Hosting/Webhosting MEGATHREAD

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Hosting/Webhosting MEGATHREAD

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Can't get a word in in the official IRC channel because there's a guy from a competing host or something trying to stir up poo poo. Despite that, Linode people are nowhere to be seen, unfortunately so no official line from them yet.

If you're planning on joining the IRC, make sure to add 'Woet' to your ignore since he is just there to get people to switch providers.

# ? Apr 15, 2013 21:56

Adbot: ADBOT LOVES YOU

# ? May 18, 2024 00:43

Impotence: Nov 8, 2010; Lipstick Apathy

DNova posted:

I'm not going to read 30 pages of IRC logs; any chance of a summary?

Someone linked this, http://turtle.dereferenc ed.org/~nenolod/linode/linode-abridged.txt

# ? Apr 15, 2013 23:22

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Okay so a guy came into IRC and said this. I'm the Tea guy he's referring to.

00:03 < HTP> Tea: Your linode account name is mugoftea
00:03 < HTP> your email is joe@warhaggis.com
00:04 < HTP> the last 4 digits of your customer credit cards are
00:04 < HTP> 2125, 1111, 1883, 1111, and 2125 respectively

I. Uh...

# ? Apr 16, 2013 00:16

Bob Morales: Aug 18, 2006; ~~Just wear the fucking mask, Bob~~

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Comatoast posted:

The interesting bits start at 5:03 this morning.

TLDR;
Disclaimer: This is what I gather. I could be very wrong.
What it seems like is that Linode's vps manager was breached and used to gather data for several weeks. Linode found about it, and, apparently being blackmailed by the hackers, attempted to cover it up. Eventually Linode went to the police thus ruining the agreement with the hackers. The hackers are angry, and say they can release linode customer credit card list.

OP has been edited to avoid Linode.

# ? Apr 16, 2013 00:38

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

Well, poo poo. Even though I don't use Linode right now, my account is still active and has my credit card number. I guess that settles whether I'm getting a new VPS from them soon.

# ? Apr 16, 2013 00:39

IOwnCalculus: Apr 2, 2003

Nobody Interesting posted:

Okay so a guy came into IRC and said this. I'm the Tea guy he's referring to.

00:03 < HTP> Tea: Your linode account name is mugoftea
00:03 < HTP> your email is joe@warhaggis.com
00:04 < HTP> the last 4 digits of your customer credit cards are
00:04 < HTP> 2125, 1111, 1883, 1111, and 2125 respectively

I. Uh...

To be fair, if Linode was doing everything right (and obviously they weren't) the last four digits are actually all they'd be able to see. Still far more than they should have access to, but the full numbers had drat well better be encrypted or Visa/MC/Amex are going to tear them a new one.

# ? Apr 16, 2013 00:45

DarkJC: Jul 6, 2010

What's surprising to me is that Linode actually played along with the hackers. I don't know what 'deal' they arranged but they must have known poo poo was going to hit the fan eventually.

Better just to come clean, say the hackers attempted blackmail and they won't stand for that, have contacted the authorities and are doing what they can.

# ? Apr 16, 2013 00:51

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

IOwnCalculus posted:

To be fair, if Linode was doing everything right (and obviously they weren't) the last four digits are actually all they'd be able to see. Still far more than they should have access to, but the full numbers had drat well better be encrypted or Visa/MC/Amex are going to tear them a new one.

They were likely encrypted but, if the chat log is to be believed, encryption keys were available.

http://turtle.dereferenced.org/~nenolod/linode/linode-abridged.txt posted:

> 05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security

> 06:00 < ryann> They did try to encrypt them, but using public key encryption doesn't work if you have the public and private key in the same directory

# ? Apr 16, 2013 00:52

Acer Pilot: Feb 17, 2007; put the 'the' in therapist

So should I be changing my credit card number now or what?

e: Really wished they had just taken PayPal or something to begin with.

# ? Apr 16, 2013 00:52

IOwnCalculus: Apr 2, 2003

KNITS MY FEEDS posted:

So should I be changing my credit card number now or what?

e: Really wished they had just taken PayPal or something to begin with.

Yep, though it's quite likely your CC company will be doing it for you pre-emptively since the last thing they want to be is liable for purchases someone makes with your stolen CC #.

If they really were able to get raw CC numbers out of the database... I wonder how much of Linode will even be left when this all settles out.

# ? Apr 16, 2013 00:56

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

KNITS MY FEEDS posted:

So should I be changing my credit card number now or what?

e: Really wished they had just taken PayPal or something to begin with.

Better safe than sorry. I just called to do it.

# ? Apr 16, 2013 01:12

Acer Pilot: Feb 17, 2007; put the 'the' in therapist

Ok, just had my card cancelled and the number changed. I guess I'll wait and see if they really got hacked.

# ? Apr 16, 2013 01:17

DarkLotus: Sep 30, 2001; Lithium Hosting
Personal, Reseller & VPS Hosting
30-day no risk Free Trial &
90-days Money Back Guarantee!

Anaxite posted:

They were likely encrypted but, if the chat log is to be believed, encryption keys were available.

It's just like what happened to WHMCS, they use reversible encryption and the key is stored in plain text in the configuration.php file. I've had to cancel one card due to the WHMCS breach, I'm not ashamed to admit I have a Linode account, but I'm pissed I have to cancel another card. I can't believe they aren't PCI DSS compliant, poo poo, even Lithium doesn't store card information...

# ? Apr 16, 2013 01:19

Modern Pragmatist: Aug 20, 2008

Good thing I signed up only five days ago and I can ditch them with no penalty. Only I have to keep my CC number the same until reimbursed.

Speaking of which, I've looked through the other VPS hosts in the OP and there aren't many options similar to Linode. Does anyone have any recommendations? I was on the $20/month 1GB plan.

Modern Pragmatist fucked around with this message at 02:05 on Apr 16, 2013

# ? Apr 16, 2013 01:23

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Modern Pragmatist posted:

Speaking of which, I've looked through the other VPS hosts in the OP and there aren't many options similar to Linode. Does anyone have any recommendations? I was on the $20/month 1GB plan.

God this is my problem right now. Linode is amazing. I can actually forgive them of this data breach but at the same time I kind of want to switch to another provider.

But you find me a cheap, UK based VPS with the same specs. Seriously. Find me one because I sure as hell can't.

# ? Apr 16, 2013 02:14

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

Nobody Interesting posted:

God this is my problem right now. Linode is amazing. I can actually forgive them of this data breach but at the same time I kind of want to switch to another provider.

But you find me a cheap, UK based VPS with the same specs. Seriously. Find me one because I sure as hell can't.

Do you absolutely need it to be in the UK? If it just needs to be in Europe, Prometeus is based out of Italy and featured on LowEndBox as a decent provider (though they have some higher-end plans).

Anaxite fucked around with this message at 02:23 on Apr 16, 2013

# ? Apr 16, 2013 02:20

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Anaxite posted:

Do you absolutely need it to be in the UK? If it just needs to be in Europe, Prometeus is based out of Italy and featured on LowEndBox as a decent provider (though they have some higher-end plans).

Preferably, for the lower latency, it's best if it's in the UK. I wonder if the latency to an Italian server would have a noticeable difference over my London one... I'll keep a note of those guys, though. Thanks for that.

# ? Apr 16, 2013 02:26

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

Nobody Interesting posted:

Preferably, for the lower latency, it's best if it's in the UK. I wonder if the latency to an Italian server would have a noticeable difference over my London one... I'll keep a note of those guys, though. Thanks for that.

I got this info for them; hopefully it'll be of use.

Test IPv4: 194.14.179.254
Test IPv6: 2a00:dcc0:eda:89::254:1
Test File: http://mirrors.prometeus.net/test/test100.bin
AS Number: http://bgp.he.net/AS34971

# ? Apr 16, 2013 02:35

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Anaxite posted:

I got this info for them; hopefully it'll be of use.

Test IPv4: 194.14.179.254
Test IPv6: 2a00:dcc0:eda:89::254:1
Test File: http://mirrors.prometeus.net/test/test100.bin
AS Number: http://bgp.he.net/AS34971

Oh cool, thanks. The test file maxed out my connection which was great and pinging the IP gave me a response which was only 20-30ms higher than pinging my Linode. That will probably not be noticeable at all.

If I have to switch, based on the info I have now I think they might be my first port of call. Thanks a lot for that.

# ? Apr 16, 2013 02:40

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

You're welcome. I'm sure there are plenty of other options out there so I hope you find what you need!

# ? Apr 16, 2013 02:51

Galler: Jan 28, 2008

Welp, glad I've been too :effort:

to bother signing up with Linode.

# ? Apr 16, 2013 03:36

Fangs404: Dec 20, 2004; I time bomb.

Maybe I missed it, but is there any actual proof of this besides a few random dudes chatting on IRC?

# ? Apr 16, 2013 05:55

Acer Pilot: Feb 17, 2007; put the 'the' in therapist

Fangs404 posted:

Maybe I missed it, but is there any actual proof of this besides a few random dudes chatting on IRC?

Just a few posts up.

Nobody Interesting posted:

Okay so a guy came into IRC and said this. I'm the Tea guy he's referring to.

00:03 < HTP> Tea: Your linode account name is mugoftea
00:03 < HTP> your email is joe@warhaggis.com
00:04 < HTP> the last 4 digits of your customer credit cards are
00:04 < HTP> 2125, 1111, 1883, 1111, and 2125 respectively

I. Uh...

# ? Apr 16, 2013 06:52

ichorclaw: Oct 31, 2010; by Fistgrrl

Only registered members can see post attachments!

ichorclaw fucked around with this message at 18:01 on Apr 29, 2013

# ? Apr 16, 2013 10:54

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

Still keeping an eye on the Linode IRC. HTP just woke up and he's getting ready for school. He has said that he's shredded all the customer data (ie, with 'shred') and that his little hacker club is releasing all the other information on May 1st.

If you want to spectate, join now because I think he'll be gone when his mum's finished making his breakfast.

Edit: School time I guess. His parting words:

13:04 < HTP> well i think that covers everything. if anyone comes in later screaming, inform them we don't have
their information nor do we care
13:04 < HTP> good luck #linode
13:05 -!- HTP [~ching@199.168.139.19] has quit [Quit: 5/1]

Nobody Interesting fucked around with this message at 13:07 on Apr 16, 2013

# ? Apr 16, 2013 13:02

Bob Morales: Aug 18, 2006; ~~Just wear the fucking mask, Bob~~

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

They updated their blog at 2:55am

http://blog.linode.com/2013/04/16/security-incident-update/

quote:

Yesterday, a group named HTP claimed responsibility for accessing Linode Manager web servers, we believe by exploiting a previously unknown zero-day vulnerability in Adobe�s ColdFusion application server. The vulnerabilities have only recently been addressed in Adobe�s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago.

As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database. We have been working around the clock since discovering this vulnerability. Our investigation reveals that this group did not have access to any other component of the Linode infrastructure, including access to the host machines or any other server or service that runs our infrastructure.

Credit card numbers in our database are stored in encrypted format, using public and private key encryption. The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically. Along with the encrypted credit card, the last four digits are stored in clear text to assist in lookups and for display on things like your Account tab and payment receipt emails. We have no evidence decrypted credit card numbers were obtained.

Linode Manager user passwords are not stored in our database, but their salted and cryptographically hashed representations are. Despite the uselessness of these hashes, as you know we expired Linode Manager passwords on Friday.

There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode.

For users who have set an API key, we�re also taking action to expire those keys. We�ll be emailing API-enabled users with that information.

We take your trust and confidence in us very seriously, and we truly apologize for the inconvenience that these individuals caused. Our entire team has been affected by this, leaving all of us, like you, feeling violated. We care deeply about the integrity of Linode and are proud of the work that we accomplish here for you. This unfortunate incident has only strengthened our commitment to you, our customer.

Please feel free to contact customer service via our ticket system or support@linode.com if you have any questions or concerns.

# ? Apr 16, 2013 13:24

eightysixed: Sep 23, 2004; I always tell the truth. Even when I lie.

If this is to be believed, is your latest edit in the OP still accurate?

# ? Apr 16, 2013 13:30

Bob Morales: Aug 18, 2006; ~~Just wear the fucking mask, Bob~~

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

eightysixed posted:

If this is to be believed, is your latest edit in the OP still accurate?

I'll still wait a while before recommending them again.

# ? Apr 16, 2013 13:38

NOTinuyasha: Oct 17, 2006; The Great Twist

I switched to Linode from Digital Ocean like a month ago. gently caress. I used my debt card too.

# ? Apr 16, 2013 13:41

Bob Morales: Aug 18, 2006; ~~Just wear the fucking mask, Bob~~

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

NOTinuyasha posted:

I switched to Linode from Digital Ocean like a month ago. gently caress. I used my debt card too.

Only a handful of people have reported un-authorized charges on the cards they use for Linode - chances are they use that card in 50 other places as well. I think if 'the hackers' had the credit card list and the decryption key they would have posted it by now, right? Or would they pretend they don't have it giving the false illusion to those cardholders that they're safe?

It sucks that it happened to Linode, because they had a great product with great support, and just basically doubled the specs on their servers.

# ? Apr 16, 2013 13:59

Nobody Interesting: Mar 29, 2013; One way, dead end... Street signs are such fitting metaphors for the human condition.

NOTinuyasha posted:

I switched to Linode from Digital Ocean like a month ago. gently caress. I used my debt card too.

Like I said, HTP claims to have deleted all the credit card info they stole. They also claimed to never use credit card info that they steal from anywhere.

# ? Apr 16, 2013 14:20

compuserved: Mar 20, 2006; Nap Ghost

Time for me to order a new card from Chase. Also, if Linode really tried to make a deal with the hackers, than :lol:

# ? Apr 16, 2013 14:29

DarkJC: Jul 6, 2010

We still have no proof that they even obtained full credit card numbers. They've only posted the final 4 digits as 'proof' which Linode stored as cleartext for purposes of account management.

# ? Apr 16, 2013 16:35

Anaxite: Jan 16, 2009; What? What'd you say? Stop channeling? I didn't he-

You're right, we don't, but I think that's part of the problem.

We know someone got a hold of Linode customer information, but we don't necessarily know to what extent. It's a bit of a he-said-they-said situation. Even if full credit card numbers weren't leaked, it's safer to just change them on principle (and because the last 4 digits are used as verification in enough places).

# ? Apr 16, 2013 17:15

NOTinuyasha: Oct 17, 2006; The Great Twist

So if you think the hackers are dishonest, you might be on to something, but consider what Linode posted four days ago:

quote:

Linode administrators have discovered and blocked suspicious activity on the Linode network. This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact. We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed.

The Hacker News thread on this has a ton of other damning information and chat logs if you want to read into all the gory details.

# ? Apr 16, 2013 18:30

SpazRobot: Dec 21, 2004; I am Nomad.

ichorclaw posted:

Looks like a HostGator employee, "ERIC GUNNAR GISSE" rooted every one of the shared servers last year and was just arrested on it.
You can see the actual complaint and the details through the "IMAGE" tab.

http://www.hcdistrictclerk.com/edoc...qcO4CsaTjO5O2M=

Seemed like no big deal until I got to the part where HostGator admits to taking screenshots of employee workstations every minute. Holy hell.

# ? Apr 16, 2013 22:33

Fangs404: Dec 20, 2004; I time bomb.

Fangs404 posted:

I'll play too. I've got a recently upgraded Linode 1024. It's located in Dallas.
code:
model name: Intel(R) Xeon(R) CPU L5630  @ 2.13GHz

make

real    2m2.108s
user    1m42.334s
sys     0m14.591s

make -j8

real    0m24.867s
user    2m46.089s
sys     0m17.008s
Unfortunately, I haven't been upgraded to the E5-2670 yet, but I imagine that'll happen soon.

I got upgraded to the E5-2670 today. All it took was a ticket, and within 15 mins, I was migrated to the new hardware. Here are my new results:

code:

model name: Intel(R) Xeon(R) CPU E5-2670 0 @ 2.60GHz

make

real    1m22.490s
user    1m11.629s
sys     0m9.921s

make -j8

real    0m12.284s
user    1m18.095s
sys     0m9.082s

I didn't turn off Apache or MySQL during those makes. It's pretty drat fast compared to the L5630 I was on before.

# ? Apr 17, 2013 00:47

Impotence: Nov 8, 2010; Lipstick Apathy

Btw for those of you leaving linode and want something on a comparable price point: try out vr.org, they have a ton of locations and native ipv6 by default and have been amazing to me.

# ? Apr 17, 2013 02:50

hitze: Aug 28, 2007; Give me a dollar. No, the twenty. This is gonna blow your mind...

Jumping ship from Linode to RAMNODE :cool:

# ? Apr 17, 2013 03:01

Adbot: ADBOT LOVES YOU

# ? May 18, 2024 00:43

fuf: Sep 12, 2004; haha

NOTinuyasha posted:

The Hacker News thread on this has a ton of other damning information and chat logs if you want to read into all the gory details.

I'm gonna admit defeat and ask for a link to this thread because I'm an idiot and can't find it. (I guess I could never be a hacker

)

# ? Apr 17, 2013 10:33

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Hosting/Webhosting MEGATHREAD

«‹›134 »