There are quite a few exploits available to the open public right now and I'm just curious to know if anyone has heard back from LXLabs in regards of these issues within the last couple of days. It appears that they haven't been active on their own forums, which I'm assuming submitting a ticket may get the same treatment. However, has there been ANYONE that has heard if they are working on the exploits?

I just hope that the exploits don't require major archecture coding/changes to HyperVM that will take weeks to fix.

Just curious if anyone of you heard anything, thanks!

They have not responded to a ticket I placed yesterday.

Has there been anyone else that has been hacked other than fsckvps company? And have the exploits been tested on the latest patch/updated hypervm systems?

Has there been anyone else that has been hacked other than fsckvps company? And have the exploits been tested on the latest patch/updated hypervm systems?

I've tested them both on unpatched and patched installations, the update fixes the public known issues.

I'm yet to discover more details about an unknown issue in hypervm everyone else is talking about here.

If there is a vulnerability and fsckvps companies were hacked by it, how come nobody else is reporting any hack attempts? The hacks are in the open public, surely there would be more people reporting the same issues fsckvps is?

Yes, if someone actually got into your hypervm they can get all sorts of information from the un-encrypted database. But is there a way for people to get in to the HyperVM in the first place if you are fully patched and have vigerous security settings?

It looks like Vaserv was targetted specifically and I believe Wiresix had a few cases of the exploit as well noted in other threads.

It looks like Vaserv was targetted specifically and I believe Wiresix had a few cases of the exploit as well noted in other threads.

Have they reported people "attempting" to gain access, or have people actually gained access and where able to commit damage? Attempting to gain access is one thing as oppose to actually obtaining full root access. I think its safe to say that everyone's servers are being scanned by hackers so they can "attempt" to gain access.

Right now all I'm seeing is people blaming LXLabs and no one has actually had damage caused besides fsckvps. Do us HyperVM hosts really have something to worry about or no, there just seems to be to much speculation and blaming of LXLabs over 1 companies hacking/damage.

The guys at Lxadmin promised a full disclosure today, we'll see if that happens. Until then, looks like a lot of paranoid people out there.

Right now all I'm seeing is people blaming LXLabs and no one has actually had damage caused besides fsckvps. Do us HyperVM hosts really have something to worry about or no, there just seems to be to much speculation and blaming of LXLabs over 1 companies hacking/damage.

There was actually one other provider that I know of but they may have been hit before they updated. Refer to http://www.webhostingtalk.com/showthread.php?t=866960 . We had a customer who's kloxo installation was hacked and then the malicious user logged into at least one other hypervm installation that I know of. We were never targeted though which I can only assume was due to them not finding it. It makes you wonder if the two were related and the first was a test case to see how feasible it be to do on a large scale.


The guys at Lxadmin promised a full disclosure today, we'll see if that happens. Until then, looks like a lot of paranoid people out there.


Well they're in India so we probably won't hear anything until later tonight for those of us in North America.

It sounds like those who were hacked didn't get a chance to get the late night update the other night. But since then I haven't seen anyone get hacked yet since the new updates. I think there is just a lot of paranoia and speculation right now... People are destroying their own businesses right now because of it lol, shutting everything down. :)

It sounds like those who were hacked didn't get a chance to get the late night update the other night. But since then I haven't seen anyone get hacked yet since the new updates. I think there is just a lot of paranoia and speculation right now... People are destroying their own businesses right now because of it lol, shutting everything down. :)

Probably won't hear of any other hacks because no one is running it. We just allowed access via our firewall to just our internal IP's until at least lxlabs says something.

I highly doubt everyone has shutdown hypervm.

I highly doubt everyone has shutdown hypervm.

There is no point in hacking a guy with 5 VM's.

We have.

We started to see abnormal activities within HyperVM even after updating to the latest version.

For those of you that haven't shut it down, please, be careful!

We have.

We started to see abnormal activities within HyperVM even after updating to the latest version.

For those of you that haven't shut it down, please, be careful!

Can you please elaborate? It would be helpful for others running the panel to hear your insights.

Well, over the last few days, when setting up VPS server's for clients, the panel would refresh after clicking "Add" as always, and the newly created VPS was nowhere to be seen... (I just made the damn thing.. Where it gone). Something kicked me to check "Import HyperVM VPS", so I tried it and it failed. So I thought, "What else could I do.. Ah, "Raw VPS Import", I tried that and vwalla, there it was.

The Username, Hostname, Resolv Entries and Passwords had been wiped which took a while to change back but after that it was OK.

It then happened again, and found the issue about HyperVM plastered everywhere, so i shut it down. Now I am creating VPS servers via Shell.

Were the VPS creations showing in the logs ?

I haven't checked the logs as of yet. I will check later and post the results.

Right now, it's been a long day and I think it's bed time. :yawn:

I highly doubt everyone has shutdown hypervm.

If you haven't shut down HyperVM by now, then you are officially an :rolleyes:

Seriously, with all of the "speculation" going around right now, not to mention that shutting down hyperVM should not kill your business at all. In fact, it may mean you will see a SLIGHT increase in reboot requests, and I'd say that is about it....

LxLabs has remained dead silent since yesterday besides saying their own software is unsafe to use, and to not use it in a production environment unless it is a personal domain.

If you haven't shut down HyperVM by now, then you are officially an :rolleyes:

Seriously, with all of the "speculation" going around right now, not to mention that shutting down hyperVM should not kill your business at all. In fact, it may mean you will see a SLIGHT increase in reboot requests, and I'd say that is about it....

LxLabs has remained dead silent since yesterday besides saying their own software is unsafe to use, and to not use it in a production environment unless it is a personal domain.Some companies, especially small or local companies who doesn't know about this situation may not shutdown HyperVM yet... (off to post in local forums about the epidemic)

This is very serious:

http://timesofindia.indiatimes.com/Bangalore/Techie-hangs-himself-in-HSR-Layout-/articleshow/4633101.cms

I think we've got a major problem on our hands now.

Some more info:

http://www.hindu.com/2009/06/09/stories/2009060959930400.htm
http://identi.ca/omshivaprakash

This is disappointing and sad to hear as well. Things go wrong in life, instead of thinking about suicide its best to work around it. There is ALWAYS a way around even in worst cases.

This is why people shouldn't of hounded them without knowing the facts.... this is very sad and a greater loss than the fixable exploits...

LxLabs has remained dead silent since yesterday.......

Literally :(

Very sad situation, both for his father and now for the legacy he has left behind here on the web.

As much as people would hate to admit it at this time, HyperVM has helped thousands of companies make their lifes easier in selling OpenVZ and Xen VPS's. I hope someone can step up to the plate and try to take the HyperVM marketshare now. Now is a good time to enter in the market of VPS management software.

This is really not good. Hopefully some software developers are starting to code a new VPS managing panel.

Even if somebody was (I am not going to comment yet on that), we have found that migration from hypervm is complex due to heavy use of keyless CSV files.

The main blocker at the moment is finding a way to get all the information out of HyperVM in a sane and efficient way to enable a migration.

Did the owner of LX labs really hanged himself ?!!!


http://www.hindu.com/2009/06/09/stories/2009060959930400.htm

http://timesofindia.indiatimes.com/Bangalore/Techie-hangs-himself-in-HSR-Layout-/articleshow/4633101.cms

Even if somebody was (I am not going to comment yet on that), we have found that migration from hypervm is complex due to heavy use of keyless CSV files.

The main blocker at the moment is finding a way to get all the information out of HyperVM in a sane and efficient way to enable a migration.

Amen to that - it's really a goofed up system. Both Tony and I took a peak today and was shocked (and awed) at how abysmal it was made / laid out.

I'm not undermining his work or anything, this comment just hit home on my current thoughts.

Hopefully this all gets worked out - such a mess for everyone involved (from providers, to family).

R.I.P

A truly odd person.

http://ligesh.com/about/

HyperVM is out, being replaced by a new system which im working on with a team of coders - More info will be posted soon once more investors come to the aid.

The main issue for everyone who is offering HyperVM VPS's is that there needs to be a solution now. I'm a big supporter for all of those who would like to start developing a HyperVM replacement, but such tasks can take months to achieve.

My hope is this, that Mr S Bhargava (only known employee, I think) can get access to the source code and start bringing on some volunteers to further the development and fix the bugs asap.

A truly odd person.

http://ligesh.com/about/

In my opinion he seems to be one messed up guy.

S Bhargava has made a statement on the lxlabs forums:

http://forum.lxlabs.com/index.php?t=msg&goto=67603&#msg_67603

We'll see what comes of this..