Ramnode down after SolusVM vulnerability exposed

Ramnode&#x27;s SolusVM was hacked earlier and attempting to log in gave you a list of every single subsciber&#x27;s email address, name, and root password (plain text) to their VPS as well as IP address. Source: <a href="http:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;webdev&#x2F;comments&#x2F;1gga3n&#x2F;ramnode_hacked_names_emails_and_passwords&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;webdev&#x2F;comments&#x2F;1gga3n&#x2F;ramnode_hacke...</a><p><a href="http:&#x2F;&#x2F;localhost.re&#x2F;p&#x2F;solusvm-11303-vulnerabilities" rel="nofollow">http:&#x2F;&#x2F;localhost.re&#x2F;p&#x2F;solusvm-11303-vulnerabilities</a><p><a href="http:&#x2F;&#x2F;www.webhostingtalk.com&#x2F;showthread.php?t=1276286" rel="nofollow">http:&#x2F;&#x2F;www.webhostingtalk.com&#x2F;showthread.php?t=1276286</a><p>If you use SolusVM: <a href="http:&#x2F;&#x2F;blog.soluslabs.com&#x2F;2013&#x2F;06&#x2F;16&#x2F;important-security-alert-all-solusvm-versions&#x2F;" rel="nofollow">http:&#x2F;&#x2F;blog.soluslabs.com&#x2F;2013&#x2F;06&#x2F;16&#x2F;important-security-aler...</a><p>&quot;We are working to get things back online. We were hit with a SolusVM exploit late last night.&quot; (<a href="https:&#x2F;&#x2F;twitter.com&#x2F;RamNode" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;RamNode</a>)<p>Happy Father&#x27;s Day!

Apparently there are allegation going around that it was done by a competitor, servercrate.<p><a href="http:&#x2F;&#x2F;lowendtalk.com&#x2F;discussion&#x2F;comment&#x2F;284016&#x2F;#Comment_284016" rel="nofollow">http:&#x2F;&#x2F;lowendtalk.com&#x2F;discussion&#x2F;comment&#x2F;284016&#x2F;#Comment_284...</a>

Unofficial RamNode PostMortem: <a href="https:&#x2F;&#x2F;gist.github.com&#x2F;ElliotSpeck&#x2F;66943b70c8b98e5b2afb" rel="nofollow">https:&#x2F;&#x2F;gist.github.com&#x2F;ElliotSpeck&#x2F;66943b70c8b98e5b2afb</a>

Honestly the usage of SolusVM, WHMCS etc (i.e. things written in PHP which have no business being written in at least, the way a PHP typically is written) has been <i>the</i> main security problem of the entire industry.<p>We need more things like OpenStack out there -- competently designed and implemented toolstacks that actually work correctly and have a remotely acceptable security model.

It&#x27;s a nightmare for them and I&#x27;m sure they&#x27;ll lose customers over it, but I&#x27;m staying when two days ago I was planning on canceling my vps due to underuse.<p>It was ridiculously fast for a vm (&gt;700MB&#x2F;s with vpsbench, all tests), but the $5&#x2F;mo Digital Ocean instances were fast enough with PostgreSQL&#x2F;Sphinx that none of my (free) users were complaining. I like Digital Ocean, I&#x27;m keeping some stuff over there, but I appreciate Ramnode&#x27;s transparency &amp; dedication during this. It doesn&#x27;t hurt that they&#x27;re probably going to be constructively paranoid now that they&#x27;ve gotten burned. This is one of those things my partner saw all the time running a restaurant - screwups are unavoidable, but handling them well can actually get you a loyal customer.

Sigh. I&#x27;m glad I didn&#x27;t give them any billing information (monthly invoice paid each time via Paypal). It&#x27;s not clear to me how&#x2F;why root passwords are compromised by this exploit; anyone care to elaborate?

Any news? my VM is down and I see here that all the nodes are still down:<p><a href="http:&#x2F;&#x2F;status.ramnode.com&#x2F;" rel="nofollow">http:&#x2F;&#x2F;status.ramnode.com&#x2F;</a>

Nodes appear to be back up.