Jump to content

Eddie Server Hacked

Krydos

By Krydos
in News

 Share

Recommended Posts

Krydos Grand Master

Krydos

Posted
Posted

A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way.

We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status.

  • Like 1
OmegatronPrime Apprentice

OmegatronPrime

Posted
Posted
1 hour ago, Krydos said:

A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way.

We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status.

Will we be able to access our email accounts?

I can't seem to access them at the moment...

MoneyBroz Experienced

MoneyBroz

Posted
Posted (edited)
1 hour ago, OmegatronPrime said:

I am on Tommy...

if you're on Tommy, then you can't access anything at the moment because plesk tommy was hosted on eddie

Edited by moneybrz
Grammar
wolstech Grand Master

wolstech

Posted
Posted

We haven't started on Tommy yet, Krydos is waiting for Cody's hard disk to back up / recover from the hacked server. Cody manages all the user accounts, and is the reason our website is showing all those error messages. It also contains that name server that's down.

Last I heard that was 36% complete about an hour ago, but we have no idea if it's even going to boot once the backup finishes. Others online who were hit by the same attack are mostly reporting that the data is fine when they recovered their servers, so we're hoping it'll just work.

So far, what I've seen makes me think the cybercriminals were either lazy and hoping people would just pay up without digging into what they did, or perhaps incompetent at ESX exploitation and ransomware usage.

  • Like 1
Krydos Grand Master

Krydos

Posted
  • Author
Posted
59 minutes ago, OmegatronPrime said:

Any word on a possible ETA?

3 hours ago, Krydos said:

We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days.

 

stasi Rookie

stasi

Posted
Posted

Thanks for the head's up, and for your work getting things back online.

Is there any information about potential security issues (credential leaks, etc.) for those with affected accounts?

Krydos Grand Master

Krydos

Posted
  • Author
Posted
48 minutes ago, stasi said:

Is there any information about potential security issues (credential leaks, etc.) for those with affected accounts?

On 2/3/2023 at 6:31 PM, Krydos said:

We have no reason to believe that password hashes or any other data has been accessed

 

  • Like 1
  • Krydos locked this topic
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...