【资讯】lxadmin/kloxo安全漏洞致多家VPS公司被黑
黑客在05/21/2009向lxlabs.com向对方报告了多个lxadmin/kloxo安全漏洞,但是为引起对方关注,06/07/2009在milw0rm.com公布了,我认为是部分的漏洞,地址是http://www.milw0rm.com/exploits/8880,因为我昨天就看到了相关的漏洞,需要取得本地权限之后才能获得管理员权限,所以我相信黑客是公示的这些漏洞可能在如何获得本地有所保留的,实际他可能可以轻松的获得本地权限进而获得管理员权限。今天多家VPS公司被黑,vaserv.com旗下的cheapvps、fsckvps等都受到严重影响,部分服务器数据甚至被删除,目前所有的VPS都被断开,网站都无法访问。我在北京时间08/06/2009打开vaserv.com的网站看到At approx 7pm GMT VASERV HyperVM was hacked and it appears that all nodes have some level of damage. We are currently working on the situation and will be putting updates here.
Currently we have no ETA on this
23:18 GMT. We are going to bring the support desk back online shortly so we can start getting a track of where customers are.
Per DC
LA FSCKVPS - People are onsite working on the system
WireSix Atlanta - People are working onsite
TMS - Expecting someone onsite within 1 hour
UK - We have 4 people onsite and gauging status
Overall it looks like /boot on the nodes has been removed. Some nodes are definitly missing /vz data and others have it intact. We will be going node by node to get things going ASAP.
Our HyperVM db's are intact so this means we can link everyone to their VPS
23:56 GMT: We now have a rolling action plain in place for all nodes and are starting checks/restores. Please note we are expecting at least 24-48 hours to get things even remotly stable
00:32 GMT: We have so far done some test rebuilds on 5 boxes and results look semi promsing for the root VPS data (/vz). /etc/ was removed meaning config files need rebuilding however this is easy enough to do from HyperVM database. As it stands we will NOT be giving public access to HyperVM for the forseable future. We may/may not still use it internally via some very strong firewall controls. For rebuilds etc we will be asking people to do support tickets etc
01:45 GMT: We are finding some empty nodes bu generally we would estimate 80-90% of data is intact. We have started to bring a few customers onine and will be bringing others online/informing about node status in the next few hours. Currently we are still working with onsite staff + providers to restore access to servers. We are still standing by our 24-48 hour window
05:05 GMT: vz1uk.vaserv.com restore
server3.fsckvps.com restored
vz5uk.vaserv.com - full data loss
vz7uk.vaserv.com - full data loss
05:22 GMT: We have approx 90% of the fsckvps nodes now online and are working on restroing VPS access. Currently we are putting everone on the same basic config just so things are up and will go round setting correct limits when things are calmer.
For LA vaserv ndoes all have been reloaded but need configs re-creating which we will do once our HyperVM VASERV is restored, through there won't be public access to start with, if at all. VAServ Texas are about all restored. UK we are about 50% of the way through and have 3 people working flat out on it
05:33 GMT server5.fsckvps.com restored
05:36 GMT server7.fsckvpscom restored
05:43 GMT servr9 appears to have full data loss
05:48 GMT server8.fsckvps.com full data loss
05:52 GMT server6.fsckvps.com restored
本文首发于诚信空间:http://www.9125.info/thread-394-1-1.html 恐怖~~~~~~~~~~~~~~~~~
页:
[1]