[QUOTE=Fizzadar;40327736]The CC data was leaked (encrypted) but the public key and private key were also taken (private key taken from in-memory to avoid bypassing the passphrase).[/QUOTE]
Source please? Linode has never stated this, and it has never been proven.
[QUOTE=gparent;40342082]Source please? Linode has never stated this, and it has never been proven.[/QUOTE]
Let's be honest here though... HTP gained access to Linode's database which had the CC information stored in it. Chances are, as I'm sure anyone doing this would do, they dumped the entire database. So I'm quite sure they have it whether they know they do or not.
[editline]19th April 2013[/editline]
Also, they said that HTP accessed them because of "The vulnerabilities have only recently been addressed in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago.". This is quite sad. This goes to show that Linode doesn't care enough about making sure all of their software has the most up-to-date version to prevent this stuff.
[QUOTE=FrankPetrov;40342705]Let's be honest here though... HTP gained access to Linode's database which had the CC information stored in it. Chances are, as I'm sure anyone doing this would do, they dumped the entire database. So I'm quite sure they have it whether they know they do or not.
[editline]19th April 2013[/editline]
Also, they said that HTP accessed them because of "The vulnerabilities have only recently been addressed in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago.".[B] This is quite sad. This goes to show that Linode doesn't care enough about making sure all of their software has the most up-to-date version to prevent this stuff.[/B][/QUOTE]
Updating can be devastating though. You have no idea what kind of issues the update can bring, if the system is critical you sometimes have to put off updating to make sure it works.
[QUOTE=Lord Fear;40342850]Updating can be devastating though. You have no idea what kind of issues the update can bring, if the system is critical you sometimes have to put off updating to make sure it works.[/QUOTE]
It doesn't take over a week to make sure it works.
[QUOTE=FrankPetrov;40342902]It doesn't take over a week to make sure it works.[/QUOTE]
At my last job, we sometimes waited months to perform updates on our most critical systems to make sure it was stable. So yes, it takes over a week.
So i got the micro VPS today (With the -25% off) and i was wondering if i upgrade that in the (near) future will the discount still apply?
[QUOTE=FrankPetrov;40342705]Let's be honest here though... HTP gained access to Linode's database which had the CC information stored in it.[/QUOTE]
No, let's be really honest. I talked with HTP. If you're gonna believe him, believe me too. He simply is not able to show proof that he actually has CCs. What he gave on IRC was exactly what's mentionned in the Linode advisory, the last 4 digits of some members as well as their username and email, which is typical for a web front end break-in. That's bad, but not "let's exile from Linode and flail arms wildly" bad. Note, I am not referring to Afterburst when making this statement, I assume you're capable of making the decision to move or not and there are hundreds of other factors involved. For regular customers, Linode -still- offers a reliability that is rarely matched, a very good control panel, well maintained, high-performance servers (refresh is completing soon) and competent 24/7 staff on 6 data centers. You get what you pay for, essentially. Their track record for security isn't amazing, and they need to work on that.
[QUOTE]Chances are, as I'm sure anyone doing this would do, they dumped the entire database. So I'm quite sure they have it whether they know they do or not.[/QUOTE]
Correct, which contained the last 4 digits of the CC numbers. HTP proved this. Now, he could never produce proof that he has whole CCs as far as I'm aware, and it is rumored that Linode uses a PCI compliant payment processor, so I'm doubting a leak of that yet. If you have proof contrary to that, let me know, I'm less sure about this part.
[QUOTE]Also, they said that HTP accessed them because of "The vulnerabilities have only recently been addressed in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago.". This is quite sad. This goes to show that Linode doesn't care enough about making sure all of their software has the most up-to-date version to prevent this stuff.[/QUOTE]
You're kidding, right? The hack went on before the patch was even released as far as I'm aware. HTP implied this strongly when he talked about how the hack went down. Deploying patches instantly, as you should know, is recipe for disaster. A few days in staging isn't -that- slow.
-snip-
DOH nvm... Except the fact you wrote 20% instead of 25% on FB
Got the a Micro VPS a few days ago and god damn I have no idea what I'm doing. Easy does it!
[QUOTE=Highwind;40382273]Got the a Micro VPS a few days ago and god damn I have no idea what I'm doing. Easy does it![/QUOTE]
Here's what i did when i got mine:
Change root and control panel passwords
Make a new user and add it to sudoers so i don't have to login as root
Set up key based auth to login to ssh
Disable root and password login for ssh
Change ssh port
Setup iptables to block all ports i don't use
[QUOTE=Goz3rr;40387285]Here's what i did when i got mine:
Change root and control panel passwords
Make a new user and add it to sudoers so i don't have to login as root
Set up key based auth to login to ssh
Disable root and password login for ssh
Change ssh port
Setup iptables to block all ports i don't use[/QUOTE]
That, I had figured. I followed a good amount of guides and tutorials from Linode.
I just have trouble with the whole logic part of Linux and the command-line. I don't see myself administering a VPS via PuTTY just yet. That and the concept of Unix users.
At least I got Apache Vhosts and PHP to work.
Which port does the SolusVM api thingy use?
[QUOTE=Hookerbot9000;40434883]Which port does the SolusVM api thingy use?[/QUOTE]
Port 5656 w/ SSL, 433 should work though...
nvm
wrote to support - took 2 minutes
This is insane
Just bought a VPS (forgot to enter the coupon code but whatever).
How long does it take before my server is set up?
A day or longer?
[QUOTE=Mega1mpact;40752625]Just bought a VPS (forgot to enter the coupon code but whatever).
How long does it take before my server is set up?
A day or longer?[/QUOTE]
Shouldn't take too long. It's done immediatly - but only after the server purchase has been confirmed by Nick (or the others)
[QUOTE=Mega1mpact;40752625]Just bought a VPS (forgot to enter the coupon code but whatever).
How long does it take before my server is set up?
A day or longer?[/QUOTE]
Processed :)
[QUOTE=Flapadar;40757958]Processed :)[/QUOTE]
Yay thanks :D
Small question what's the policy when it comes to vpn's.
I like my connections to be secure when I'm at college etc so I tend to use a vpn.
[QUOTE=Mega1mpact;40758215]Yay thanks :D
Small question what's the policy when it comes to vpn's.
I like my connections to be secure when I'm at college etc so I tend to use a vpn.[/QUOTE]
You'll need to contact us to have TUN/TAP or PPP enabled + a few other settings.
[QUOTE=Flapadar;40758921]You'll need to contact us to have TUN/TAP or PPP enabled + a few other settings.[/QUOTE]
Would it be possible for you to put up a list of things we'll have to contact you about to get enabled?
Since I had issues with a TS server before and it wasn't until I contacted support that I found out you're blocking it.
Of course, your support is always friendly and very helpful but it would save people who tries to troubleshoot themselves first some time if they knew what's up.
Or maybe you have such a list and I'm just blind?
[QUOTE=Lord Fear;40765604]Would it be possible for you to put up a list of things we'll have to contact you about to get enabled?
Since I had issues with a TS server before and it wasn't until I contacted support that I found out you're blocking it.
Of course, your support is always friendly and very helpful but it would save people who tries to troubleshoot themselves first some time if they knew what's up.
Or maybe you have such a list and I'm just blind?[/QUOTE]
We mentioned in the welcome/order email most things -I'll copy it in here.
[editline]24th May 2013[/editline]
[quote]A Note for DNS Servers, Gameservers, Voice Servers & VPN's
=============================
If you are going to host one or more of these services please contact our support team so we can whitelist your VPS accordingly. Unfortunately due to recent abuse we've been forced to block these by default (but are happy to enable them on a per-VM basis!)[/quote]
Oh boy, I hope you dump Solus.
[QUOTE=TTSDA;41078693]Oh boy, I hope you dump Solus.[/QUOTE]
We're going to :smile:. The sooner we're off that useless piece of software, the better.
Nick's been working hard on Oxypanel, I'm going to start committing soon as well.
Would be nice if you created an IRC support channel, on freenode or something.
[QUOTE=TTSDA;41198262]Would be nice if you created an IRC support channel, on freenode or something.[/QUOTE]
Eh.. why. They respond within 5 minutes
[QUOTE=Killervalon;41240404]Eh.. why. They respond within 5 minutes[/QUOTE]
It's nice to have real time communication.
[QUOTE=TTSDA;41294645]It's nice to have real time communication.[/QUOTE]
It just gives them 1 more thing to monitor which can be a bit of a ballache.
[quote=yourfacebook]We've beefed up our our offerings at Afterburst with more RAM! [url]http://afterburst.com/unmetered-vps[/url][/quote]
Do old users get this too?
[QUOTE=Killervalon;41510558]Do old users get this too?[/QUOTE]
Yes - for now only via request (pm me/ticket) while we work out a way to automatically do all VM's via Solus or using a bash script :)
[del]Is port 25 blocked by default?[/del]
nvm, i can telnet from my second VPS to it but not my home pc, looks like my ISP is blocking outbound traffic on port 25
Sorry, you need to Log In to post a reply to this thread.
