As many as 100,000 websites have been destroyed by hackers targeting server virtualisation software HyperVM, which powers most virtual private server (VPS) hosting companies.
Most of the VPS systems hosted by Vaserv, and its sister companies CheapVPS and FSCKVPS were taken offline, with data on some of its servers destroyed without backups, when the hackers exploited a zero-day vulnerability in the LxLabs HyperVM software to gain root access to its servers. The hackers were then able to run commands (such as "rm -rf", Linux parlance for "remove everything, all files and folders, no questions asked,") to destroy both user and system data, preventing the servers from booting, and preventing users from recovering data.
Vaserv has estimated that almost half of the data hosted on their servers has been destroyed by the attack.
The identity of the hackers is unknown, and no hacking groups have claimed the attack. Vaserv stated that "This wasn't someone randomly scanning things. It was a deliberate attack on our infrastructure." It has also stated that, although the hackers had full root access to its systems, all sensitive data such as names, addresses, and credit card details were encrypted.
It is unknown whether any other hosting companies running HyperVM have been attacked. Anybody who uses a server hosted by Vaserv or its sister companies can check the progress of the rescue operation here:
Code:
http://www.theregister.co.uk/2009/06/08/webhost_attack/
Temp url for status updates:
Code:
http://66.71.245.2/~vaservc/
Their response
Dear customers,
As many of you are aware, we were hacked today around 7pm GMT and portion of our service has been cut off (mostly US and portion of UK servers). At this point, due to a security bug recently discovered in HyperVM panel, we’ve brought down most of our VPS nodes and are investigating situation. At this time we do not have an ETA on this, but we want to stress out that we have the whole team, onsite DC staff on each location + some extra help connected and working on the situation.
As you probably realized by now, our helpdesk and websites are off as well and we would like to point you to use a temporary URL over at - h**p://66.71.245.2/~vaservc/ which will provide updates on a regular basis.
This said, please avoid using IM and phones and rather check our website, as we have focused all our personnel on getting this handled on the earliest possible convenience.
We wish to thank you for the patience and understanding during these times.
Sincerely,
VAServ LTD Team
----
Looks like people hosted with them are really fucked... Altho any sensible user probably backs up their data locally anyway. Company's usually can't be held accountable for data loss anyway.
Some more info on WHT:
Code:
http://www.webhostingtalk.com/showthread.php?t=867457
Seems its happening all over the place right now. A major exploit like this one can really hurt HyperVM.
----
Another update, seems this story turned to worse:
Code:
http://timesofindia.indiatimes.com/Bangalore/Techie-hangs-himself-in-HSR-Layout-/articleshow/4633101.cms
Techie hangs himself in HSR Layout
Bangalore : He sported long hair, usually played the guitar well into the wee hours at his house in Sector 6, HSR Layout and his
shoulder tattoo read `God is a F***** Idiot'. He lived a lonely life, perhaps unable to come to terms with the tragic suicide of his sister and mother a couple of years ago.
On Monday morning, software company owner K T Ligesh, 32, was found hanging in his house.
He was also deeply upset his company, Lx Labs, in HSR Layout, 6th Sector, had recently lost a project to another company. The police said Ligesh, son of Dr Sreedharan of Kannur, Kerala, was a brilliant software engineer who came to the city about four years ago. He set up his company which was doing quite well and stayed with a friend Sheenu in the same house where his company was located.
Both his mother and sister had hanged themselves five years ago and this had always bothered Ligesh. A song writer and guitarist, he was even part of a band. The police said they'd received several complaints from neighbours about the loud music and even warned him.
Neighbours confirmed that Ligesh didn't have many friends and didn't interact with anyone. Often, he'd sleep with the house door open. On his social networking site page, he wrote that his ambition was to kill God and he was an anti-Christ.
On Sunday night, Ligesh and Sheenu talked and drank till well past midnight and an agitated Ligesh talked about the death of his mother and sister. DCP (South-East) B N S Reddy said he was also upset about the lost contract.
While Sheenu went to sleep in his room, Ligesh stayed in his and on Monday morning, Sheenu found that Ligesh had hanged himself.
Dr Sreedharan came to Bangalore on hearing of the death. The post mortem will be conducted on Tuesday, after which the body will be handed over to his father.
----
Does not bode well for a lot of hosters using his product.
