from Hacker News

Ramnode down after SolusVM vulnerability exposed

by jemka on 6/16/13, 1:09 PM with 15 comments

  • by jemka on 6/16/13, 1:10 PM

    Ramnode's SolusVM was hacked earlier and attempting to log in gave you a list of every single subsciber's email address, name, and root password (plain text) to their VPS as well as IP address. Source: http://www.reddit.com/r/webdev/comments/1gga3n/ramnode_hacke...

    http://localhost.re/p/solusvm-11303-vulnerabilities

    http://www.webhostingtalk.com/showthread.php?t=1276286

    If you use SolusVM: http://blog.soluslabs.com/2013/06/16/important-security-aler...

    "We are working to get things back online. We were hit with a SolusVM exploit late last night." (https://twitter.com/RamNode)

    Happy Father's Day!

  • by aroch on 6/16/13, 2:29 PM

    Apparently there are allegation going around that it was done by a competitor, servercrate.

    http://lowendtalk.com/discussion/comment/284016/#Comment_284...

  • by Wyrmkill on 6/16/13, 2:47 PM

  • by nenolod on 6/16/13, 10:06 PM

    Honestly the usage of SolusVM, WHMCS etc (i.e. things written in PHP which have no business being written in at least, the way a PHP typically is written) has been the main security problem of the entire industry.

    We need more things like OpenStack out there -- competently designed and implemented toolstacks that actually work correctly and have a remotely acceptable security model.

  • by nieve on 6/17/13, 10:12 AM

    It's a nightmare for them and I'm sure they'll lose customers over it, but I'm staying when two days ago I was planning on canceling my vps due to underuse.

    It was ridiculously fast for a vm (>700MB/s with vpsbench, all tests), but the $5/mo Digital Ocean instances were fast enough with PostgreSQL/Sphinx that none of my (free) users were complaining. I like Digital Ocean, I'm keeping some stuff over there, but I appreciate Ramnode's transparency & dedication during this. It doesn't hurt that they're probably going to be constructively paranoid now that they've gotten burned. This is one of those things my partner saw all the time running a restaurant - screwups are unavoidable, but handling them well can actually get you a loyal customer.

  • by zedpm on 6/16/13, 2:15 PM

    Sigh. I'm glad I didn't give them any billing information (monthly invoice paid each time via Paypal). It's not clear to me how/why root passwords are compromised by this exploit; anyone care to elaborate?

  • by ledzgio on 6/16/13, 3:33 PM

    Any news? my VM is down and I see here that all the nodes are still down:

    http://status.ramnode.com/

  • by zrail on 6/16/13, 2:47 PM

    Nodes appear to be back up.