Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Gadgetz hacked
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Gadgetz hacked

No big surprise here, but still...

Dear Nyr,

We know there is no easy way to say this.

Due to situations not under our control, we will no longer be able to provide our services to our clients.

Any payments that were made within the past 24 hours have already been refunded.

Earlier today, our servers/VPS Nodes were hacked and all data has been lost.

We are currently attempting to recover client data, and if we are successful in our attempt, we'll be uploading disk image files on request.

As our servers were hacked and have been damaged beyond repair, we will not be able to leave them online.

As a result, SolusVM, our Client Area, our website, and our servers will be inaccessible.

This is the last thing we wanted to do, but due to situations that are way beyond our control, we're having to do this only a day after posting our latest offer.

We hope you can understand our situation here, if we would have seen this coming, we would not have posted offers just yesterday.

We will not be able to offer refunds to clients that made payments before the past 24 hours, sadly. Again, the situation is not under our control, as we would not have wanted things to go this way and we never wanted to do this.

We would like to thank you for trusting us and being a valued customer.

If you have any further questions, email us at : [email protected]

Again, we deeply regret doing this, and we sincerely apologize for any inconvenience this may have caused you.

(Not : As far as we know, no client data was compromised, but we'd suggest you to change passwords if you were using the same passwords as you were using with us elsewhere)

«1

Comments

  • yupp just got the email as well..

  • ReeceReece Member
    edited February 2014

    Terrible to hear! Wasn't they involved in BuyMyVM too?

  • What the hell. I paid a invoice 3 days ago. Seriously i dont care what happend. I want my money back.

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • Bummer. I liked my 2gb KVM :(

  • so, another deadpool host?

    Recommended Hosts: Bandwagonhost - Cool in-house panel | RamNode - Great Performance + Fast Support!

  • InfinityInfinity Member, Provider

    All of their servers were hacked, hmm. I guess for the best, if you can't keep your servers secure or keep backups then you don't deserve clients.

    Thanked by 2Mark_R vRozenSch00n

    Cablestreet - London based ISP - Managed Solutions, Carrier Services, Colocation, Dedicated Servers, VMs, and more..

  • @Infinity said:
    All of their servers were hacked, hmm. I guess for the best, if you can't keep your servers secure or keep backups then you don't deserve clients.

    ^this

    They were quite friendly and I liked their service. But I don't accept to loose a whole month of service which I prepaid just because they are not able to secure their servers. If they don't refund me I will open a case with paypal.

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • BradBrad Member, Provider

    Let's make a daily payment! Monthly are too risky.

  • @Brad said:
    Let's make a daily payment! Monthly are too risky.

    Sadly we would be talking cents a day, the fee's alone would kill you before the month ends :)

  • PwnerPwner Member
    edited February 2014

    This seriously sucks, they had great and courteous services. I was glad to see how far the founder of this company has come, and suddenly this happens. I'm sure if anyone feels the worst, it's him.

    Dude, don't feel too bad or be hard on yourself, you gave people a great and reliable service and created a good name for yourself in the community. You are a really nice guy who cares for his clients. We just gotta know that there will always be that one asshole who has to ruin good things for everyone else.

    At everyone having issues with the refunds, don't get mad at the owner, he's doing the best he can to refund everyone and make the most out of the current situation. I'm pretty sure he is stressed out on his own trying to give all his clients their refunds back, don't start bad mouthing him or putting him down, because if there was ever a person I met who was dedicated to his clients, it was @dhamaniasad :)

    Thanked by 1vRozenSch00n
  • @Brad said:
    Let's make a daily payment! Monthly are too risky.

    Yea, lovely payment fees too :-)

    I believe the guys behind Gadgetz are @dhamaniasad and @0xdragon which are the script kiddies who defaced amateur @mazker / BuyMyVM

  • @c0y said:
    I believe the guys behind Gadgetz are dhamaniasad and 0xdragon which are the script kiddies who defaced amateur mazker / BuyMyVM

    AFAIK:
    @dhamaniasad is the owner
    @0xdragon WAS a supporter

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • @trexos said:
    0xdragon WAS a supporter

    Nope, he had "I work for Gadgetz, my opinions blabla" in his sig for a long time

  • @c0y

    Yes I meant he was part of the support team

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • Mark_RMark_R Member
    edited February 2014

    r.i.p.

  • They like the phrase

    due to situations not under our control

    2 Jan 2014, I received an email including the phrase that announcing free VPS termination.

  • @Infinity said: All of their servers were hacked, hmm. I guess for the best, if you can't keep your servers secure or keep backups then you don't deserve clients.

    Part of the reason why we're closing.

    @Pwner said: This seriously sucks, they had great and courteous services. I was glad to see how far the founder of this company has come, and suddenly this happens. I'm sure if anyone feels the worst, it's him.

    Dude, don't feel too bad or be hard on yourself, you gave people a great and reliable service and created a good name for yourself in the community. You are a really nice guy who cares for his clients. We just gotta know that there will always be that one asshole who has to ruin good things for everyone else.

    At everyone having issues with the refunds, don't get mad at the owner, he's doing the best he can to refund everyone and make the most out of the current situation. I'm pretty sure he is stressed out on his own trying to give all his clients their refunds back, don't start bad mouthing him or putting him down, because if there was ever a person I met who was dedicated to his clients, it was @dhamaniasad :)

    You are right, I feel terrible about doing this, but it is for the best. Thanks a lot for your positive comments. Means a lot to me.

    @trexos said: AFAIK: dhamaniasad is the owner 0xdragon WAS a supporter

    You are correct, he stopped working with me a while ago.

  • @amj said:
    They like the phrase
    2 Jan 2014, I received an email including the phrase that announcing free VPS termination.

    yeah I got that too, some people didnt even have access to their freevps. When I finally did for a bit they get hacked. Cant say I didnt see it coming they seemed terribly unprepared to run a business.

  • MicrolinuxMicrolinux Member
    edited February 2014

    Again, the situation is not under our control

    Because maintaining the security of their servers was not their responsibility . . . IT'S NOT OUR FAULT WE GOT HACKED!!11!!1!

    I would have to suspect they had other bigger problems if they're jumping ship because they need to rebuild servers.

  • "We will not be able to offer refunds to clients that made payments before the past 24 hours" You can too refund! Just because you dont have client data but your paypal has payment history! So thats a crock of bullsh!t. Sorry why take your clients money! If you can no longer provide services?

    Thanked by 1mpkossen

    Tactical VPS | KVM and OpenVZ | FL (Go Rack) | L.A. (WebNX) | Dallas (Query Foundry) | https://billing.tacticalvps.net

  • wcypierrewcypierre Member
    edited February 2014

    Any stories of the hack? WHMCS 0day?

    Recommended Hosts: Bandwagonhost - Cool in-house panel | RamNode - Great Performance + Fast Support!

  • @Zen said:
    In what way?

    just their ticket response time was bad kept telling me lies this and that would be done and nothing for weeks on end till I opened the thread here on LET. Lets not mention right now they are trying to run and not return any payments made prior to the last 24hours. Good thing I didnt fall for their continuous pitch of upgrading to a paid service.

  • @Microlinux said: Because maintaining the security of their servers was not their responsibility . . . IT'S NOT OUR FAULT WE GOT HACKED!!11!!1!

    I would have to suspect they had other bigger problems if they're jumping ship because they need to rebuild servers.

    All I can say is I am extremely apologetic that I have to do this, and that any of this happened. This is not the only reason we're closing, there are multiple personal reasons I am doing this, but its for the best.

    @Ian_ said: "We will not be able to offer refunds to clients that made payments before the past 24 hours" You can too refund! Just because you dont have client data but your paypal has payment history! So thats a crock of bullsh!t. Sorry why take your clients money! If you can no longer provide services?

    Refunds are being taken care of. All clients who paid their invoices for this month will be given a refund, just email me at [email protected]

    @wcypierre said: Any stories of the hack? WHMCS 0day?

    Our WHMCS wasn't hacked.

  • @akz said:
    just their ticket response time was bad kept telling me lies this and that would be done and nothing for weeks on end till I opened the thread here on LET. Lets not mention right now they are trying to run and not return any payments made prior to the last 24hours. Good thing I didnt fall for their continuous pitch of upgrading to a paid service.

    We were planning to move our VPS Starter users due to issues with our server with VolumeDrive in Pennsylvania. We are not trying to run away, please email me at [email protected] to receive a refund for any payment you've made it in the past 19 days. When you opened the thread on LET, we were just doing the final testing, and hence why were able to move you soon. You would have been moved regardless of having opened a thread.

  • I think many are still waiting for how it happened.

  • @dhamaniasad solus hack ?

    I am not Rick

  • LinkkingLinkking Member
    edited February 2014

    @Pwner said:
    This seriously sucks, they had great and courteous services. I was glad to see how far the founder of this company has come, and suddenly this happens. I'm sure if anyone feels the worst, it's him.

    Dude, don't feel too bad or be hard on yourself, you gave people a great and reliable service and created a good name for yourself in the community. You are a really nice guy who cares for his clients. We just gotta know that there will always be that one asshole who has to ruin good things for everyone else.

    At everyone having issues with the refunds, don't get mad at the owner, he's doing the best he can to refund everyone and make the most out of the current situation. I'm pretty sure he is stressed out on his own trying to give all his clients their refunds back, don't start bad mouthing him or putting him down, because if there was ever a person I met who was dedicated to his clients, it was dhamaniasad :)

    Are you serious? People paid for a service.
    You don't stand outside of farms with your mates holding banners with vegetable rights and peace plastered all over them do you?
    Bring back stoning I say..

    Thanked by 2Lee Inglar
  • @ftpit @W1V_Lee No, our server was hacked using the IPMI console. The IP for the IPMI console was nulled for the past 2 weeks as someone tried DDoSing it, I just got the null route closed last night, and I woke up to a blank server. There's not much more I can say about this.

    Thanked by 1Lee
  • @dhamaniasad said:
    ftpit W1V_Lee No, our server was hacked using the IPMI console. The IP for the IPMI console was nulled for the past 2 weeks as someone tried DDoSing it, I just got the null route closed last night, and I woke up to a blank server. There's not much more I can say about this.

    Seems reasonable enough, there's quite a few vulnerabilities in the supermicro IPMI firmware.

  • @kaniini said:
    Seems reasonable enough, there's quite a few vulnerabilities in the supermicro IPMI firmware.

    We had Dell hardware. So DRAC.

  • Why would IPMI be on a public facing ip in the first place?

    From Wikipedia:

    The Intelligent Platform Management Interface (IPMI) is a standardized computer system interface used by system administrators for out-of-band management of computer systems and monitoring of their operation. It is a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell.

    http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface

    Fast Affordable Professional Virtual Private Servers
    No situation is too much of a handful for us. Let us give you a helping hand with this: FAPVPS Special Offers
  • @fapvps said: Why would IPMI be on a public facing ip in the first place?

    I have a dynamic IP, I use multiple ISPs. Using VPN's makes IPMI unusable due to lag, hence I did not do a IP whitelist. Someone came to know of my IPMI IP, I did not share it publicly.

  • @dhamaniasad said:
    I have a dynamic IP, I use multiple ISPs. Using VPN's makes IPMI unusable due to lag, hence I did not do a IP whitelist. Someone came to know of my IPMI IP, I did not share it publicly.

    So making jump box is out of the question? Set up a >$20/year vps that runs only ssh and nothing else and only allow connection from that box. It is not that difficult to port scan random ip ranges to find vulnerable services automatically and destroy them for the lulz...people do it all the time...It is very very sad but happens all the time.

    Fast Affordable Professional Virtual Private Servers
    No situation is too much of a handful for us. Let us give you a helping hand with this: FAPVPS Special Offers
  • @fapvps said: So making jump box is out of the question? Set up a >$20/year vps that runs only ssh and nothing else and only allow connection from that box. It is not that difficult to port scan random ip ranges to find vulnerable services automatically and destroy them for the lulz...people do it all the time...It is very very sad but happens all the time.

    I did that using a DO VPS running x2go on it, but only for mounting ISO images. KVM-over-IP is already so latency sensitive. I tried using it through a VPS but it was unusable.

  • @dhamaniasad said:

    I understand...But IPMI on a public facing ip is never an option... No IPMI at all is better than a public facing one...What's done is done but that was negligence.

    Fast Affordable Professional Virtual Private Servers
    No situation is too much of a handful for us. Let us give you a helping hand with this: FAPVPS Special Offers
  • @fapvps said: I understand...But IPMI on a public facing ip is never an option... No IPMI at all is better than a public facing one...What's done is done but that was negligence.

    All I can say is I accept my fault here.

    Thanked by 1vRozenSch00n
  • trexostrexos Member
    edited February 2014

    @dhamaniasad said:
    All I can say is I accept my fault here.

    Can you post which hardware you used? and how much paid monthly? Just interested :)

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • @trexos said:
    Can you post which hardware you used? and how much paid monthly? Just interested :)

    PMed.

  • @dhamaniasad said:
    PMed.

    Thank you very much :)

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

  • I'm really sad to hear this, @dhamaniasad.

    Are you sure there is no recovering data etc? I can help if required.

    I left Gadgedz for many personal reasons a few weeks ago, and thought he'd be able to continue without me...

    @c0y said:
    I believe the guys behind Gadgetz are dhamaniasad and 0xdragon which are the script kiddies who defaced amateur mazker / BuyMyVM

    Uncalled for. Also, who did I deface? O.o

    This signature wasted 121 bytes of your data allocation.

    https://nixstats.com/report/56b53d6465689e44598b4567

  • c0y said: I believe the guys behind Gadgetz are @dhamaniasad and @0xdragon which are the script kiddies who defaced amateur @mazker / BuyMyVM

    Also waiting for evidence of this in support. If you can back it up then let's hear it.

  • It seems that many here feel sorry for poor @dhamaniasad but I am going to agree with @Ian_

    @Ian_ said - So thats a crock of bullsh!t.

  • @W1V_Lee said: Also waiting for evidence of this in support. If you can back it up then let's hear it.

    I provided enough evidence of the contrary on that thread. We had no reason to deface his website. I merely noticed it, and posted it. Now please tell me if I started a thread about the recent Kickstarter hacking then I would be held responsible for it?

  • dhamaniasad said: Now please tell me if I started a thread about the recent Kickstarter hacking then I would be held responsible for it?

    I am not saying whether you did or did not, I would just like to see evidence to back up what @c0y claims. Or is he just trolling? Don't know.

  • @dhamaniasad said:

    I know this doesn't help your situation; however may be helpful in the future or for others.

    IPMI should always be through VPN on private IP address, PFSense can be used easily for this purpose. If you have latency issue, you can set up a VPS/Server local to the network and control on a remote desktop.

  • @dhamaniasad said:
    Someone came to know of my IPMI IP, I did not share it publicly.

    If an IP is connected to the Internet and responding on any port, consider it shared publicly.

    You're incredibly lucky you made it this long . . .

  • @dhamaniasad Be strong brother.

    Thanked by 1dhamaniasad

    Happy to be alive and kicking!

  • ryanarpryanarp Member, Provider
    edited February 2014

    Thankfully some providers are implementing IPMI Firewalls to help protect their customers by default. This can be setup in the IPMI Device, but an external firewall helps to be an extra shield/layer of protection to all these mentioned vulnerabilities that exist.

    Thanked by 2Lee vRozenSch00n
  • dhamaniasaddhamaniasad Member
    edited February 2014

    For everyone on our KVM plans who was affected by this, we've made a deal with @fapvps to make sure you get to continue your services with another provider for the same prices. :

    Dear Client,

    >

    We've reached a deal with FAPVPS to accommodate our clients in their existing plans.

    >

    As a part of this offer, you will receive the same plan that you had with us, for the same >prices.

    >

    This is how you can go about claiming the offer :

    >

    Register with FAPVPS here : https://fapvps.com/billing/register.php

    >

    Submit a support ticket with a paid invoice from us attached.

    >

    FAPVPS will provision you a VPS with the same specs you had with us for the same price >you were paying with us, for as long as you keep the VPS.

    >

    FAPVPS will also make your first month of service with them free.

    >

    These tickets will be processed by them manually, so please be patient while you receive >your VPS with them. All you have to do is attach a PDF invoice in the support ticket.

    >

    Also, be sure to include your OS of choice in the ticket.

    >

    With Regards,
    Asad Dhamani,
    Gadgedz

  • Awesome thank you! I hope I will get my VPS soon :)

    Thanked by 2dhamaniasad ryanarp

    OnePoundWebHosting.co.uk | UK XEN VPS from £2 | See their special offers starting from 12£/year here

Sign In or Register to comment.