Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!

RaymiiRaymii Member
edited February 2013 in General

Ok this @NITEDREAM user just send me a PM with only an URL and "ChicagoVPS DB DUMP" in it. Might be spam, so be warned. @Liam banhammer?

Edit: Blurred the screenshot URL:

«13456712

Comments

  • vedranvedran Veteran

    Can you please PM me that URL?

  • mikhomikho Member, Host Rep

    sent it to me aswell, messaged Chris, Kevin and Luc about it.... might wanna blur the link @raymii

  • support123support123 Member

    @MikHo said: sent it to me aswell, messaged Chris, Kevin and Luc about it.... might wanna blur the link @raymii

    There might be some virus installer in that download.

  • vedranvedran Veteran

    Banned

  • BradNDBradND Member
    edited February 2013

    Edit: Is this legit? If so is there a solus exploit?

  • SimpleNodeSimpleNode Member
    edited February 2013

    Interesting. I don't think anyone knows if it's legit.

  • RaymiiRaymii Member
    edited February 2013

    @ftpit said: There might be some virus installer in that download.

    Nah it has a legit sql dump in it:

    LOCK TABLES `administrators` WRITE;
/*!40000 ALTER TABLE `administrators` DISABLE KEYS */;
INSERT INTO `administrators` VALUES (1,'vpsadmin','','[email protected]','Chris','Fabozzi',[...]
/*!40000 ALTER TABLE `administrators` ENABLE KEYS */;
UNLOCK TABLES;
  • HoloshedHoloshed Member

    Yeah it is legit sql info and nothing more. How old the dump is? I do not know, I did however look at the timestamp on the last admin added and it is not too old:

    TIME STAMP: 1351992904
    DATE (M/D/Y @ h:m:s): 11 / 03 / 12 @ 8:35:04pm EST

    It shows the sql file created Feb 8th, 2013 though.

  • vedranvedran Veteran

    That would be from the time their servers got compromised. Old news then

  • RaymiiRaymii Member

    Cannot find a mediafire report link on the page... Hope this is not a SolusVM zero day :P

  • HoloshedHoloshed Member

    @vedran said: That would be from the time their servers got compromised. Old news then

    Looking through time stamps on the admin log entries, they all show around November of last year so I would say this sql file is from last year.

  • letboxletbox Member, Patron Provider

    Interesting, to know what is happend!

  • causecause Member

    I got a mail "ChicagoVPS - Global Password Resets" today.
    they expired all solus passwords as their "new security policies". without any info about this leakage.

  • meromero Member

    I got this mail, too. At first I thought it was a scam... But better change my PW now.

  • cosmicgatecosmicgate Member

    Could be true because the pw to my account keeps "reset" by itself no matter how many times I've changed it , eg: If i change my passwd today, it would be reset to some other passwd a couple days later. This is scary as my suspicion has just been confirmed.

  • Jono20201Jono20201 Member

    @cause said: I got a mail "ChicagoVPS - Global Password Resets" today.

    they expired all solus passwords as their "new security policies". without any info about this leakage.

    I also got this today, consequence?

  • ErawanArifNugrohoErawanArifNugroho Member

    This is in Google first page... Would be this post removed later?

  • NickMNickM Member

    @ErawanArifNugroho said: This is in Google first page... Would be this post removed later?

    Why should it be removed?

  • blackblack Member

    @ErawanArifNugroho said: This is in Google first page... Would be this post removed later?

    It's probably just you, since google displays personalized results.

  • ErawanArifNugrohoErawanArifNugroho Member

    @black ah.. so it's just the cached...

  • mikhomikho Member, Host Rep

    out of curiosity, to the ones who have the db, does it say how many nodes cvps has?
    Since Chris always talks about how big the company is.

  • causecause Member

    thier notification mail was sent on
    Date: Thu, 28 Feb 2013 03:42:23 -0500
    before Raymii posted here. But I could not find any legit reason to reset passwords today except this.
    seems they were trying to hide it.

  • rds100rds100 Member

    @cause "Trying to hide it" would be just doing nothing, pretending that nothing happened. Maybe they just learned about this leak today (got a pointer to the database or something).

  • BradNDBradND Member
    edited February 2013

    Oh, so not a solus exploit. Not to worry then.

  • ChanChan Member

    Got this just now

    Hi Chan,

    This is a service advisory notice from ChicagoVPS as we noticed you have one or more active VPS with us. As we've recently noticed an increase in customers utilizing easy to guess passwords, we are requiring all VPS control panel passwords to be reset as a precaution to protect your VPS container and its contents. We are performing a password rotation often as part of our new security policies and also to remind you as the customer to do your part in keeping your password secure and to use a complex password. We also recommend changing your passwords every few months.

    From Feb. 28, 2013 onwards, all current VPS control panel passwords have been expired. You will no longer be able to login with your old credentials, and in order to access your control panel moving forward you must access https://manage.chicagovps.net:5656/login.php and click on the "Forgot Password" link. By doing that it will send you an email with a brand new randomly generated password.

    Thank you for being a loyal customer of ChicagoVPS and for your cooperation as we do our part in keeping our users safe. If you have any questions please submit a support ticket.

    Warm Regards,

    ChicagoVPS Team

    http://www.chicagovps.net/

    Support Email: [email protected]

    Sales Email: [email protected]
    Pingdom Report: http://stats.pingdom.com/jzrszp4wfu79
    Facebook: http://www.facebook.com/chicagovps
    Twitter: http://twitter.com/chicagovps

  • eastoncheastonch Member

    Depends if the db is full, was it a whmcs db or the solus db?

    I suspect solus to what I've read so far. Bit on the weird side..

  • SimpleNodeSimpleNode Member
    edited February 2013

    Yes, it's legit sql info, however it's taking a while to open so I'm not going to bother.

    One of the oddest reasons to need an SSD in my laptop.

    EDIT: @eastonch from what I can see in the first few lines, it's solus

  • EpidriveEpidrive Member

    You guise watch out. The mediafire link might contain a RAT or a virus binded with the file. So ya'll be careful

  • blackblack Member

    @Chan said: As we've recently noticed an increase in customers utilizing easy to guess passwords, we are requiring all VPS control panel passwords to be reset as a precaution to protect your VPS container and its contents. We are performing a password rotation often as part of our new security policies and also to remind you as the customer to do your part in keeping your password secure and to use a complex password.

    So how do they notice that customers are using "easy to guess" passwords? Aren't passwords supposed to be salted and hashed?

    It also seems like the customers are being blamed for this breach. This is the part I don't understand.

  • NekkiNekki Veteran

    @black said: So how do they notice that customers are using "easy to guess" passwords? Aren't passwords supposed to be salted and hashed?

    That was my first thought too.

This discussion has been closed.