黑客在05/21/2009向lxlabs.com向對方報告了多個lxadmin/kloxo安全漏洞,但是為引起對方關注,06/07/2009在milw0rm.com公佈了,我認為是部分的漏洞,地址是http://www.milw0rm.com/exploits/8880,因為我昨天就看到了相關的漏洞,需要取得本地權限之後才能獲得管理員權限,所以我相信黑客是公示的這些漏洞可能在如何獲得本地有所保留的,實際他可能可以輕鬆的獲得本地權限進而獲得管理員權限。今天多家VPS公司被黑,vaserv.com旗下的cheapvps、fsckvps等都受到嚴重影響,部分服務器數據甚至被刪除,目前所有的VPS都被斷開,網站都無法訪問。我在北京時間08/06/2009打開vaserv.com的網站看到
* J& d2 E# X7 n7 r G. [
/ E8 I- ]0 k& [$ n" @At approx 7pm GMT VASERV HyperVM was hacked and it appears that all nodes have some level of damage. We are currently working on the situation and will be putting updates here. w" g- e: T: X0 R+ V$ s
. A" @8 Q& X3 O5 n/ wCurrently we have no ETA on this " M/ s. w8 H1 r; g
1 _+ q, @ ^! c7 r
23:18 GMT. We are going to bring the support desk back online shortly so we can start getting a track of where customers are.
4 i5 B) |9 G8 e5 ?3 v8 t1 N, U2 r/ B, _, D9 L# P: g7 U
Per DC, G% \5 |3 J3 C( c) E/ |
- n: s7 X2 y) x; z; Y/ N
LA FSCKVPS - People are onsite working on the system
/ T4 k* \2 p+ J2 M' o/ n0 c/ F, Y; ?5 F, i! e" `% |8 L, V# ?
WireSix Atlanta - People are working onsite# y/ n8 D3 d; \9 n
, p: ~4 O+ r% O
TMS - Expecting someone onsite within 1 hour E* B z) R" t+ t6 Y7 I; v* k
! @0 L8 L2 i/ _7 }' z8 p; s
UK - We have 4 people onsite and gauging status
$ t9 k- }3 K# R- V8 A
: f2 T8 z5 [ ?Overall it looks like /boot on the nodes has been removed. Some nodes are definitly missing /vz data and others have it intact. We will be going node by node to get things going ASAP.
5 J& Y4 M3 v$ d$ C
F% L: l: X5 B0 j' a1 z# ROur HyperVM db's are intact so this means we can link everyone to their VPS
$ e$ d1 v A2 c+ e7 ^: D. S1 k8 K$ W& s& q6 Z
" g& [! B4 Z+ { s23:56 GMT: We now have a rolling action plain in place for all nodes and are starting checks/restores. Please note we are expecting at least 24-48 hours to get things even remotly stable6 b, v! s8 z7 a/ z* t
j* L" j- l! V5 w; I) A
00:32 GMT: We have so far done some test rebuilds on 5 boxes and results look semi promsing for the root VPS data (/vz). /etc/ was removed meaning config files need rebuilding however this is easy enough to do from HyperVM database. As it stands we will NOT be giving public access to HyperVM for the forseable future. We may/may not still use it internally via some very strong firewall controls. For rebuilds etc we will be asking people to do support tickets etc' |8 {: X5 F5 W9 R
01:45 GMT: We are finding some empty nodes bu generally we would estimate 80-90% of data is intact. We have started to bring a few customers onine and will be bringing others online/informing about node status in the next few hours. Currently we are still working with onsite staff + providers to restore access to servers. We are still standing by our 24-48 hour window# X' ?( g4 x- L: z) z
05:05 GMT: vz1uk.vaserv.com restore
' Y F2 S& x! `server3.fsckvps.com restored+ l) m* H4 ]7 o8 `$ h7 \
vz5uk.vaserv.com - full data loss
; A1 Q! ^( D! j' D2 h( X8 a/ pvz7uk.vaserv.com - full data loss) K% D5 V ^! O& S. [5 d& s4 i
05:22 GMT: We have approx 90% of the fsckvps nodes now online and are working on restroing VPS access. Currently we are putting everone on the same basic config just so things are up and will go round setting correct limits when things are calmer. 1 X* c& O/ P1 @
For LA vaserv ndoes all have been reloaded but need configs re-creating which we will do once our HyperVM VASERV is restored, through there won't be public access to start with, if at all. VAServ Texas are about all restored. UK we are about 50% of the way through and have 3 people working flat out on it/ m5 J+ t# X/ T% J( b
05:33 GMT server5.fsckvps.com restored
' O& @- ^) p) p( d: O$ Z05:36 GMT server7.fsckvpscom restored
5 a- z4 ~3 _5 V9 f6 a* F05:43 GMT servr9 appears to have full data loss$ \2 I2 W; Y1 A. k2 t
05:48 GMT server8.fsckvps.com full data loss
* e! ^1 n0 D& `7 S$ y0 H05:52 GMT server6.fsckvps.com restored
* B7 c3 D1 H0 e( [1 F/ y. h* \
6 z5 v+ w- J) j! O7 ?: c& r: t本文首發於誠信空間:http://www.9125.info/thread-394-1-1.html |
|
發表於 2009-6-8 13:05:20
提升卡
沉默卡
变色卡