Webhost hack “wipes out 100,000 sites”

Date June 11, 2009

A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.

Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company’s system, Rus Foster, the company’s director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs. Full Article.

It appears the hackers got root access and did a rm -rf. The sites were on unmanaged, virtualized VPSes, so backups were in many cases the responsibility of the clients.

HyperVM is a web based management application than sits on top of Xen/Virtuozzo, not an actual virtualization application itself. The hack was a SQL injection via the web interface, known to the product developers but currently unpatched. HyperVM is used by many different VPS providers, who may also be vulnerable to a similar hack.

Category Posted in General

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>