Krydos Posted February 4 Share Posted February 4 A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way. We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status. 1 Link to comment Share on other sites More sharing options...
OmegatronPrime Posted February 4 Share Posted February 4 1 hour ago, Krydos said: A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way. We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status. Will we be able to access our email accounts? I can't seem to access them at the moment... Link to comment Share on other sites More sharing options...
OmegatronPrime Posted February 4 Share Posted February 4 I am on Tommy... Link to comment Share on other sites More sharing options...
moneybrz Posted February 4 Share Posted February 4 (edited) 1 hour ago, OmegatronPrime said: I am on Tommy... if you're on Tommy, then you can't access anything at the moment because plesk tommy was hosted on eddie Edited February 4 by moneybrz Grammar Link to comment Share on other sites More sharing options...
OmegatronPrime Posted February 4 Share Posted February 4 I was afraid you'd say that... *sigh* Any word on a possible ETA? Link to comment Share on other sites More sharing options...
moneybrz Posted February 4 Share Posted February 4 Just now, OmegatronPrime said: I was afraid you'd say that... *sigh* Any word on a possible ETA? Not yet Link to comment Share on other sites More sharing options...
moneybrz Posted February 4 Share Posted February 4 You got to give heliohost staff credit, they are working tirelessly to resolve this incident. Link to comment Share on other sites More sharing options...
wolstech Posted February 4 Share Posted February 4 We haven't started on Tommy yet, Krydos is waiting for Cody's hard disk to back up / recover from the hacked server. Cody manages all the user accounts, and is the reason our website is showing all those error messages. It also contains that name server that's down. Last I heard that was 36% complete about an hour ago, but we have no idea if it's even going to boot once the backup finishes. Others online who were hit by the same attack are mostly reporting that the data is fine when they recovered their servers, so we're hoping it'll just work. So far, what I've seen makes me think the cybercriminals were either lazy and hoping people would just pay up without digging into what they did, or perhaps incompetent at ESX exploitation and ransomware usage. 1 Link to comment Share on other sites More sharing options...
Krydos Posted February 4 Author Share Posted February 4 59 minutes ago, OmegatronPrime said: Any word on a possible ETA? 3 hours ago, Krydos said: We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. Link to comment Share on other sites More sharing options...
stasi Posted February 5 Share Posted February 5 Thanks for the head's up, and for your work getting things back online. Is there any information about potential security issues (credential leaks, etc.) for those with affected accounts? Link to comment Share on other sites More sharing options...
Krydos Posted February 5 Author Share Posted February 5 48 minutes ago, stasi said: Is there any information about potential security issues (credential leaks, etc.) for those with affected accounts? On 2/3/2023 at 6:31 PM, Krydos said: We have no reason to believe that password hashes or any other data has been accessed 1 Link to comment Share on other sites More sharing options...
Recommended Posts