We have opened the SolusVM CP again with the appropriate security patch. To briefly explain what happened: SolusVM released a zero day exploit early on Sunday morning, EDT. Within a few hours, another host decided to run the exploit against our installation. Shortly thereafter, someone (perhaps multiple persons) logged into our SolusVM administration panel, stole the database, and deleted several nodes worth of VPSs. Most of our nodes were unharmed, but the damage was obviously significant enough to keep us busy trying to restore as much as possible over the past 24 hours. No intruders directly accessed the VPS nodes, and I have completely reinstalled the control panel itself to prevent malicious activity.

The following information was contained in the leaked database: first names, last names, email addresses, and SolusVM account information. No telephone numbers, street addresses, or billing information was compromised. Anyone who has not changed his or her VPS root password using SSH should change it promptly. You should also change your SolusVM password. We believe the attackers were simply out to leak our database and destroy as much as possible, not steal client information; however, anything that was changed in or generated by SolusVM (initial passwords, for instance) is potentially compromised. Again, this incident did not impact billing information (we do not store credit cards to begin with) and it did not impact the Client Area's integrity.

We still have a few restores available for ATLCVZ5 and several KVM nodes, but we opened the control panel since some of you need to reinstall your OS. Unfortunately, backups were not available in every situation. Please submit a ticket if you need a restore on a KVM node in particular and we will do what we can. If you're on ATLCVZ5, we might also have a backup for you. Almost all other OpenVZ nodes have been restored as much as possible. If your OpenVZ VPS is marked Offline, you'll probably have to reinstall the OS. You may of course submit a ticket with any restore or other requests, but please understand that we will not be able to respond with our usual quickness for a few days.

Lastly, please ignore any overdue invoice messages for now. Our Client Area backups were apparently glitching, so we lost a few days worth of invoices and tickets in the restoration process. As such, we'll have to manually enter payments over the next few days. We have disabled automatic suspension/termination until we are caught up. If you ordered a new VPS between June 12 and now, we will have to manually recreate your account (or the order itself if you already had a VPS with us). The VPS itself should still be in our SolusVM system regardless.

Thanks for all of the support we have received over the strenuous past 24 hours. We will continue working to ensure that everything is back to normal promptly so that you experience the same great service you've come to know and love at RamNode. If you'd like to keep up to date on both recent and future events, please join our IRC channel (#ramnode on irc.esper.net) and/or follow us on Twitter (@RamNode and @NodeStatus).

Nick
nick[at]ramnode.com



Monday, June 17, 2013







« Back