize the input using something so simple as mysql_real_escape_string(), it's unreal!
Posted by Alinaro, 06-19-2013, 04:46 AM
http://www.downforeveryoneorjustme.com/lowendtalk.com - Looks like they are down too.
Posted by Steven, 06-19-2013, 04:51 AM
Word in the lowendbox irc channel is there is a large attack occurring again.
Posted by xvarcoe, 06-19-2013, 05:00 AM
http://vpsboard.com/topic/785-is-whm...-be-exploited/ Thats also something people may want to be worried about or read. Steven do those vulnerabilities exist or is this guy just trying to scare people?
Posted by NeonBlock, 06-19-2013, 05:32 AM
My VPS provider has disabled the whole SolusVM control panel? Do you think this is a reasonable action?
Posted by techjr, 06-19-2013, 05:55 AM
Very reasonable until the recent exploits are patched and companies can make sure nothing else is at risk. I'd rather a host disable the control panel if they can manage without it if it means customer information and nodes aren't getting hacked/stolen. Your VPS provider should still be able to reboot your VPS and things like that manually.
Posted by lazyt, 06-19-2013, 06:08 AM
Looks like vpsboard is down right now. All I get is cloudflare.
Posted by Alinaro, 06-19-2013, 06:22 AM
Looks like it's back up now, Seems under control..
Posted by moracco, 06-19-2013, 07:41 AM
Removed the /usr/local/solusvm/www/centralbackup.php and working. Its a temporary solution
Posted by Patrick, 06-19-2013, 09:45 AM
I don't usually answer for other people, but since I work with Steven... we have nothing (factual) to report ATM and anything else we say would just be contributing to rumors. There's been times where we have audited some random software and came up with nothing, then a week later some obscure flaw is found by someone else and we're like oh damn, now I see it... Finding security flaws isn't always a clear cut, there's a whole thought process that goes into it and sometimes different minds will see different things. (The SolusVM exploit was very clear cut to anyone with a clue, unfortunately, we didn't have the source code at the time...)
Posted by EthernetServers, 06-19-2013, 11:04 AM
For the old vulnerability, yes. Perhaps you're a little behind, there's been several more security flaws found since then: http://blog.soluslabs.com/2013/06/19...usvm-versions/ We haven't put our SolusVM installation back online yet, and looking at several other providers, same story with them. Not planning on doing so until SVM make a further announcement stating the audit is complete.
Posted by Nick A, 06-19-2013, 02:38 PM
Same. Manual requests at this time only.
Posted by Matthew_B, 06-19-2013, 02:44 PM
We are also doing the same at the present time, waiting for the all clear at the moment.
Posted by fraghost, 06-19-2013, 03:43 PM
Are you all completely shutting down your masters or placing in maintenance mode?
Posted by NYCServers-Nick, 06-19-2013, 03:49 PM
We've placed firewall rules dropping all incoming connections to our master other than the ones coming from admins and our billing/support server.
Posted by WPCYCLE, 06-19-2013, 06:41 PM
I think I mentioned this in another thread. I'm surprised from some of the comments I've seen between people and Solus over the last few years asking if they should firewall or add some form of security to the master and nodes, and Solus WILL tell people do not install any type of security or any other software within the server using their product. How long did they think that type of advice would stick?!?!?!?!
Posted by fraghost, 06-19-2013, 06:49 PM
Another solus update available. Minor update. Last edited by fraghost; 06-19-2013 at 06:53 PM. Reason: Minor
Posted by cloudrck, 06-19-2013, 06:50 PM
That's one of the reasons I left, I remember opening a ticket related to an issue I was having, and the first thing they asked me if I had my firewall turned off.
Posted by NYCServers-Nick, 06-19-2013, 06:54 PM
I never really got that either. It's necessary to take security measures and even more so if you're a hosting provider. From what I can tell it just fixes the hostname "error" that it created in the last patch. Last edited by NYCServers-Nick; 06-19-2013 at 07:02 PM.
Posted by George_Fusioned, 06-19-2013, 07:26 PM
The thing is that R5 already changed all single-word hostnames to vps.server.com - this doesn't reverse the changes, it's only for future VPS deployments.
Posted by NeonBlock, 06-20-2013, 03:47 AM
Just letting you guys know the following which has been happening on LET. An announcement from RamNode was soon released and it was confirmed that Robert Clarke, founder of ServerCrate, was behind the initial breach of security at RamNode via the exploit. “As you are all aware, this has been a nightmare for [us]. Robert Clarke ran the SolusVM exploit on our control panel early this morning. Someone, him or else, then logged into several nodes and wiped the data.” Members of LowEndTalk did post findings that correlate with the above statement that Robert Clarke was behind the attack/intrusion. Evidence such as IP-matches & even confirmation that the IP was indeed Roberts’ home network (via the welcome page for a HP media server which clearly stated “Robert’s Pictures” with the hostname ‘clarkeone.homeserver.com’) – not especially good news considering Robert’s previously dubious history and not so great reputation in the industry. While Robert has admitted to the initial “testing” of the exploit he still protests his innocence and vehemently denies doing any of the damange. Whatever the case, we wish every host the best of luck in dealing with the aftermath of this shocking exploit, and commend RamNode for their quick response & level headed handling of the situation.
Posted by NeonBlock, 06-20-2013, 03:49 AM
And make sure you NEVER buy hosting from this provider: ServerCrate. And I suggest it gets put on shameless hosts possibly? @KMyers?
Posted by ServeByte, 06-20-2013, 03:49 AM
I hope RamNode are pressing charges against Robert Clarke. That kind of obscene behaviour deserves punishment.
Posted by NeonBlock, 06-20-2013, 04:30 AM
Above, Agreed.
Posted by FRH Lisa, 06-20-2013, 09:36 AM
Is anybody else getting "Debug Data: 5 could not send the HTTP request: Could not execute the request: couldn't connect to host" after upgrading to today's version? It's throwing this when I try to modify a node.
Posted by TmzHosting, 06-20-2013, 10:51 AM
We havent upgraded to the latest version yet. It's simply offline still. - Daniel
Posted by Skylar MacMinn, 06-20-2013, 10:51 AM
We still have ours "offline" to clients but did the upgrade, not having any issues with it.
Posted by FRH Lisa, 06-20-2013, 11:07 AM
Good. Maybe it was something unrelated. Given the recent issues, I wanted to toss it out there just in case. In any event, the SolusVM techs managed to fix the issue. No explanation yet and all the usual culprits looked fine.
Posted by ServerZoo, 06-20-2013, 11:53 AM
we are offline still, when can we open it up!?
Posted by EthernetServers, 06-20-2013, 02:46 PM
The SolusVM code audit is still underway, I'd wait till that's complete at minimum. It's not that hard to cope without it IMHO, just allow your staffs IPs and billing system IP to connect to it.
Posted by EthernetServers, 06-21-2013, 03:14 PM
Haven't heard anything more about this recently, no word from solus. Does anyone know if the code audit is complete?
Posted by WebHostDog, 06-21-2013, 04:12 PM
They always say "... is not a big deal"
Posted by techjr, 06-21-2013, 04:24 PM
Are there any links of the progress going on and the patches? I see posts and the blog of them working on it but it just seems vague to me. Also, could this have been prevented with common general secure coding practices or is there something more to it? People keep saying more than 1-2 exploits are out now but I can only find the main one from localhost.re
Posted by Steven, 06-21-2013, 04:40 PM
Yes. Common secure coding practices would have prevented the localhost.re exploit from existing.
Posted by ServeByte, 06-21-2013, 04:50 PM
I think the majority of you don't understand exactly how badly that code was written. It's one thing to have an SQL exploit. It's another thing to not escape any input into a shell command.
Posted by AlphaVPS - Alex, 06-21-2013, 06:54 PM
Are we the only once that have blocked access to our SolusVM panel? I've been sent some code snippets from SolusVM's code a couple of days ago and as far as I am aware there are multiple other exploitable things that SolusVM never looked at, even after beeing pointed in a ticket. It's a pain to serve hundreds of customers through a ticket for OS reinstalls and such and except 2 emails days ago, I haven't heard anything from the developers yet. Actually, a couple of months ago when another exploit popped out, didn't they have full code audit, ever performed from a 3rd party company, or atleast a code audit from them? Or am I mistaking solusvm with whmcs? Alexander
Posted by techjr, 06-21-2013, 07:17 PM
Thanks for the info. I sure as heck don't know how bad the code is. I'm getting into php myself currently and only really know about make safe, stripping characters, use post instead of get, escape strings and such. But still not nearly enough to see bad code. I feel it's unfortunately necessary to learn proper coding and such now so I can spot it before placing something on my server or for clients that is potentially unsafe. At the same time it's unrealistic to expect every single web host to do this so it's inexcusable to have "bad code". The good thing about the recent hacking though is it seems that they are taking proper steps to ensure the code is improved and more secure. Last edited by techjr; 06-21-2013 at 07:25 PM.
Posted by hostydotnet, 06-21-2013, 10:03 PM
this is exactly why you don't post exploits, even if they exist. kevin
Posted by MannDude, 06-21-2013, 11:35 PM
I'm sure he's gotten into some trouble over it. A lot of people were tweeting to his father who is active on Twitter and telling him what had happened. Some threatened to call police. Not sure what happened, that drama kind of got drowned out when CVPS went down.
Posted by EthernetServers, 06-22-2013, 02:43 AM
We did the same, we've had 1 or 2 angry customers, but most were thanking us for taking steps to keep them safe. Not worth risking it.
Posted by EthernetServers, 06-22-2013, 02:49 AM
Posted 2 minutes ago, answers my earlier question: http://blog.soluslabs.com/2013/06/22/audit-update/
Posted by ServeByte, 06-22-2013, 05:51 AM
Just to let you know, the person who told you "use post instead of get" knows nothing about PHP security. It's one of the very simple understandings of how HTTP servers work. POST is no more secure than GET. All it does is make it less convenient for someone to alter the input. In other words, POST can still be altered.
Posted by Atlanical-Mike, 06-22-2013, 05:55 AM
The thing is if you know there's an exploit do something and at least they do unlike some. *cough*
Posted by Steven, 06-22-2013, 11:07 AM
Why don't you spend less time commenting, and more time on fixing the numerous holes in your software.
Posted by phpa, 06-23-2013, 02:14 PM
Serious though any security vulnerability is, surely this wouldn't have affected users if access to the control panel was restricted. Basic browser auth would be one way, though limiting access by IP address would be prudent, preferably at the firewall, but otherwise in the web server configuration. Some applications have to be open to all, but a control panel surely doesn't. So the question in my mind is what failures have led to users having insecure access to SolusVM in the first place? Are users not aware of the risks? Does their host give them no way to lock access down? So there seems to be a bigger failing here than just with SolusVM, and if users of an application are not aware of how to manage risk and the need to lock down their systems and how to achieve this, one has to wonder what other security related problems could there be with their own websites, and with whatever software and/or services they are providing.
Posted by delfinom, 06-23-2013, 02:32 PM
A normal user who pays for the cheapest package to get access to solusvm could go off on a exploiting spree. Locking stuff down only goes so far.
Posted by Skylar MacMinn, 06-23-2013, 02:34 PM
Whitelisting Ips is a start, it at least doesn't give them access to the ACP -- doesn't exactly help with the mentioned exploit as much as I'd like it to though.
Posted by EthernetServers, 06-23-2013, 03:12 PM
Well, tomorrow is the scheduled end of the update, will be interesting to see if there's any further progress. We won't be putting our CP back online to the public immediately, that is for sure. I'm sure there will be lots of script kiddies digging around for holes for a while...
Posted by AlphaVPS - Alex, 06-23-2013, 06:31 PM
http://localhost.re/p/solusvm-whmcs-...-vulnerability - and yet, it continues.
Posted by WPCYCLE, 06-23-2013, 06:47 PM
What in the world. Question...how soon before everyone jumps ship and cripples Solus?
Posted by SeriesN, 06-23-2013, 06:49 PM
I.am leaving internet.
Posted by cloudrck, 06-23-2013, 06:50 PM
I'm surprised people haven't moved by now. Either people are generous, or can't transfer easily.
Posted by Steven, 06-23-2013, 06:51 PM
Where are they going to move to? Other panels are not immune to flaws being found.
Posted by cloudrck, 06-23-2013, 06:53 PM
Something other than SolusVM or Kloxo. There are other solutions if you think outside what's popular on WHT. Though they aren't an out of the box solution like SolusVM. Edit: This looks like more of an issue with WHMCS, or am I missing something? Last edited by cloudrck; 06-23-2013 at 07:06 PM.
Posted by delfinom, 06-23-2013, 07:00 PM
The module exploit is a good one. Takes a little knowledge beyond web scripts to catch that flaw.
Posted by Steven, 06-23-2013, 07:07 PM
The point im trying to make is, moving from solusvm is not going to fix the root of the problem in these software. Any software could lack input validation for example, and people are in the same boat again. With that said, its not a whmcs problem. Solusvm provides the whmcs module.
Posted by cloudrck, 06-23-2013, 07:09 PM
What is the root of the problem in your opinion? Web scripts running as root, or having root privileges?
Posted by Steven, 06-23-2013, 07:10 PM
No. That is not the root of the problem. The problem is many developers who think they are good developers are not good developers at all. --- It doesn't matter what you use, how are you going to know it is secure? Last edited by Steven; 06-23-2013 at 07:15 PM.
Posted by cloudrck, 06-23-2013, 07:24 PM
Look at the source code yourself and do your own penetration testing. Are you saying there is no solution to this problem?
Posted by Steven, 06-23-2013, 07:26 PM
So.. you feel comfortable enough to have found this exploit that was found today and make a working POC for it to prove that it works in your penetration testing attempt?
Posted by tnhadmin, 06-23-2013, 07:30 PM
Steven raised right question here. Where would we migrate if we decide to leave solusvm. SolusVM came into limelight prominently after hyperVM got hacked back in 2009. But now its being victim of vulnerability.
Posted by cloudrck, 06-23-2013, 07:32 PM
I don't use WHMCS or Solus so I can't speak on finding anything in it. But I do know you can do your own work to avoid this problem, not to mention there are people that specialize in this area. You don't seem to be offering any other solution. Except to take SeriesN advice and leave the internet.
Posted by Steven, 06-23-2013, 07:58 PM
It does not matter what software you use. The same question stands regardless of software. This exploit was elgent. It would have been likely overlooked by lots of people. Some type of code issues are not excusible. But some kind of flaws are obsecure. The point im trying to make is... Regardless how how much you want to blame solusvm. There is plenty of other software on the internet with similar if not worse holes. Last edited by Steven; 06-23-2013 at 08:02 PM.
Posted by brianoz, 06-23-2013, 08:38 PM
If you're looking whether to move from SolusVM, I'd be assessing them on the speed of response to the issues rather than just existence of bugs. After all, there have been Linux kernel bugs, were you wanting to move away from linux as well?
Posted by ServerZoo, 06-23-2013, 11:01 PM
em... has solusvm not been aware of this for these "days" ?
Posted by NYCServers-Nick, 06-23-2013, 11:03 PM
1. Exploits are bound to show up sooner or later with just about any software that's out there, as Steven was saying. What's most important though, is how quick they are to get everything patched up. At this point Solus has been saying there will be a patch "shortly" for the past ~2 hours. So we'll see how long this really takes them.
Posted by WPCYCLE, 06-23-2013, 11:24 PM
I can't tell you how many times I've come across this issue when it comes to WordPress. I'm not perfect, but there are some ?!?!?!?!?! Installing 6 WP sites to reflect 6 different custom pages of the same site when it could have been done with 1 installation. They almost deserve this for the way they treated the security of their product with the "Optimus Prime, Megatron, and every known Transformer could not damage our software" attitude. That's very brave. If people have been bringing up these points to them for a few years and they ignored it, and now its biting them, I too wonder how long it will take them to reverse that mentality of being perfect for the last few years.
Posted by NYCServers-Nick, 06-23-2013, 11:33 PM
Hopefully that attitude has changed now that they can see that it doesn't take a transformer to find an exploit. They're supposedly running an internal and external audit on their code so hopefully they realize they aren't the incredible hulk of VPS control panels in terms of security now.
Posted by WebHostDog, 06-24-2013, 07:41 PM
Seems they are working harder now, like WHMCS after they have been hacked.
Posted by TmzHosting, 06-24-2013, 07:47 PM
They have released another update it seems. Everyone update ASAP. - Daniel
Posted by WebHostDog, 06-24-2013, 08:01 PM
Seems so: Current Stable Version: 1.13.07 Current Beta Version: 1.14.00 BETA R7
Posted by sh33pz, 06-25-2013, 08:06 AM
To all the SolusVM users who are looking to replace it with another product. Why? Think about it. With SolusVM, expolits been patched. Another benefit to the exploits is, they are now doing internal / external audits of their code. That is a huge plus! I wouldn't risk changing to another product. I mean, what is the chances, the new product even conducts audits on their code. I am willing to bet NO on that. The way I see it, you're right back where you have started with SolusVM, just waiting for someone to exploit it! Safer bet, is to stick it out with SolusVM. It will be more secure from the lessons it learn.
Posted by DewlanceHosting, 06-25-2013, 08:45 AM
If there is a better control panel then solusvm then move otherwise you will lost your business.
Posted by EthernetServers, 06-25-2013, 09:33 AM
A lot of people are all talk and no do. There's a bunch of people furious about SolusVM and the likes however, ultimately, most of them would never move away since they know how much hard work it will be, for little gain in most cases. SolusVM is a fantastic product for it's price (and for functionality), no one can deny that. All products have security vulnerabilites, even "experts" who claim something is secure know nothing. A lot of VPS providers are in the same boat right now.
Posted by FRH Lisa, 06-25-2013, 11:55 AM
I can't speak for everyone else, but we are ALWAYS evaluating replacement software. At the very least, we stay on top of the state of the market. Who knows - even if SolusVM never had any security risks, maybe there's just a better overall panel out there. We aren't committed to leaving SolusVM, but we'd be foolish to ignore the alternatives. Keeping your options open is just good business sense.
Posted by ServerZoo, 06-26-2013, 12:20 AM
audition seems be done today, but still not yet?
Posted by EthernetServers, 06-26-2013, 10:08 AM
Well this is fun: http://blog.soluslabs.com/2013/06/24...vm-versions-2/ Edit: that might be old, loosing track of all these updates -- so many.
Posted by Skylar MacMinn, 06-26-2013, 10:11 AM
It is old, but don't worry there's already another update that you can push via upcp script that isn't listed yet on the dashboard/their site.
Posted by ServerZoo, 06-26-2013, 10:15 PM
1.13.08 now still wondering when audition will finish....
Posted by Zimple, 06-30-2013, 02:03 PM
They have released SolusVM 1.13.09 today and here after not able to reset root password for VMs. Not sure how many new problems introduce in latest releases..
Posted by Zimple, 06-30-2013, 02:11 PM
Figure-out. It was my fault as I had one special letter in the password.
Posted by NetworkPanda, 06-30-2013, 02:50 PM
This is a SolusVM bug for years now, when you try to set a new root password which includes special characters, you are out of luck. It accepts only alphanumeric characters. They don't seem to want to fix it. However, it is always better to change the root password from SSH, using passwd
Posted by NoSupportLinuxHostin, 06-30-2013, 11:28 PM
SolusLabs told me they fixed that bug in the beta version (1.14). The bug definitely exists in 1.13.
Posted by WPCYCLE, 06-30-2013, 11:41 PM
1 Panels always seem to restrict passwords to 10-18 characters with no special characters.
Posted by MattF, 07-01-2013, 12:57 AM
That's just retarded, that alone would be classed with the same seriousness as a critical vulnerability in any other industry. Surely this has been fixed in the latest version of solusvm? if not any confidence in the apparent "external" audit should be swiftly withdrawn.
Posted by WPCYCLE, 07-01-2013, 01:38 AM
cPanel and Virtualmin suffer the same issue....18 max characters within the panel, 64 character max through ssh. Some people are surprised when they see 64 random characters since their use to mydogatemyhomework101 as a password...and even that's too long for cPanel. I think Solus is 12 or 20. Weak
Posted by rds100, 07-01-2013, 02:43 AM
Considering that SolusLabs is probablly passing the password around between shell commands it doesn't surprise me that they do some restrictions on what can be used as password. Actually i am glad they put some restrictions. The last thing we want is someone choosing `rm -rf /` as password and then....
Posted by MattF, 07-01-2013, 06:16 AM
The last thing we want is "rm -rf /" ever being a problem for a password! "rm -fr /" should be a valid password just as "shutdown" should be as eval 'r''m'' ''-rf'^C and so forth. If this is the mickey mouse layer of escaping/restrictions we have then yikes.
Posted by ServeByte, 07-01-2013, 06:18 AM
Or if you wanted to troll the online system admin... set the password to `wall "I hacked your server "`
Posted by NetworkPanda, 07-01-2013, 07:27 AM
And if we consider that SolusVM stores the root password as plain text (which means that if somebody is able to hack the SolusVM database, he will be able to read your root password), this is why you should always set a new root password using passwd and not SolusVM.
Posted by FRH Lisa, 07-01-2013, 07:59 AM
Totally agree, but a lot of users do not do this. One of the many reasons why storing passwords in plaintext is a horrible, horrible idea.
Posted by anyNode, 07-01-2013, 09:17 AM
Wasn't SolusVMs external audit supposed to start today?
Posted by fierce510, 07-01-2013, 10:08 AM
Isn't solus in php? Doesn't that have native function for it? Or is solus trying to roll their own "sanitizing" ?
Posted by PCS-Chris, 07-20-2013, 12:41 PM
Does anyone know what happened with this security audit in the end? There has been no updates for weeks, as far as I know some providers still have SolusVM disabled!
Posted by Steven, 07-20-2013, 02:15 PM
Chris, From what I understand they did an internal audit, and then the external audit was going to start and should still be ongoing.
Posted by WebHostDog, 07-22-2013, 03:15 PM
Nothing since then : http://blog.soluslabs.com/2013/06/22/audit-update/
Posted by InvokeVM-Kelvin, 07-25-2013, 08:05 AM
Wasn't it meant to finish yesterday? What's happened since?
Posted by TmzHosting, 07-25-2013, 08:11 AM
To me it seems like they just stopped doing what ever they were doing since all of the drama slowed down. There was never an official explanation on what happened and how the audit went. - Daniel
Posted by InvokeVM-Kelvin, 07-25-2013, 08:27 AM
That seems quite frustrating. I think security is the grand issue here. You see most of the hosts like HVH disabling client access to the Master whilst others are taking risks. For those of you reading this, are you still allowing client access to the master, or are you taking requests manually?
Posted by EthernetServers, 07-25-2013, 10:15 AM
Most of the hosts I know of such as x10VPS and indeed ourselves still have Solus disabled. For the sake of allowing a customer to reinstall an OS themselves, it's not worth it.
Posted by ServeByte, 07-25-2013, 10:43 AM
I find it odd how Philip hasn't posted any comment... considering many of their customers are scratching their heads on this forum.
Posted by InvokeVM-Kelvin, 07-25-2013, 01:06 PM
It was indeed your announcement on HVH which eventually led me to this thread. Can you confirm if the security issues still exist?
Posted by EthernetServers, 07-26-2013, 05:54 AM
Nobody is 100% sure whether the security threats are still active. We, however, will not be enabling SolusVM again until the external audit is complete at minimum. SolusVM post information when they have it on their blog: http://blog.soluslabs.com/
Posted by InvokeVM-Kelvin, 07-26-2013, 03:09 PM
I have received a prompt reply from SolusVM management:
Posted by InvokeVM-Kelvin, 07-26-2013, 05:34 PM
I've also received a follow up email: On a 2nd note this is the company doing the external audit*http://www.cnsgroup.co.uk/
Posted by InvokeVM-Kelvin, 08-02-2013, 06:19 AM
SolusVM is looking into two-factor authentication.
Posted by InfinityLayer, 08-02-2013, 12:54 PM
Wow this is serious. Will it be ok to just delete the central backup file? Or would that mess any other files up? I will take a backup of it and delete it anyway, hopefully Solus gets this patched!
Posted by Awmusic12635, 08-02-2013, 12:55 PM
It has been patched for a while now. As long as solusvm is up to date you are fine.
Posted by NullByt3, 08-20-2013, 09:46 AM
Wow I'm glad we don't use such panels.. that could easily put an end to a company..
Posted by EthernetServers, 08-20-2013, 10:14 AM
http://blog.soluslabs.com/2013/08/19...-audit-update/ Could still be a while though.
Posted by Atlanical-Mike, 08-20-2013, 10:27 AM
At least they are doing something about it, unlike WHMCS and others who just sit back until something serious comes to their attention. Then you get companies like Zamfoo who do nothing at all.
Posted by WPCYCLE, 08-20-2013, 10:35 AM
Actually, there in this mess for the same reason. A lot of suggestions were sent to them about the security of the master install, and they always responded basically saying Megatron, Soundwave and all the Deceptions could "never" hack or exploit their software. Only since this issue have they seem any bit concerned about security...which has been quietly swept under the rug.
Posted by NoWorNeveR, 08-20-2013, 10:45 AM
The most funny it is that you can't find better option then SolusVM
Posted by Atlanical-Mike, 08-20-2013, 10:57 AM
Yeah I agree, but WHMCS will just sit there and patch that security issue, and wait for the next one. SolusVM is concerned and is auditing the whole software not just patching a section. Noc-PS is another option.
Posted by Martin-D, 08-20-2013, 11:11 AM
I disagree. There have been many people claiming to have found issues and informed them of such however none of them have produced any proof that this happened. The same happens with WHMCS and almost all software when bugs or critical issues are found. People come out of the woodwork and claim to have found it eons ago and informed them. I fail to see how it would make any sense for these software vendors to ignore this information as it ends up in situations like these - reputation damage and many, many people affected.
Posted by cloudrck, 08-20-2013, 11:13 AM
It doesn't have to make sense for it to be true. If everyone only did things that made "sense" we would be a lot better off.
Posted by Martin-D, 08-20-2013, 11:22 AM
The flipside is true also. Lots of moaning, no action.
Posted by WPCYCLE, 08-20-2013, 11:34 AM
This is at the basic level. They say install it and that's it. WordPress is the same thing. One-click, install, never worry....which is even worse than the Solus issue since many people use WordPress. A false sense of reality. Look at how many issues are related to WordPress when people follow the "no security" advice. At least with WordPress, people will suggest ways to secure it and so forth. Solus will email and post in forums saying Do not secure it, nothing will happen....and people will reply saying are you sure about that advice. Last edited by WPCYCLE; 08-20-2013 at 11:40 AM.
Posted by Server Management, 08-20-2013, 11:34 AM
WHMCS is doing audits in silence hence there coding has changed also some big changes was made to the smarty template system resulting in many custom themes no longer working so that's a sign changes are happening but unless you read the release logs you won't be any wiser since it's not exactly being publicized.
Posted by Martin-D, 08-20-2013, 12:55 PM
Please show me where this has happened?
Posted by WPCYCLE, 08-20-2013, 01:11 PM
I was going to reply later, but a quick search http://forum.soluslabs.com/showthrea...usVM-installed
Posted by Martin-D, 08-20-2013, 02:54 PM
I don't see anything immediately wrong there..apart from it being 4 years old.
Posted by WPCYCLE, 08-20-2013, 03:00 PM
There's a few others, but it would take time to track them down again. I know LowEnd had a few that were more recent before the incident. Last edited by WPCYCLE; 08-20-2013 at 03:05 PM.
Posted by cloudrck, 08-20-2013, 07:22 PM
One of the reason I moved from SolusVM was the suggestions to remove remove iptable policies whenever I would report issues.
Posted by NullByt3, 08-28-2013, 09:24 AM
Yep and panels like CPanel do the same.. remove all netfilter rules and everything will be fine instead of giving you one line rule which will fix the problem.
Posted by v33usa, 08-28-2013, 06:42 PM
Is this CNS Group reliable? I've never heard of them
Posted by johnksrv, 09-18-2013, 12:24 AM
Can you suggest a better alternative?