DomFlow.it - template server was compromised

alexvolk

Just a one hour ago, received this email:

Dear client,
we found that our template server was compromised and attacker tried to install private own key inside it. These key not worked because the cloud was designed to be secure and indepentendet and require own private authenticated keys. This security feature assured that no customer data was taken or modified.

To be sure at 100% we uploaded a backup from the day before the attack then synched all changes manually. As the action required manual intervention we ask you to log inside your account and check that all vm are visible. If you find one or more vm not visible in the panel, not be afraid, just open a trouble ticket to http://www.domflow.it/clientarea.php including ip (or vm url if you had one) and we will import it.

During this work no downtime or outages was caused and we never changed customer data that was safe in private enviroment. VM import will not cause any interruption on vms.

King Regards

AnthonySmith

Sounds like a job well done.

Lee

Certainly appears well handled.

alexvolk

Not well handled at all. Two days ago my "cloud" vps was rebooted without any notice ?

The problem was that domflow staff uploaded old onapp backup. This resulted in missing cpu cores and ram, which I've added few months ago to my vps.

Will be moving shortly away from this fake cloud to normal vps. Small bench if anyone interested:

CPU model :  QEMU Virtual CPU version (cpu64-rhel6)
Number of cores : 1
CPU frequency :  2099.998 MHz
Total amount of ram : 993 MB
Total amount of swap : 1023 MB
System uptime :   2 days, 12:02,       
Download speed from CacheFly: 62.4MB/s 
Download speed from Coloat, Atlanta GA: 17.2MB/s 
Download speed from Softlayer, Dallas, TX: 13.6MB/s 
Download speed from Linode, Tokyo, JP: 7.25MB/s 
Download speed from i3d.net, Rotterdam, NL: 38.6MB/s
Download speed from Leaseweb, Haarlem, NL: 55.5MB/s 
Download speed from Softlayer, Singapore: 5.60MB/s 
Download speed from Softlayer, Seattle, WA: 8.34MB/s 
Download speed from Softlayer, San Jose, CA: 9.61MB/s 
Download speed from Softlayer, Washington, DC: 19.3MB/s 
I/O speed :  87.9 MB/s

Yeah, disk is slow, domflow doesn't use raid, because as they say data is copied to two different dc campus.

black

RAID != backups. RAID in VMs is for performance (more or less). Not a really good argument for not using RAID.

alexvolk

@black said:
RAID != backups. RAID in VMs is for performance (more or less). Not a really good argument for not using RAID.

I know that Raid is not for backups and that's why I've enabled option to enable extra backups by onapp. I only pointed that disk is slow due to not using raid and nothing else.

black

I'm just saying, domflow's argument for not using RAID is poor.

myhken

Tested them out last year, did not like them, deleted my account and my credit there.

alexvolk

@black said:
I'm just saying, domflow's argument for not using RAID is poor.

Ok, understood as message was pointed to me that's why replied. sorry.

vladka24

I think the big issue here is that they use onapp. Ew..

matteob

@alexvolk said:

Hi,
when you say "disk slow" you mean that your service really use more than 87.9 MB/s random writes or just because is not cool as reading 400MB/s?

I ask this because, instead of provider that give full i/o disk access, every vm is limited to i/o performance to avoid any bottleneck. How many time from a regular vps you experienced slow degradation performance? How many you get from us?

This limit is optimal because not influence vm performance but, if some vm's go away and generate high i/o you will not be hitten.

Yeah is not cool for kiddies that love posting uselless "benchmark" script result here, but in live service our enviroment eliminates the last disadvantage compared to a dedicated server.

Also you talked about reboot you get 2 days ago, please if happen again open a trouble ticket and we will watch in, but you can't say that is related to DB import because are two different machines and happened 10 days later!!

My apologies for the CPU & ram changes, but you had two choice to fix it. As wrote in the email, you had two choice:

• Open a trouble ticket asking us to sync it. (this not require any reboot or downtime).

• Do yourself with 2 click action: http://www.domflow.it/knowledgebase.php?action=displayarticle&id=55 As you can see in that video, is very very easy and fast

@myhken said: Tested them out last year, did not like them, deleted my account and my credit there.

You ask a cancellation and was using a free credit... you decided to cancel it....

@vladka24 said:
I think the big issue here is that they use onapp. Ew..

What wrong with onapp? Yes they had issue in past when changed I.S. from groupmon to isd, but now is a very stable enviroment and there are no C.P. that guarantee thats features & performance.

Vald

@matteob

Take it easy man, dont take every critic so serious.
I have been testing your service for some time and its good. I can only say positive things on how you handle things, you are a responsible person indeed, but one thing i cant stand is a rude attitude you are showing even for a tiny critic. I feel that every little thing you take it as offense to your company/reputation, just chill, people will test your service and they will make their decision. I for one, am satisfied and will be using you service in future, just be friendly and professional no matter who it is, kiddies with benchmarks or whatever.