First of all, I'd like to apologize for not communicating with you earlier. I was in London for 4 days doing some paperwork for the company when this incident happened.
Last Friday around 3 AM GMT, there was an intrusion in our system, specifically on the administration panel. The criminal first accessed the WoM webserver through the KVM console and deleted the database straight away. Thereafter, he started deleting our customer's vm. At this moment, we shut down all of our servers to prevent further damage. Between 25 and 50% of the vm had been deleted by then.
We could find out that the machine they used to break in was not one of our servers, but the laptop of one of our staff which was infected by a FUD RAT (Fully Undetectable Remote Access Tool). This was used to get the administration panel URL and password.
Now, I guess you have some questions, which I will try to answer here:
1. Is my data lost?
99% not, but recovering it is not an easy task, due to the large size of the node disks. We are using disk recovery tools but if this is not effective we will hire an external specialized firm for this purpose. Recovering the data is our first priority.
2. Who did it?
We do have clear evidences, but they will not be published yet until we contact our lawyer for advice about how to handle it.
3. Why is the WoM server up? Wasn't it hosted there as well?
Weeks ago, we noticed that due to the growth of the server, the disk was delaying i/o on the node (WoM was using more hard disk than all the other VMs together). Therefore we decided to move it to a dedicated server so we could make better use of the node. The hacker deleted the database through the website VPS (which is still under eterhost), but there was a backup.
4. Has my data been stolen?
Most likely, not. The interest of the hacker was purely destroying things.
5. How long will it take for the vms to go back up?
We are working whole day on it, but we can't give an exact date. As I was in London at that time and without PC, it was not easy to organize the team for this. At the moment, both the Eterhost and WoM teams are fully dedicated to this task.
6. Is there any compensation for this downtime?
As per our policy, you will get your monthly payment back as compensation. However it's not possible yet to refund you because the eterhost site itself (and your customer details) is in one of the nodes. Disk recovery requires that the nodes are not used at all. Due to the unusually long downtime, we will try to give other compensation to the best of our possibilities.
7. Could this have been prevented?
Yes, but it would cost money, and Eterhost was designed as a low cost solution and therefore does not make a lot of profit that can be used to expand the technology or services. However, from now on, we will use WoM's earnings from now on to secure Eterhost better, even if that means that the company is making losses for a certain time.
8. You suck! I won't ever use Eterhost again!
We understand your frustration very well and accept our responsability on the incident. But don't forget that these things don't happen if there isn't a criminal behind them, and someone paying him to commit his crimes. Taking anger on the victim instead of the attacker is just wrong.
This is one thing that I heard now many times from clients of Eterhost. I can only say again and again that Eterhost is still one of the best hosters!
I hope that from now on everything goes well and I wish you luck with your startup.
Regards
----------
German:
Das ist etwas, was ich nun schon oft von Kunden von Eterhost gehört habe. Ich kann nur immer wieder sagen, dass Eterhost immernoch einer der besten Hoster ist!
Ich hoffe, dass von nun an alles bestens läuft und ich wünsche euch mit eurem Startup viel Glück.
Na super nur wegen WOM sind nun unsere Server down ??
Mega unprofessionell !
Not because of WoM but because they are both my projects. If WoM did not exist they would attack Eterhost anyway. Before hacking the laptop, they made many DDoS attacks.
OK Shogun.
Aber eins verstehe ich nicht.
Wieso ist ein so großes Unternehmen wie ihr gegen solche Dinge nicht geschützt ?
Wird es in Zukunft besser werden bzw wie sieht der aktuelle Stand der Dinge aus und werden eure User eine Entschädigung bekommen ?
server4pro oder Eterhost? 10/10/2014 - Metin2 Private Server - 58 Replies Frage steht im Titel, wäre nett, wenn ihr Vorteile bzw. Nachteile nennen könnt.
Ich bin mir unsicher, da Eterhost teurer ist, server4pro allerdings einen relativ schlechten Ruf hat.
MfG
cin C++ If Statement 06/10/2012 - C/C++ - 14 Replies Hey, im about to learn C++ : D
Now i am in the Chapter where i learn about cin...
(Yea i am not that far atm^^)
So i did everything exactly like it is written in the book:
// cin1.cpp // Filename
#include <iostream> //including the dll? Biblothek? iostream
using namespace std; /* The following content uses The Namespace std, else we would have to wirte std::cout everytime */
This Statement was so necessary
