UPDATE: New information on the Vaserv hack that wiped 100K sites
Earlier I wrote about how the UK based Vaserv.com was hacked and had over 100,000 sites deleted from their servers. At that time I, and other tech news sites, were under the impression that it had something to do with virtualization software from LxLabs, whose boss was found hanged on Monday morning. It turns out, if the information provided in the comments of that original post is correct, that it may have been a more directed attack that had nothing to do with the LxLabs software.
This is the comment as it showed up under the original post
So being the curious type of person I am I checked out the link and this is part of what I found
Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus’s passwds are
Code:
e2x2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster
f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it’s mad dawg
Code:
[root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd ‘rm -rf /* 2> /dev/null > /dev/null &’ [+] Attempting to login using admin / ****off [+] Logged in, showtime!
Further down the outputted file there is some additional smack talk for the Vaserv guys
Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it’s GREAT!
BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you’d like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it’s just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.
Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl
Code: 1 1 rghf c32f3310baffcb431875a67196e99ebd Rus F zswlxxoomx@nowmymail.com 0 , Edit Delete 3 1 vlada c32f3310baffcb431875a67196e99ebd Vlada Neskovic zswlxxoomx@nowmymail.com 0 , Edit Delete 4 1 Kody fde67637d867c52d739931528dd92ef0 Kody Riker zswlxxoomx@nowmymail.com Georgia – server22 space 1slot 1gb 0 ,
See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol
If the folks who actually did this read this and want to pass along any additional info about what happened with the Vaserv servers you can contact me at winextra @ gmail.com – confidentiality assured.