过期域名预定抢注

 找回密碼
 免费注册

【資訊】lxadmin/kloxo安全漏洞致多家VPS公司被黑

[複製鏈接]
發表於 2009-6-8 13:05:20 | 顯示全部樓層 |閱讀模式
黑客在05/21/2009向lxlabs.com向對方報告了多個lxadmin/kloxo安全漏洞,但是為引起對方關注,06/07/2009在milw0rm.com公佈了,我認為是部分的漏洞,地址是http://www.milw0rm.com/exploits/8880,因為我昨天就看到了相關的漏洞,需要取得本地權限之後才能獲得管理員權限,所以我相信黑客是公示的這些漏洞可能在如何獲得本地有所保留的,實際他可能可以輕鬆的獲得本地權限進而獲得管理員權限。今天多家VPS公司被黑,vaserv.com旗下的cheapvps、fsckvps等都受到嚴重影響,部分服務器數據甚至被刪除,目前所有的VPS都被斷開,網站都無法訪問。我在北京時間08/06/2009打開vaserv.com的網站看到
) R8 J" m$ N2 i" N6 o9 Q  d' B: r' y. L& V  M$ K* q9 ~
At approx 7pm GMT VASERV HyperVM was hacked and it appears that all nodes have some level of damage. We are currently working on the situation and will be putting updates here.! n9 [( {( |3 |3 E0 }, T

' y* V# Z+ L/ YCurrently we have no ETA on this # N$ e5 A3 ?, S0 ?5 E! j& t
8 u7 [" ?. u& x% q3 {
23:18 GMT. We are going to bring the support desk back online shortly so we can start getting a track of where customers are.# s- H3 |2 x# U2 n0 M# l
2 f$ z( K& `: X8 q) ?
Per DC
2 j* R5 o; C9 `& G
; }, |6 U6 i1 M" H( m) O1 eLA FSCKVPS - People are onsite working on the system9 k0 x4 V6 @* m
  ]9 j9 }* U( b
WireSix Atlanta - People are working onsite
: F+ s2 H4 J8 N& b( N; j# \4 y" Z+ }& Z( i7 B( \! U# ]! ]: \
TMS - Expecting someone onsite within 1 hour4 C" I6 ^9 ~8 U0 g5 {

8 I& f7 m  ]6 W& z  |* p6 WUK - We have 4 people onsite and gauging status$ `6 ^2 h2 Q" B" a$ t6 |# l1 ]
4 M! L9 c- c# \4 e" u2 }
Overall it looks like /boot on the nodes has been removed. Some nodes are definitly missing /vz data and others have it intact. We will be going node by node to get things going ASAP.
7 M' O( U5 H' _3 l/ F8 ^; P$ G( ]( F) c$ k1 x6 y' w
Our HyperVM db's are intact so this means we can link everyone to their VPS 4 ^" c4 B8 g- X, r, ^+ y

! T- L) N8 P/ r/ F! L. x3 N0 }5 Q3 f
23:56 GMT: We now have a rolling action plain in place for all nodes and are starting checks/restores. Please note we are expecting at least 24-48 hours to get things even remotly stable
5 N) c1 }: i$ D9 G- v3 `
6 v$ \- m- B% \# I00:32 GMT: We have so far done some test rebuilds on 5 boxes and results look semi promsing for the root VPS data (/vz). /etc/ was removed meaning config files need rebuilding however this is easy enough to do from HyperVM database. As it stands we will NOT be giving public access to HyperVM for the forseable future. We may/may not still use it internally via some very strong firewall controls. For rebuilds etc we will be asking people to do support tickets etc
4 S6 J* |" G3 W% m. i3 n01:45 GMT: We are finding some empty nodes bu generally we would estimate 80-90% of data is intact. We have started to bring a few customers onine and will be bringing others online/informing about node status in the next few hours. Currently we are still working with onsite staff + providers to restore access to servers. We are still standing by our 24-48 hour window& F4 v( `  F6 @& Z8 w* l+ H
05:05 GMT: vz1uk.vaserv.com restore
( B+ B8 U4 i. G3 R, zserver3.fsckvps.com restored
$ w1 c' _1 Q5 bvz5uk.vaserv.com - full data loss" e2 q" S. q$ Q( m
vz7uk.vaserv.com - full data loss7 `9 p. g3 q# P6 d6 @: L; L2 b
05:22 GMT: We have approx 90% of the fsckvps nodes now online and are working on restroing VPS access. Currently we are putting everone on the same basic config just so things are up and will go round setting correct limits when things are calmer.
* |' j4 Z  s3 ]. xFor LA vaserv ndoes all have been reloaded but need configs re-creating which we will do once our HyperVM VASERV is restored, through there won't be public access to start with, if at all. VAServ Texas are about all restored. UK we are about 50% of the way through and have 3 people working flat out on it+ K- `, s7 \) U, M4 ^
05:33 GMT server5.fsckvps.com restored8 Z' O- s# d# u- F  s
05:36 GMT server7.fsckvpscom restored
( ~) z5 ^$ L: D7 }7 _4 F" g9 {! _05:43 GMT servr9 appears to have full data loss# `9 u" q- t9 G0 i' l
05:48 GMT server8.fsckvps.com full data loss" C' C1 r5 u* p, V/ o7 F
05:52 GMT server6.fsckvps.com restored
$ h  {3 k# Q! C$ e6 [, A+ @" q: c9 v, Y" L5 A
本文首發於誠信空間:http://www.9125.info/thread-394-1-1.html
發表於 2009-6-8 13:39:06 | 顯示全部樓層
恐怖~~~~~~~~~~~~~~~~~
回復 给力 爆菊

使用道具 舉報

您需要登錄後才可以回帖 登錄 | 免费注册

本版積分規則

过期高净值品牌域名预定抢注

4um點基跨境網編創業社區

GMT+8, 2024-10-30 17:26

By DZ X3.5

小黑屋

快速回復 返回頂部 返回列表