Jump to content

Eddie Server Hacked


Krydos

Recommended Posts

A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way.

We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status.

  • Like 1
Link to comment
Share on other sites

1 hour ago, Krydos said:

A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way.

We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status.

Will we be able to access our email accounts?

I can't seem to access them at the moment...

Link to comment
Share on other sites

We haven't started on Tommy yet, Krydos is waiting for Cody's hard disk to back up / recover from the hacked server. Cody manages all the user accounts, and is the reason our website is showing all those error messages. It also contains that name server that's down.

Last I heard that was 36% complete about an hour ago, but we have no idea if it's even going to boot once the backup finishes. Others online who were hit by the same attack are mostly reporting that the data is fine when they recovered their servers, so we're hoping it'll just work.

So far, what I've seen makes me think the cybercriminals were either lazy and hoping people would just pay up without digging into what they did, or perhaps incompetent at ESX exploitation and ransomware usage.

  • Like 1
Link to comment
Share on other sites

59 minutes ago, OmegatronPrime said:

Any word on a possible ETA?

3 hours ago, Krydos said:

We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days.

 

Link to comment
Share on other sites

48 minutes ago, stasi said:

Is there any information about potential security issues (credential leaks, etc.) for those with affected accounts?

On 2/3/2023 at 6:31 PM, Krydos said:

We have no reason to believe that password hashes or any other data has been accessed

 

  • Like 1
Link to comment
Share on other sites

  • Krydos locked this topic
Guest
This topic is now closed to further replies.
×
×
  • Create New...