Results 1 to 25 of 29
-
06-14-2009, 12:05 PM #1WHT Addict
- Join Date
- Jun 2005
- Location
- Lisbon - Portugal
- Posts
- 168
How to check if HyperVM is compromised
I'm no expert on this, but I recently aquired a VPS with only after activation I saw it was Based on HyperVM.
I don't know (actualy I didn't find anything on google) about a fix to recent hacks, so how can I check (versions, local machine tests, and son on) if the VPS may become compromised?
Thank you,
Rui
-
06-14-2009, 12:14 PM #2Junior Guru
- Join Date
- Feb 2007
- Location
- Wadsworths, IL
- Posts
- 231
Hypervm is only a threat to you if the host you got it from becomes compromised. Hypervm is a just a tool used any hacker gets in. You have nothing to worry about right now. The thing you should be worried about is hypervm going down.
-
06-14-2009, 12:18 PM #3Disabled
- Join Date
- May 2009
- Location
- US
- Posts
- 2,503
Ask them for the HyperVM version, if it is 2.0.7992, it is safe from the vulnerabilities.
-
06-14-2009, 12:47 PM #4Junior Guru Wannabe
- Join Date
- May 2009
- Location
- Kansas City
- Posts
- 62
Even if HyperVM would go down, it will not bring down any VPS on that node. HyperVM is just a management interface. The VPS still run on OpenVZ or Xen.
-
06-14-2009, 12:49 PM #5Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
As far as I know it appears that it safe from what Ligesh told a staff member...
http://forum.lxlabs.com/index.php?t=...960&#msg_67960
-
06-14-2009, 12:50 PM #6Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
-
06-14-2009, 12:56 PM #7Junior Guru Wannabe
- Join Date
- May 2009
- Location
- Kansas City
- Posts
- 62
-
06-14-2009, 01:01 PM #8Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
As, this topic is related to the current vulnerabilities of HyperVM. My response is 100% warranted. The difference between those other management panels is that they don't currently have any publicly announced vulnerabilities and if their is the developer can quickly fix it.
So for you stating Hypervm is just an interface in a topic related to its vulnerabilities and won't damange/stop a container. You would be incorrect in this situation. The gui is a very powerful tool regardless if it has vulnerabilities or not.
-
06-14-2009, 01:02 PM #9Junior Guru
- Join Date
- Feb 2007
- Location
- Wadsworths, IL
- Posts
- 231
Its up to the host to keep security tight...if the host becomes compromised, your compromised...cPanel, plesk, etc rely on the host for security measures as the software allready is sound and pretty well protected.
-
06-14-2009, 01:07 PM #10Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
-
06-14-2009, 01:08 PM #11Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
Yes, its of course up to the host to take proper security steps to protect their assets. If they or someone notices a security issue in one of those panels than they should of course contact the developer. The issue with HyperVM is that no one really knows if the current issues have really been fixed and the only person who can work on the script does not even have full access to it...
I would have to say at the moment to at least disable HyperVM for at least one month until the whole situation is more understandable. Security should be taken seriously and people need to be proactive!
-
06-14-2009, 01:10 PM #12Junior Guru
- Join Date
- Feb 2007
- Location
- Wadsworths, IL
- Posts
- 231
-
06-14-2009, 01:11 PM #13Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
I am not sure exactly but what i'm guessing before he committed suicide. He told the staff member that it was fixed. I also remember reading a message from either this staff member or another who stated "to not use either HyperVM or Kloxo as it was unsafe".
So who knows really...
-
06-14-2009, 01:33 PM #14Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 2,222
Well, according to this, 2.0.7992 is vulnerable.
http://www.securityactive.co.uk/
'A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
'Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
'"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing." ...'
-
06-14-2009, 01:59 PM #15Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
-
06-14-2009, 02:02 PM #16Disabled
- Join Date
- May 2009
- Location
- US
- Posts
- 2,503
-
06-14-2009, 02:24 PM #17Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
-
06-14-2009, 03:02 PM #18Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 2,222
-
06-14-2009, 03:08 PM #19Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
-
06-14-2009, 03:35 PM #20Junior Guru
- Join Date
- Feb 2007
- Location
- Wadsworths, IL
- Posts
- 231
-
06-14-2009, 04:04 PM #21Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 2,222
That's certainly what the hackers would like you to believe ("Trust us, keep using HyperVM, it's safe, it's a complete coincidence that providers were compromised shortly after all the security bugs in HyperVM was published.")
But other providers have posted here that they have been compromised.
Have you got a list from LxLabs saying which of the "Multiple security vulnerabilities" (their words) they fixed?
Extracts from
http://www.webhostingtalk.com/showthread.php?t=866960
"Just got this email
Quote:
Dear Customers,
Multiple security vulnerabilities were discovered in hyperVM and Lxadmin/Kloxo. It is recommended that you update your hyperVM/Kloxo systems to the latest version, as soon as possible.
Details of the vulnerabilities will be posted in the coming days in our forum.
On hyperVM or Kloxo master, Run:
/script/upcp
Lxlabs Support Team
"
...
" Spunkyasp Spunkyasp is online now
View Beta Profile
WHT Addict
Join Date: Sep 2008
Location: New York City
Posts: 143
Send a message via MSN to Spunkyasp
This happened to my system. 20 VPS' were deleted."
...
" John-EarthVps John-EarthVps is offline
View Beta Profile
Temporarily Suspended
Join Date: May 2009
Location: New Jersey
Posts: 8
server was compromised
Today our VPS server was compromised do to security vulnerabilities were discovered in hyperVM and Lxadmin/Kloxo
The person who compromised our server was using a server from SoftLayer and we contact SoftLayer and gave them the logs and they refuse to do anything about it.Here is the ip "208.43.228.75" that the person used to compromised server."
...
" TonyB TonyB is online now
View Beta Profile
Premium Member
Image: Premium Member Badge
Join Date: Aug 2004
Location: Canada
Posts: 2,014
Quote:
Originally Posted by John-EarthVps View Post
We did they took care of it there server was compromised also
Not exactly none of our servers were compromised but a specific VPS we host.
A specific customer was compromised who were running Kloxo. I don't know if it was this topic or not but the actual malicious user did a rm -fr on the entire VPS wiping it clean before we could even login to it."
...
"
...
" Kody Kody is offline
View Beta Profile
Premium Member
Image: Premium Member Badge
Join Date: Aug 2007
Location: Cincinnati, Ohio
Posts: 625
Send a message via AIM to Kody Send a message via MSN to Kody
Thanks for that lets hope the patch provided via LXLABS works this time.
~Kody"
...
"
May 10th:
Posted by Viz0n
Quote:
Anyway, for those who do not know already, I've been hosting h4cky0u on a VPS as a temporary thing, and yesterday they got hacked in a very secure environment. I have narrowed the hack to an 0day in HyperVM.
BASIC SETUP:
- uploading disabled(PHP)
- chroot environment(no access to system binaries, perl, ect...)
- heck load of php functions disabled
- no ftp, sendmail ect... only had HTTPD running
I found a shell chown'd as root:root which does not happen unless you upload via root or from a GUI/Panel like HyperVM. When I attempted to log into HyperVM, I noticed that the password was changed and noticed a lot of strange IPs had accessed the system.
I've not had the chance to document this hack completely, but all I am pretty damn sure that the hack did start from the HyperVM Panel. "
...
"Last edited by tim2718281; 06-14-2009 at 04:08 PM.
-
06-14-2009, 05:40 PM #22Disabled
- Join Date
- May 2009
- Location
- US
- Posts
- 2,503
Nope, several people at Webhostingtalk tested the latest version, 2.0.7992 to see if the 24 exploits would work, and they have said that it does not work.
Read this thread for more information on that: http://www.webhostingtalk.com/showth...67#post6231167
-
06-14-2009, 06:53 PM #23the ground beneath my feet
- Join Date
- Feb 2006
- Posts
- 1,107
semi-retired
-
06-14-2009, 07:00 PM #24Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
Enough to delete all VPS's on over 200 separate servers pretty much instantly?
Come on, if you think that the only reason VAServ was compromised was because of HyperVM then seriously you need to re-evaluate things.
I am not saying that there are no exploits in HyperVM, I AM saying that there are other factors, the re use of insecure passwords and direct root SSH access are two.
-
06-14-2009, 08:58 PM #25Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 2,222
But that's the question being asked: is it safe to use HyperVM?
The answer seems to be "no":
There is no clear statement from the vendor of what were the "multiple exposures" they admitted existed; nor is there a list of releases they made during a period of a couple of days, with info on what they think they fixed in each of those releases.
So - maybe it's OK now, maybe it isn't; how can anyone be sure it's safe?