Ok, WTF happened?

Regular readers (Ha!) of this blog would’ve no doubt been devastated to see it go offline fairly recently and actually remain offline.  Astute watchers of the computing world will have noticed no doubt that this coincided with the fairly gigantic-scale hack of the company FSCKVPS, and all of it’s associated companies also run by the same team.

For those who don’t already know, this is the story of that hack in brief:

FsckVPS, A2B2, and CheapVPS.co.uk hack

The servers running for these companies were running a piece of virtual server management software called HyperVM.  This software had such phenomenally obvious security flaws in it that a 1st year computer science major could track them down and correct them easily and quickly.  In fact I was recently commissioned to do a similar thing for another piece of software (for a completely different purpose).  Hackers infiltrated the network by ’sniffing’ traffic on it, and extracting passwords which were of a terrible standard in places.  Using these they entered the system and ran as many “rm -f” commands on servers as they could.  For the non-UNIX savvy “rm -f” means “remove file [rm] force [-f]” and deletes files on a system without prompting for are-you-sures or other pauses.  “rm *.txt -f” would for instance remove all files with the extension “.txt” on a system within the current directory, and it’s only a couple of extra characters to extend this effect to an entire disk.

So needless to say, these hackers wiped entire servers, and sent the entire infrastructure into a decline for no obvious gain.  Since then, the developer of HyperVM, poor programmer that he was, has committed suicide (although this was certainly not entirely due to just this hack!) FSCKVPS has been sold to BlueSquare Media, causing a little speculation that the hack was a corporate driven affair in order to take control of the company (although this is really unlikely, FSCKVPS wasn’t the highest end VPS supplier) and this site has been offline because I’ve been simply too busy to really do much about this.

Worth pointing out is that in trying to get this sorted out, and after leaving a two week cooling off time, I approached the company and asked about my server.  After an exchange of angry words, they cancelled my account, and since then I’ve had a couple of “re-inventing the wheel” issues with them too.  I would never recommend using FSCKVPS, A2B2 or CheapVPS for anyone.

Anyway, we’re back now, and will be more active than ever which will be nice.

Owen

Related posts:

1. Who not to host with
2. Another word on FSCKVPS