Vaserv Got Hacked..
- Thread starter siforek
- Start date
Thanks for the link Conor. I've seen a thousand posts on this - and it's pretty crazy.
siforek
New member
Yeah, I saved the hackers post and contributed it on the chat room as I thought it was very important for people to know. WHT did delete many posts regarding this. It was said the reason was to keep things on topic, but I'm not so sure.
This is really really bad!
All my clients but one are fine with backups, etc. The one that wasn't(corrupt cpanel backup file) is a large client and I am held responsible. This is a development client that I have spent quite a bit of time with and was near completion, now I'm faced with roughly 60+ hours work to bring the project back to it's previous status
I'm now facing losses of over $8k due to this issue. For a 1 man show this is a big hit to me. I'll admit I was close to giving up here, but there's really nothing else for me to do but carry on.. So for the time being I'm getting out of the hosting business. I will still hold a few of my long standing clients on a shared server, but I will now need to refund all VPS customers, take a huge hit financially, and also deal with the "reputation thing"..
I want to make it completely clear to everyone. I'm not running anywhere. I'm sticking this out and know I'll be better for it. The right thing to do is generally the hardest thing to do, so here's to the next fort night or two of working to the bone to keep a float.
This is really really bad!
All my clients but one are fine with backups, etc. The one that wasn't(corrupt cpanel backup file) is a large client and I am held responsible. This is a development client that I have spent quite a bit of time with and was near completion, now I'm faced with roughly 60+ hours work to bring the project back to it's previous status
I'm now facing losses of over $8k due to this issue. For a 1 man show this is a big hit to me. I'll admit I was close to giving up here, but there's really nothing else for me to do but carry on.. So for the time being I'm getting out of the hosting business. I will still hold a few of my long standing clients on a shared server, but I will now need to refund all VPS customers, take a huge hit financially, and also deal with the "reputation thing"..
I want to make it completely clear to everyone. I'm not running anywhere. I'm sticking this out and know I'll be better for it. The right thing to do is generally the hardest thing to do, so here's to the next fort night or two of working to the bone to keep a float.
Last edited:
handsonhosting
New member
If we can be of any help to you, please don't hesitate to contact. I know when there were outages in the past here at Hands-on and we faced credits etc it was a challenge, HOWEVER you may want to discuss it with your clients (or at least some that are paying big fees). See if you can defer the credit until the following month so you're not hit with everything at the same time. Many clients will stick with you through this, so if you can find your clients who've been with you longest and ask them to help you out during this event, you'd be surprised the support you'll get from them!
As for the lost files - that sucks. I've been there before. May want to get CuteFTP or similar program and have it schedule to download files each night etc to your computer. Or use a backup company for hosting accounts to grab files, or a separate VPS to rsync files to.
Granted it's like closing the barn door after the horses got out, but you never know when there might be a next time.
Let me know if there's anything I can do for you.
As for the lost files - that sucks. I've been there before. May want to get CuteFTP or similar program and have it schedule to download files each night etc to your computer. Or use a backup company for hosting accounts to grab files, or a separate VPS to rsync files to.
Granted it's like closing the barn door after the horses got out, but you never know when there might be a next time.
Let me know if there's anything I can do for you.
siforek
New member
Thanks handsonhosting.
Although I am very upset over this, I am sticking with Rus on this. He's helped me out quite a bit and his whole team have really stepped up to the plate(especially Kory).
Going forward.. I'm just doing my best to get "this one" project back to where it was. It's hard because although I know exactly what I need to do, it's like repainting the same picture again.. If you've ever been there it's never the same.
From there I'm going to be sticking solely to development for a while. This took a huge chunk of my finances, and I actually had a hard time paying for a new server(yeah, it's sad) I had to move a lot of money around to keep things in the positive. Although many of my clients understand and are being very patient with the situation, there's many more that submitted Paypal disputes even before I knew what happened.
I knew I shouldn't have gotten drunk on my birthday!(6/6)
handsonhosting
New member
Rus seems to have his stuff together that's for sure. And between the three of them (Rus, Kory and I can't remember the 3rd person), they've been working their butts off. Wish there was a way to lighten the load for you!
As for the birthday - yeah, that'll do it to you every time! Makes for a long day after
As for the birthday - yeah, that'll do it to you every time! Makes for a long day after
handsonhosting
New member
Oh, also, with regards to the note posted on your domain - get that out of there quickly before google indexes you again. You could be stuck with stale content etc. Even putting up your site (your theme etc) and then putting an announcement - this will at least keep your customers in the loop that you exist and are not going away. Maybe even link to a thread about the hack in the news? Just an idea.
siforek
New member
Yeah I know. I'm installing cpanel on a new server right now and will move everything in a few minutes. In the hassle of things I just threw that up so people knew what was going on and got my email working again.
On a positive note, I'll now be mirroring servers in the UK and here in the US going forward
handsonhosting
New member
Sweet - so good things are coming of it! Capturing the UK market along with the US is sure to help will response and page loading times! I'm sure your users will appreciate it.
siforek
New member
As I've been following the thread over at WHT and all my communications with the Vaserv team I'm getting more and more suspicious of "less than appropriate" actions being taken.
To sum it up it seems that they are a) telling customers their data is a total loss simply to avoid the hassle of restoring it. b) overloading their new nodes with far more than acceptable amounts of VPS. c) Doing everything to keep as many customers to increase the value offered in the sale to BSD.
This is pure speculation, but I fear that Vaserv is going down HARD. It's hard for many to get a good grasp of the situation.. Many outsiders have no idea the severity, and Vaserv customers seems to base their opinion solely on their experience.. I can honestly say I have read every single one of the now 2500 posts on this at WHT.. And the above has been my personal conclusion
To sum it up it seems that they are a) telling customers their data is a total loss simply to avoid the hassle of restoring it. b) overloading their new nodes with far more than acceptable amounts of VPS. c) Doing everything to keep as many customers to increase the value offered in the sale to BSD.
This is pure speculation, but I fear that Vaserv is going down HARD. It's hard for many to get a good grasp of the situation.. Many outsiders have no idea the severity, and Vaserv customers seems to base their opinion solely on their experience.. I can honestly say I have read every single one of the now 2500 posts on this at WHT.. And the above has been my personal conclusion
It's certainly been a disaster of epic proportions. This just reinforces the necessity of rock solid security and disaster recovery plans.
siforek
New member
That's the thing: From the ways things have gone I really don't think they had a solid recovery plan. I obviously don't know exactly what actions they took initially, but I believe this should have been handled with each VPS 1 by 1. Yes, all 4000 VPS one.. by.. one!
handsonhosting
New member
I too have read MOST of the posts at WHT on this - there's a few I skiped as it was just rants, and I don't have much time for the people who TyPe LiKe ThIs 
There's definitely something going on behind the scene that's not being exposed. A little more transparency would be nice, but in order to save face I'm sure none of that information would be disclosed for months down the road.
The nice thing is that many of the posts say that the various people are staying with the company after the disaster, so that just shows that the company was well run in the past and people had limited problems if any.
Security and Disaster plans are necessary. We update ours each year as more equipment is added etc. Going out of business is not an option for us, and losing our client base would put us out of business! Security Policies, Disaster plans, AUP/TOS and Business Plans should be updated on a yearly basis or as technology and processes change.
There's definitely something going on behind the scene that's not being exposed. A little more transparency would be nice, but in order to save face I'm sure none of that information would be disclosed for months down the road.
The nice thing is that many of the posts say that the various people are staying with the company after the disaster, so that just shows that the company was well run in the past and people had limited problems if any.
Security and Disaster plans are necessary. We update ours each year as more equipment is added etc. Going out of business is not an option for us, and losing our client base would put us out of business! Security Policies, Disaster plans, AUP/TOS and Business Plans should be updated on a yearly basis or as technology and processes change.
siforek
New member
I too have read MOST of the posts at WHT on this - there's a few I skiped as it was just rants, and I don't have much time for the people who TyPe LiKe ThIs
There's definitely something going on behind the scene that's not being exposed. A little more transparency would be nice, but in order to save face I'm sure none of that information would be disclosed for months down the road.
The nice thing is that many of the posts say that the various people are staying with the company after the disaster, so that just shows that the company was well run in the past and people had limited problems if any.
Security and Disaster plans are necessary. We update ours each year as more equipment is added etc. Going out of business is not an option for us, and losing our client base would put us out of business! Security Policies, Disaster plans, AUP/TOS and Business Plans should be updated on a yearly basis or as technology and processes change.
Many good points. As you commented on before, many good things have come out of this. Many people will NEVER forget to backup their data again. This has forced hosts to reassess their level of security, will certainly push many out of the business that IMO never should have been in it to begin with, or at least make them wise up enough to operate a proper hosting business.. when I say that, this comes to mind:
About 2 months ago someone contacted me on WHT about building their entire site. This was a 1 man show, and being such myself I have no biased against. He first asked me to build his site.. No problem, gave a quote, accepted, and off we go.. But shortly before development on his site was scheduled to begin he started emailing me frequently asking questions that someone starting a VPS hosting business should already know. I'm all for helping "the new guy", but it was getting quite ridiculous.. I started thinking to myself "I'm simply hired to do a job, but do I have some moral obligation not to empower someone with the appearance that they know what they are doing when they clearly do not?" The next email I received from him was content for his site.. Much of it was blatant lies saying things like "we've been in business since 98" and "we own our data center", etc.. That settled it! As politely as I could I stopped development of his site and gave him a full refund..
A month later he contacted me asking for "a favor". I often help people with various bits of code and minor system administration if I'm not doing something at the moment. Call it "building the Karma pool". Anyways, he asked me to install HyperVM.. After going back and forth telling him he could do it himself he offered to pay me a more than reasonable amount for me to simply run a few commands and let it autoinstall.
So long story short(no wait that was long.. sorry
) Many of the providers like this individual won't be able to make the needed changes to survive.. Which IMO is best for the customer.
The Internet has certainly made it possible for small operations to appear more established, leveling the playing field in some aspects with much bigger competitors, and that's largely a good thing for small business, but it also opened the door for unsavvy entrepreneurs. Thanks for the info, Siforek.
handsonhosting
New member
Wow - a few claims and everyone is an expert! As Steve said, it's one of the great things of the internet and the downfall.
As for the user starting out - we've all been there. Some of us winged it in the beginning. I'll be honest, when I started so many years ago, I was a reseller for another company and resold parts of my disk space. Over the years I got more familiar with it.
At some ponint things did change - and change drastically. That was when we went from "playing around" to "doing business". Reseller packages make it easy for someone in school to make a little money on the side, however their customers can be in serious problems if the "host" has a series of exams they need to study for.
It's for that reason we usually promote affiliate programs rather than reseller accounts. Sure there may be more money in reseller, but you HAVE to be available 24/7 via email, pager or phone. Leaving it until monday because you went fishing for the weekend doesn't cut it!
I think you were right in dropping the account/client when they started to claim things you knew were untrue. Good on ya for that!
As for the user starting out - we've all been there. Some of us winged it in the beginning. I'll be honest, when I started so many years ago, I was a reseller for another company and resold parts of my disk space. Over the years I got more familiar with it.
At some ponint things did change - and change drastically. That was when we went from "playing around" to "doing business". Reseller packages make it easy for someone in school to make a little money on the side, however their customers can be in serious problems if the "host" has a series of exams they need to study for.
It's for that reason we usually promote affiliate programs rather than reseller accounts. Sure there may be more money in reseller, but you HAVE to be available 24/7 via email, pager or phone. Leaving it until monday because you went fishing for the weekend doesn't cut it!
I think you were right in dropping the account/client when they started to claim things you knew were untrue. Good on ya for that!
-
HostingDiscussion
A community for web hosting professionals and enthusiasts, since 2002.
