Today I opened my website "www.3gppv.com" and it couldn't be displayed. The first reaction was to ping the IP. Sure enough, the host didn't respond. It couldn't be accessed remotely either. I contacted customer service immediately. My website uses a VPS with American swvps. Going to the customer service website, Jingran found a letter sent by customer service the day before yesterday, which roughly means: "A recent vulnerability was discovered in HyperVM and Lxadmin developed software Lxlabs.com. Any customer using the module on the Lxadmin control panel or dedicated server should Backup the entire website files/database on the home/office computer. The HyperVM control panel has been disabled."
I was also shocked, wondering if I had been tricked. I hadn’t backed up yet, so I was done with the site. While impatiently waiting for customer service, I also checked the vulnerabilities of "HyperVM and Lxadmin". Sure enough, this is really what happened:
"According to milw0rm: The vulnerability was reported to lxlabs two weeks ago, but lxlabs still did not fix the vulnerability, which eventually led to many hosts using HyperVM being invaded and many VPS being deleted. Now many VPS providers at home and abroad have Temporarily shut down HyperVM. For example: DiaVPS is currently most affected by the host provider vaserv.com, which has thousands of VPS users. Almost all hosts have been compromised, and the operating system must be reinstalled and the data must be restored. So far, at least All data on 17 hosts were destroyed..."
Also: "Large Internet service providers say data on up to 100,000 websites was destroyed by hackers who targeted zero-day vulnerabilities in widely used virtualized applications." Vaserv director Rus Foster said on Monday UK time In the evening, technicians at Vaserv's UK headquarters worked to recover data and regained access to the company's systems 24 hours after the unknown hacker attack. The hackers gained access to their servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.... .........
The more I think about it, the more I regret why I didn't back it up in the first place. My website has been gone for more than a year. I am really lucky. I finally got a reply from customer service. It turns out that the customer service already knew about the vulnerability and just shut it down to fix it. It was not a hacker attack. Now that the station is back to normal, I am happy to write down my feelings.
Here 3GPPV reminds all VPSers: VPS has a price, but data is priceless. Please develop the habit of frequent backups, or write a script to automatically complete backups!!!! I hope you use FSCKVPS to retrieve data as soon as possible and resume production as soon as possible. At the same time, we also hope that FSCKVPS can handle related matters.