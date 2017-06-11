Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider (bleepingcomputer.com) 46
An anonymous reader quotes BleepingComputer: Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company's servers. Details of what exactly happened aren't available, but according to posts on various web hosting forums [1, 2, 3], the incident appears to have taken place Thursday, when users couldn't access their servers or the company's website.
Verelox's homepage came back online earlier Friday, but the website was plastered with a grim message informing users of the ex-admin's actions. Following the incident, the hosting provider decided to take the rest of its network offline and focus on recovering customer data. Verelox staff don't believe they can recover all data.
Saturday night the web site was advising customers that the network and hosting services "will be back this week with security updates," adding that "current customers who are still interested in our services will receive compensation."
Nobody with a brain stores important data on someone elses server.
...without a backup.
You can wipe every single VM I have and I can restore everything within an hour because they are all configured using salt. The databases are snapshotted every hour and backed up using tarsnap as well as an rsync down to a NAS at my house.
I know I can do it in an hour because when Digital Ocean was having trouble at one of their data centers a few years back, I spun up new VMs and migrated everything to another data center.
Hey dumb motherfucker, ever heard of a logic bomb? Or backdoors? If this guy went and deleted everything, what exactly makes you think that he didn't also backdoor everything or planted a logic bomb to delete it all.
Sounds like you are just as stupid as the guys who work at Verelox who think that just removing a account/passwords solves all security issues related to firing a sysadmin.
Firing a sysadmin is perhaps one of the most dangerous things a company can do.
What is particularly idiotic is that everyone didn't understand it from the beginning. But clearly, they don't.
That's a bit condescending of a position. Most cloud users do know that; you pay for the convenience not to fund and support a datacenter yourself.
Maybe people will start realizing that the Cloud is just "someone elses servers" and you have no idea how they manage them or back them up.
Hosting was around long before cloud, and for some reason never garnered the amount of haters that cloud currently endures. VPS is hosting, not cloud...please direct your hate appropriately.
The Cloud is like Windows. A good clean install is needed every couple of years, to wipe out the cruft.
Did they not remove the ex-admin's credentials, or what? I mean, regardless of how the ex-admin gained access to the data to wipe it, it's a crime. But I'd like to know if Verelox was stupid enough to not remove his credentials, or this happened some other way. (Like, did he do this his last day of work as a "fuck you" to management for firing him?)
Did they not remove the ex-admin's credentials, or what?
They should... but if you're sitting with the keys to the kingdom you might have the domain administrator account password, root passwords, various service accounts set up for particular purposes including but not limited to integration with external access... Yes, all could be done with the proper procedures in place. But very often the responsible for such IT procedures is the admin and the admin is the one keeping tabs on what everyone else has access to. Plus you often have the rights to create undocume
At least these two stories are from different perspectives: https://m.slashdot.org/story/3... [slashdot.org]
The story stays the same - don't fuck over your admins and have proper procedure and backup.
Why no secure backups?...
The article(s) seem to indicate that most, but not all, customer data can be recovered. So it seems there were working backups. But in a hosting environment, not everything is backed up continuously, and that may be where some of the data will be lost.
