Upvote Upvoted 18 Downvote Downvoted
wezlyyy servers attack
1
#1
17 Frags +

Hello all,

I need to start by saying all the information I disclose below, I am extremely regretful of. If you think you deserve something in compensation from me, add me on Steam.

As of now, not much is known. At around 3:00 AM this morning, I got an email from my VPS provider (for the website) that a recent SolusVM control panel exploit was made on their servers. That I should change my root password and backup all data immediately. This email was sent to me approximately 8 hrs after the website lost functionality.

Almost everything is gone as far as I know. Whoever administered the attack, stole my code, databases, and website content. I have taken extra care to encrypt everyones passwords to the control panels, but if you use this password for anything else, change it right now. They have all my passwords to all of my boxes across the world. I am shutting them down right after this post. No credit card info was stolen, all the payments are done through secure paypal API and Google Checkout. Although, emails may have been found.

I currently have no plans on how to recover this all in the long term.

I will update as I try to work all of this out. If anyone needs a server for a match, add me and I will put up a temp one for you.

I am sorry.

wezlyyy

Hello all,

I need to start by saying all the information I disclose below, I am extremely regretful of. If you think you deserve something in compensation from me, add me on Steam.

As of now, not much is known. At around 3:00 AM this morning, I got an email from my VPS provider (for the website) that a recent SolusVM control panel exploit was made on their servers. That I should change my root password and backup all data immediately. This email was sent to me approximately 8 hrs after the website lost functionality.

Almost everything is gone as far as I know. Whoever administered the attack, stole my code, databases, and website content. I have taken extra care to encrypt everyones passwords to the control panels, but if you use this password for anything else, change it right now. They have all my passwords to all of my boxes across the world. I am shutting them down right after this post. No credit card info was stolen, all the payments are done through secure paypal API and Google Checkout. Although, emails may have been found.

I currently have no plans on how to recover this all in the long term.

I will update as I try to work all of this out. If anyone needs a server for a match, add me and I will put up a temp one for you.

I am sorry.

wezlyyy
2
#2
2 Frags +

okay

okay
3
#3
2 Frags +

Good luck on getting everything back. Must suck to have that happen :P

Good luck on getting everything back. Must suck to have that happen :P
4
#4
0 Frags +

That's pretty fucked up. Sorry to hear that man, good luck getting everything back

That's pretty fucked up. Sorry to hear that man, good luck getting everything back
5
#5
0 Frags +

Wow Wez I was actually just about to look at your site again after I saw it a couple months ago. This really sucks.

Before I saw your website was down I had a couple server and payment processing related questions to ask, but now that I saw this I'm also kindof wondering if you have more details on the attack. I'm running just a few servers, but also in similar locations and presumably datacenters.

Was wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.

Thanks!

Wow Wez I was actually just about to look at your site again after I saw it a couple months ago. This really sucks.

Before I saw your website was down I had a couple server and payment processing related questions to ask, but now that I saw this I'm also kindof wondering if you have more details on the attack. I'm running just a few servers, but also in similar locations and presumably datacenters.

Was wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.

Thanks!
6
#6
0 Frags +
MawrWow Wez I was actually just about to look at your site again after I saw it a couple months ago. This really sucks.

Before I saw your website was down I had a couple server and payment processing related questions to ask, but now that I saw this I'm also kindof wondering if you have more details on the attack. I'm running just a few servers, but also in similar locations and presumably datacenters.

Was wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.

Thanks!

I changed all the root and user passwords to all my dedis and shut down my vps's.

[quote=Mawr]Wow Wez I was actually just about to look at your site again after I saw it a couple months ago. This really sucks.

Before I saw your website was down I had a couple server and payment processing related questions to ask, but now that I saw this I'm also kindof wondering if you have more details on the attack. I'm running just a few servers, but also in similar locations and presumably datacenters.

Was wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.

Thanks![/quote]
I changed all the root and user passwords to all my dedis and shut down my vps's.
7
#7
3 Frags +

Just to let you guys know, Tragic will price match for me with all my old customers.

Big thanks to Tragic for helping everybody transition!

Just to let you guys know, Tragic will price match for me with all my old customers.

Big thanks to Tragic for helping everybody transition!
8
#8
0 Frags +
MawrWas wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.

It was likely his entire provider.

As he said, a popular virtual server control panel (SolusVM) was exploited and that exploit was published on Sunday. That started up a flood of attacks on virtual server providers everywhere, with some getting hit worse than others (mine suffered a huge hit which is taking a while to recover from, and my own server barely escaped the chaos).

I doubt anybody targeted wezlyyy specifically, but rather he became a higher-value target as soon as the attackers had access to the servers and were able to peek at what each one had.

To wezlyyy, best of luck in rebuilding.

[quote=Mawr]Was wondering if you knew the attack was just for your dedicated server, or on the whole network. And any other info you have would be greatly appreciated.[/quote]
It was likely his entire provider.

As he said, a popular virtual server control panel (SolusVM) was exploited and that exploit was published on Sunday. That started up a flood of attacks on virtual server providers everywhere, with some getting hit worse than others (mine suffered a huge hit which is taking a while to recover from, and my own server barely escaped the chaos).

I doubt anybody targeted wezlyyy specifically, but rather he became a higher-value target as soon as the attackers had access to the servers and were able to peek at what each one had.

To wezlyyy, best of luck in rebuilding.
9
#9
SwiftyServers
2 Frags +

Any previous Wezly customers, provide screenshot proof of an invoice and we'll price match. Just contact me via email.

Any previous Wezly customers, provide screenshot proof of an invoice and we'll price match. Just contact me via email.
Please sign in through STEAM to post a comment.