Presenting new service from Nsomnia Networks - VPNSHELL.CC
Client-server on OpenVPN technology is a popular technology with the support of the absolute majority of modern platforms. Forget about hacking and mumbo jumbo!
we will conduct a scheduled maintenance 23th June 2018 from 23:00 CEST till 01:00 CEST on systems where your shared-hosting accounts and VPS-servers are located. The maintenance includes server software update. During update services will encounter temporary downtimes.
Thanks your your patience.
[11:47 CEST] We are encountering a power outage in Frankfurt data center (FRA-10). This power outage might result in unavailability of your services. Our data center engineers are on-site to investigate the cause of this issue. Please be assured that we will do our utmost best to keep the downtime as short as possible.
[12:00 CEST update] Power is restored and our data center engineers are working hard on bringing up all servers again. If you still experience downtime please contact support.
In late April, there were numerous facts of hacking servers in the data center. Attackers got root access to servers and used them for various purposes - miners, zombies for DDOS attacks, etc. Later it was figured the vulnerable is because of permanently available ip-kvm access. It was through vulnerabilities in ILO software that grants access to an operating systems at the end.
Red Hat has been made aware of a command injection flaw found in a script included in the DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7.
A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.
The DHCP protocol is used to configure network related information in hosts from a central server. When a host is connected to a network, it can issue DHCP requests to fetch network configuration parameter such as IP address, default router IP, DNS servers, and more.
The DHCP client package dhclient provided by Red Hat has a script /etc/NetworkManager/dispatcher.d/11-dhclient (in Red Hat Enterprise Linux 7) or /etc/NetworkManager/dispatcher.d/10-dhclient (in Red Hat Enterprise Linux 6) for the NetworkManager component, which is executed each time NetworkManager receives a DHCP response from a DHCP server. A malicious DHCP response could cause the script to execute arbitrary shell commands with root privileges.
Red Hat would like to thank Felix Wilhelm from the Google Security Team for reporting this flaw.