[Solved] THIRTY BEES INSTALLATION

[wolstech]

No official update at this time. When we do have an update, you'll either see the server running again, or there will be News with further information.

I do know that last I heard, K was rebuilding the management server used for building the VPSes for that service because that server's recovery had failed. Without it, we can't set up or rebuild VPSes and since those are paying customers, we have to get that fixed ASAP before we start getting refund/cancel requests.

[Krydos]

I'm working on several things at the same time. Getting Tommy Plesk back online is my top priority, but while long running commands are going for hours I work on other things in between rather than just staring at the progress bar slowly go to 100%

[onesmusmuriithi]

What steps are you guys taking to prevent this from reoccurring in the future, because it seems it will take a while for me and everyone to have access to their site/s.

(Customer reassurance is also very important for future commitment)

[Kairion]

16 hours ago, onesmusmuriithi said:

What steps are you guys taking to prevent this from reoccurring in the future, because it seems it will take a while for me and everyone to have access to their site/s.

(Customer reassurance is also very important for future commitment)

First I'd like to say that I'm answering this with my own opinion since (1) I'm not responsible for server management and (2) my opinions do not represent HelioHost or any other of its volunteers. That said, I do personally believe all volunteers will work as they always have done until now: with all diligence and technical knowledge that's possible.

Sadly 0-time exploits, bugs, and even attacks can happen in the future, and if anyone (either a person or a company, being free or paid) tells you they can assure you 100% they will prevent that then they aren't being honest with you. HelioHost can't and won't promise you something no one can, but I do believe all volunteers are committed to doing everything in their efforts to keep HelioHost and its mission going on.

On another note, HelioHost does have a somewhat similar situation's answer that could match your question as well on its FAQ:

https://wiki.helionet.org/faq#why-does-heliohost-crash

[Krydos]

20 hours ago, onesmusmuriithi said:

What steps are you guys taking to prevent this from reoccurring in the future

The hackers could be reading this forum so it's probably not a good idea to give them a roadmap on how to get around our security improvements, but we learned a lot from this experience and we'll do everything we can to prevent it from happening again. Anything that is connected to the internet is potentially hackable. The only way to make a system 100% secure is to unplug it from the internet, but then you still have to worry about someone physically accessing the system. We spent an hour on Saturday discussing this at the staff meeting, and what we can do to prevent it from happening again.

[onesmusmuriithi]

This is well noted and received, what I meant is, have you identified an attack pattern that can easily be noticed and stopped if it reoccurs (but not the nitty-gritties), but your feedback is very reassuring,

I really appreciate everyone that's going out of their way to get the services up and running, 

[wolstech]

The attack itself is well documented online already, it goes by the name "ESXIArgs" if you want to learn about what the attack does, how it works, and how the attacker screwed up by completely missing the actual data they were trying to ransom.

The attack used here should not be able to recur with the changes we've already made, but it doesn't mean someone won't find another way to accomplish an attack down the road. It's also worth noting that to my knowledge this is the first time we've ever been hit by something like this in the ~18 years we've been in operation.