Feeds

Webhost denies poor passwords led to catastrophic hack

VAServ contradicts purported attackers

5 things you didn’t know about cloud backup

The director of an internet service provider has denied public allegations that poor password management and server configurations were responsible for an attack that wiped out data for more than 100,000 websites.

Rus Foster, director of VAServ.com, also says he was shocked when he learned the head of an Indian software firm hanged himself shortly after his software was fingered in the breach of the UK-based website host. As previously reported, the apparent suicide of K T Ligesh came around the same time Foster said an zero-day vulnerability in a virtualization management application made by Ligesh's LxLabs led to the catastrophic intrusion.

"I wondered if I was responsible in some way," Foster said during a brief phone call with The Register. "I'm just so, so tired."

The comments came a few hours after an anonymous posting from one of the purported attackers claimed Foster's repeated use of the same four passwords laid the groundwork for the mass compromise of VAServ's system. It went on to say that VAServ's main website ran on what's known as a virtualized private server, a configuration that the writer claimed made the password attack work quickly.

"Z3r0 day in hypervm??" the anonymous poster wrote, substituting numbers for letters as is common in hacker parlance. "Plz u give us too much credit."

Foster said he has discounted the posting because it contained fabricated details, including passwords and IP addresses.

"I don't have any of those passwords," he said of the secret phrases that were included in the post. "I don't recognize them."

Indeed, the post was general enough that it could have been written by anyone. It was originally added to this thread discussing the Vaserv incident on a website that caters to webhosts. It was quickly removed and later reposted here.

Some 48 hours after data was suddenly deleted from more than 200 servers operated by VAServ, company technicians have managed to retrieve lost information and restore service for some but not all of the 100,000 to 150,000 websites it hosted. Foster warned on Monday that data for some customers who signed up for unmanaged accounts was likely gone forever.

The ordeal has proved trying for Foster, who announced in a posting Vaserv was being taken over by a larger hosting provider known as BlueSquare.

"I've personally reached the end of my physical and emotitional [sic] tether," he wrote here. He went on to say he decided to "do what is best for the customer 'base' as it stands and get some big boys in behind to help get things back up and running and give people a chance." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton EXPOSED in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.