Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Veesp.com Warning

Veesp.com Warning

i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

Comments

  • Lord have mercy...

    This is going to be fun.

  • NekkiNekki Member

    johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    Erm - what makes you think it's the administration? More likely you just got hacked. Reinstall your server, I'll bet it's not there.

    'Nekki can not stand behind the penis' - Shc on Hostloc

    Thanked by 2bersy Fusl
    1. OP probably used a cracked Windows ISO with malware.

    2. OP did not secure their OS and got pwned.

    3. Tinfoil hats.

    Thanked by 2Fries Fusl
  • ngstargatengstargate Member, Provider

    Server 2008 r2 without latest updates will be hacked in 5-10 min max.

    PrimaHost - Linux and Windows VPS - Germany, France, Canada

    Thanked by 1Aidan
  • WSSWSS Member

    @mikewazar said: 1. OP probably used a cracked Windows ISO with malware.

    1. OP did not secure their OS and got pwned.

    2. Tinfoil hats.

    Ooh. Can I order a combo?

  • @WSS said:

    @mikewazar said: 1. OP probably used a cracked Windows ISO with malware.

    1. OP did not secure their OS and got pwned.

    2. Tinfoil hats.

    Ooh. Can I order a combo?

    $7

  • Shot2Shot2 Member
    edited August 19

    @mikewazar said:

    1. OP probably used a cracked Windows ISO with malware.

    2. OP did not secure their OS and got pwned.

    3. Tinfoil hats.

    then 4. install Debian thx

    Providing less than /64 means "we are clueless about IPv6". Happy customer of HostHatch, Online, Porkbun, Veesp…

  • @johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    Yo mama so fat each of her butt-cheeks has its own /8.

  • WSSWSS Member

    @mikewazar said: $7

    That's pretty rich for my blood.

  • @teamacc said:

    @johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

  • @johnwayne said:

    @teamacc said:

    @johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Reinstall from where.

    Yo mama so fat each of her butt-cheeks has its own /8.

  • @teamacc said:

    @johnwayne said:

    @teamacc said:

    @johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    If by "the administration" you mean "hackers that hacked your vps due to you not securing it properly" or "the windows image i downloaded of the internet and came preloaded with it/malware that installed it" then you're pretty much on point.

    no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Reinstall from where.

    from the backend of veesp.com ! if you are interested you can take a look via teamviewer and we can do a reinstallation !

  • caracalcaracal Member
    edited August 19

    We hear what you're saying but we're saying that it's far more likely one of these things happened:

    1. The .iso you used has the miner software already pre-installed.
    2. Your server is unsecured and is hacked within minutes.

    It really does not make much sense for VPS operators to hack into your account to install a miner. It wouldn't be the most efficient way to get income, keeping in mind that they also sent you an abuse message.

    I sure hope that it isn't pre-installed in their official templates.

    meow?

  • @caracal said: We hear what you're saying but we're saying that it's far more likely one of these things happened:

    1. The .iso you used has the miner software already pre-installed.
    2. Your server is unsecured and is hacked within minutes.

    It really does not make much sense for VPS operators to hack into your account to install a miner. It wouldn't be the most efficient way to get income, keeping in mind that they also sent you an abuse message.

    that makes sense, but as i said, i did not use my own iso, the reinstallation was from the veesp.com backend !

  • NekkiNekki Member

    johnwayne said: that makes sense, but as i said, i did not use my own iso, the reinstallation was from the veesp.com backend !

    Did you immediately secure the server and get it patched up?

    'Nekki can not stand behind the penis' - Shc on Hostloc

  • ngstargatengstargate Member, Provider

    johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Fresh installed Server 2008 R2 hacked in 5-10 min IF YOU DON'T CLOSE ALL SMB PORTS 137,138 UDP and 139,445 TCP.

    PrimaHost - Linux and Windows VPS - Germany, France, Canada

  • quickquick Member
    edited August 19

    Joined 5:14PM

    @veesp

  • @ngstargate said:

    johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    Fresh installed Server 2008 R2 hacked in 5-10 min IF YOU DON'T CLOSE ALL SMB PORTS 137,138 UDP and 139,445 TCP.

    Who uses Windows Server 2008? I'd be using 2016 if I were him.

    #WSSForked

  • WilliamWilliam Member, Provider

    johnwayne said: no i dont mean "hackers" i mean the administration of veesp.com ! i do not download anything, i dont recieve files from other users or something ! after the reinstallation from windows the monero miner was still on my vps !

    why would they do this, and THEN send YOU abuse for it?

    They can run on the host. Or create a new VPS for it. Using a customer VPS makes zero sense, actually MINUS as it WILL cause more issues.

  • NeoonNeoon Member
    edited August 19

    Sounds like a unpatched windows machine.

    Thanked by 2WSS Aidan
  • cxcoolcxcool Member

    Amazing - -...i think the system iso have been hacked ....

  • VeespVeesp Member, Provider

    @johnwayne said: i want to warn users from veesp.com, the administration are installing monero miner on the customer server !!!!!!!!!! i´ve paid for a 1 month vps and after several days i get a abuse message from the technical team about my Cpu utilization, i´ve checked the task manager and there was a monero miner in the tasks! so i killed the vps and made a re installation from windows, and i checked again the task manager, the miner was again in the tasks!

    Come on, this is ridiculous) We are an official Microsoft SPLA partner and using only the official licensed OS. As it was said before, there is no sense in installing miners on customers' servers, we have the whole data center full of hardware)

  • RhysRhys Member

    You're really really stupid.

    I recommend hosting at Hostigation (Aff) and IonSwitch (Aff)

    Thanked by 1Aidan
  • JorboxJorbox Member

    the same happend to me they told me that Im using the server for sending spam emails while the server is fresh Ubuntu server and there's not Apache or anything on it and I don't even use it, then they told me that If I did that again they will terminate the server then I turned off the server since I don't use it at all !!

  • JorboxJorbox Member

    another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

  • MikeAMikeA Member, Provider

    Why would they install it on your VPS when they could just install it on the hypervisor.

    ExtraVM - DDoS Protected VPS - US, CA, FR, SNG

    Thanked by 1Aidan
  • WilliamWilliam Member, Provider
    edited August 19

    cxcool said: Amazing - -...i think the system iso have been hacked ....

    No. It is simply impossible to login and update to a status where it is safe if the thing is on public internet directly. This is not their problem, at all.

    The ISOs are normal, verified by checksum, Microsoft ISOs. They are absolutely fine.

    Jorbox said: told me that Im using the server for sending spam emails while the server is fresh Ubuntu server

    You selected an insecure root password and got bruteforced. This is trivial to verify with access to the system; not doing so is your fault - you cannot blame them retroactive now.

    Jorbox said: then I turned off the server since I don't use it at all !!

    Turned off servers are started if the HV is rebooted in certain systems. So your hacked box got turned on again on the next system update they ran.

    Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    You got hacked again. 100% usage is always a cryptominer.

  • JorboxJorbox Member

    @William said:

    cxcool said: Amazing - -...i think the system iso have been hacked ....

    No. It is simply impossible to login and update to a status where it is safe if the thing is on public internet directly. This is not their problem, at all.

    The ISOs are normal, verified by checksum, Microsoft ISOs. They are absolutely fine.

    Jorbox said: told me that Im using the server for sending spam emails while the server is fresh Ubuntu server

    You selected an insecure root password and got bruteforced. This is trivial to verify with access to the system; not doing so is your fault - you cannot blame them retroactive now.

    Jorbox said: then I turned off the server since I don't use it at all !!

    Turned off servers are started if the HV is rebooted in certain systems. So your hacked box got turned on again on the next system update they ran.

    Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    You got hacked again. 100% usage is always a cryptominer.

    I use their auto generated password that contains numbers and dumb characters and also its a fresh install server nothing changed on it and no viruses at all.

    Thanked by 1johnwayne
  • @Jorbox said: the same happend to me they told me that Im using the server for sending spam emails while the server is fresh Ubuntu server and there's not Apache or anything on it and I don't even use it, then they told me that If I did that again they will terminate the server then I turned off the server since I don't use it at all !!

    that exactly happened to me also !!!!!

    @Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    same here !!!!!!

    i use also auto generated password !

  • sanvitsanvit Member

    @johnwayne said:

    @Jorbox said: the same happend to me they told me that Im using the server for sending spam emails while the server is fresh Ubuntu server and there's not Apache or anything on it and I don't even use it, then they told me that If I did that again they will terminate the server then I turned off the server since I don't use it at all !!

    that exactly happened to me also !!!!!

    @Jorbox said: another time they told me that the CPU of the server is reaching 100% while the server is not even used by me so there's something wrong

    same here !!!!!!

    i use also auto generated password !

    Can you post the auto-generated password here please(assuming that you changed it already)??

    BunnyCDN - A lightning fast CDN at a fraction of the cost (ref)

  • RIYADRIYAD Member, Provider

    OH God , why would a provider sell vps and install cpu intense script and then complain end user for abusing :|

    Host4Fun.Com - Get 2GB RAM KVM VPS for $7/m @ Singapore , Los Angeles , Serbia ,Atlanta, Ashburn, Chicago , Phoenix , New York, Dallas , Oregon , Canada , Netherlands, France , Germany , Poland . KVM VPS at 15+Locations !

  • WilliamWilliam Member, Provider

    Jorbox said: I use their auto generated password that contains numbers and dumb characters and also its a fresh install server nothing changed on it and no viruses at all.

    I crack you like 8 alphanumeric characters in merely hours, at most, if your CPU is uncapped and i can hammer your SSHd with a full Gbit+ (AND it supports AES-NI ideally) probably even minutes. And once done your server starts the same on other servers if the hacker wants so... and so it fully automated just continues, with zero work or interaction by the botmaster.

    Using passwords below, at least IMO, 20 chars ESPECIALLY if you only copy paste them anyway is dumb. Not using ssh keys is also dumb. Using keys and not disabling PW login is dumb.

    In fact while very entertaining by the insane level of stupidity some show here this thread is useless/dangerous, from start to end which is hopefully soon enough...

    • Russian servers are scanned more heavily - because they tend to be like China and South America rather abuse safe once taken over (i see this also on my boxes compared to eg. Germany)

    • Bruteforcing SSH without fail2ban or rate limiting is trivial and can be done very fast (with ISPs permission i am very willing to prove that point)

    • Sending the customer abuse for spam/mining the ISP did intentionally after bruting the servers SSHd/root, which they do not need to as root on the host in the first place, is so dumb no one can really consider that this happens in reality

  • If windows os got hacked, than its outdated. Provider should update os template and customer do the same as soon as os installed. Win 08 is old and should be used only if necessary.

    LTniger - Light Nigerian Citizen.

    Thanked by 1johnwayne
  • WilliamWilliam Member, Provider
    edited August 20

    LTniger said: Provider should update os template and customer do the same as soon as os installed

    There is no template. This uses ISOs.

    Modifications of MS isos are generally not allowed and templates for windows are hard to build and maintain.

    Thus if anyone at all, M$ should generate and offer new ISOs which - according to the dates i see on the download pages for eval even - was not done.

    In case of 2008 (non R2, no and SP1) the entire OS is end of life as well since 2015.

  • yokowasisyokowasis Member
    edited August 20

    @William said:

    [Jorbox said]

    What about changing ssh port ? In my case, the notification of failed login stopped when I change my ssh port.

    Because I rebuild my vps often generating ssh key after every rebuild is APITA.

  • JorboxJorbox Member
    edited August 20

    @yokowasis said:

    @William said:

    [Jorbox said]

    What about changing ssh port ? In my case, the notification of failed login stopped when I change my ssh port.

    Because I rebuild my vps often generating ssh key after every rebuild is APITA.

    The server is fresh installed with no programs and the password is auto generated by them there are millions of servers worldwide use the default port that's not the proplem the proplem is first time they told me that I have reached 100% many times,, after a week they told me that I use the server for spam while I don't use the server at all , and its on the default condition,,, so there's something wrong with their system.

  • FuslFusl Member
    edited August 21

    Someone please hand me the popcorn?

    Please do us all admins a favor and cancel this service with Veesp immediately and go back to learning for school.

    I'm running a large amount of OpenNIC's uncensored, open and democratic alternative Tier2 DNS resolvers. Now with Anycast! | We also provide a lot of locations and providers on our Looking Glass | 3 PB data storage (CEPH + ZFS mixed)

  • I bet @OP's computer is infected and the shit spreads itself to the server over remote desktop each time he re-installs it.

  • Good Day to everyone,

    i want to warn users also from Veesp ! I bought today a VPS and ive found a Monero Miner also on my VPS !

    you can find a Screenshot here:

    http://imgur.com/dIOtSWU

    i dont know how this happen, but it was 20 minutes after i installed Windows on the VPS !

  • NekkiNekki Member
    edited August 22

    Did everyone else know you can make a meme of any image on imgur?

    image

    'Nekki can not stand behind the penis' - Shc on Hostloc

    Thanked by 1Aidan
  • If someone is interested he can get in touch with me trough ICQ or Jabber, we can do a fresh installation together

  • AmitzAmitz Moderator

    rainersport said: If someone is interested he can get in touch with me trough ICQ or Jabber, we can do a fresh installation together

    Sounds like an interesting experiment. Any volunteers for that? Ain't got no time myself.

  • stefemanstefeman Member
    edited August 22

    I can do this if he uses https://www.join.me/. I'll record the screen sharing and post it to youtube so you all can then view it. Rainer, PM me ur skype/discord. the claims are so outrageous its worth to check out.

  • AnthonySmithAnthonySmith Member, Provider

    This has got to be one of the most ridiculous threads this year, this is exactly why managed products exist, you dont know what you are doing but seem to think you do.

    How about you apologize for being ridiculous or provide some actual proof, it would take all of 10 minutes to provide although I suspect you won't be able too as you clearly don't even know what you don't know.

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ - | 50% OFF Phoenix AZ KVM. | 256mb & 512mb UK
    ServersNV a brand of Inception Hosting Limited - UK KVM and OpenVZ - | ^Use CODE: 50offphx4life | ^€8.00 p/year LIMITED

    Thanked by 1Fusl
Sign In or Register to comment.