All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Warning: databreach recycled server(s) from @VPSSLIM
August 6 I ordered a dedi from this thread https://lowendtalk.com/discussion/208212/estonia-the-netherlands-1gbps-unmetered-10gbps-dedicated-server-deals-instant-setup/p1
Took a while to get it running, but that's for another review.
But: server went down on october 12th. Motherboard/ ram issues.
After a downtime of almost 1.5 month(!!!) last thursday they managed to provide a replacementserver with username and password.
Tried to login, password/username didn't work. Via rescuemode I managed to get my sshkeys on the dedi, rebooted and logged in.
But guess what? Data from a previous customer was on it. Authorized_keys, logfiles, history, users home directories, settings, all was there including some juicy stuff from history command.
The 'last' command gives entries from august 8.
Check for example the dates from Nginx (which I didn't install, but Nginx still was running from previous customer) logfiles dating back to Aug 9, while HostSlim provided me the server 3 days ago.
-rw-r----- 1 www-data adm 6322 Nov 22 16:32 access.log -rw-r----- 1 www-data adm 99895 Nov 20 11:07 access.log.1 -rw-r----- 1 www-data adm 14803 Nov 11 23:59 access.log.10.gz -rw-r----- 1 www-data adm 13973 Nov 10 23:59 access.log.11.gz -rw-r----- 1 www-data adm 17299 Nov 9 23:59 access.log.12.gz -rw-r----- 1 www-data adm 14869 Nov 8 23:59 access.log.13.gz -rw-r----- 1 www-data adm 17293 Nov 7 23:59 access.log.14.gz -rw-r----- 1 www-data adm 13969 Nov 19 23:59 access.log.2.gz -rw-r----- 1 www-data adm 16028 Nov 18 23:59 access.log.3.gz -rw-r----- 1 www-data adm 19981 Nov 17 23:59 access.log.4.gz -rw-r----- 1 www-data adm 12363 Nov 16 23:59 access.log.5.gz -rw-r----- 1 www-data adm 13933 Nov 15 23:59 access.log.6.gz -rw-r----- 1 www-data adm 14959 Nov 14 23:59 access.log.7.gz -rw-r----- 1 www-data adm 14495 Nov 13 23:59 access.log.8.gz -rw-r----- 1 www-data adm 17869 Nov 12 23:59 access.log.9.gz -rw-r----- 1 www-data adm 0 Oct 19 00:00 error.log -rw-r----- 1 www-data adm 204 Oct 18 22:52 error.log.1 -rw-r----- 1 www-data adm 2020 Oct 10 21:01 error.log.2.gz -rw-r----- 1 www-data adm 236 Oct 2 06:56 error.log.3.gz -rw-r----- 1 www-data adm 25055 Sep 30 18:09 error.log.4.gz -rw-r----- 1 www-data adm 172 Sep 20 19:52 error.log.5.gz -rw-r----- 1 www-data adm 96 Aug 27 06:26 error.log.6.gz -rw-r----- 1 www-data adm 172 Aug 21 10:01 error.log.7.gz -rw-r----- 1 www-data adm 93 Aug 9 00:33 error.log.8.gz
Authorized_keys from previous customer, hostnames anonymized
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9Yq64RJaqmYvgrJgfQF+oNNvPGr7XtE5a2olo1SV+c root@xxxxxxxxxx ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYbuHWc+sWW2wp//NykMN+DKhWSrxJfOoQBc/XNATZSFstxLBNRysOdLCAXx5yv+4JzNChD3lEQUojccLDI7jc5yR1Fsf2id+317vSMbiFvsm/pHTze8I9pAkWZ597jOHVLgW9c57EuYohROfKuNWKobDl1gdir4w62ecxbcXGpeDqEMdRZPFuPyLOV8gZvdX+LX2+tDqtdSAMCJccA6FOfHTo9DdJWYPgM9kEVUa4KD+nf59/C83GToIvrECjarpNT4FqTq9TgHHdxWkB5ACPee8ecOUgwbKNphkmxA1DhwL/MnNYIWDaoclfNI1jyRAjQ2vlp0ZOUPRz7YW+ivxbpLPBa7Hn92LWyrdZubxV1vtecSyUo3+aCVLq9XVTGvcV2zp25whkgiRRFdiNgXOpjoTLouZtyGjwZvj70LChMn7fQVElT0WXLh/NWn24qUC8EstaGNPvzXR6flwkrw+S0d8uMkHmAAYi1ofsZT0tCspFOebzoGUv8PNUj4PxPX0= root@xxxxxxxxxx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7U1PwzED4c+VNCN5ki/5OZFZt8D6Kz7hE6qnysvnpX root@xxxxxxxxxx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4umrpIkM82TIsta6DvYQitWYz1BtwglyGvz29ZXGJ8 root@xxxxxxxxxx
So it looks like Hostslim @VPSSLIM doesn't care about customers data and server(s) which are recycled carry the data from previous customers, which is a huge security/ privacy issue.
Be aware if you're hosting stuff with Hostslim @VPSSLIM
BTW, server is from the 193.3.189.xxx iprange, Estonia location.
If the previous user is active on LET and reading this, I'll erase the disk asap.
LowEndBox & LowEndTalk.
Comments
oh
lmao
might raid you for posting keys.
Public sshkeys, nothing to worry about.
wow, ouch.
wait, i wonder if that other customer knows hostslim gave away their box?
My best advice is to not use LET providers for anything remotely serious apart from a few exceptions because they do stuff like this
Tangentially related, I've found lots of sex videos in used phones, laptops bought on ebay
vpsslim again and again
Well... if someone is letting go a server, specially a dedicated server, he or she would better wipe out the the entire drives before the server expires. I'd appreciate if the hosting provider would do an additional wipe, but I can't really blame them if they don't.
This also applies for the additional HDD drives attached to storage VPS. Oftentimes they are not wiped automatically upon cancellation.
I have't used vpsslim before, but they are definitely not the only one that does not wipe drives used by previous customers.
Whether it's a company-issued laptop or a bare metal server, my immediate priority is to configure the system with LUKS full-disk encryption. I do this to prevent what happened to OP.
You're right, but what if a server goes down because of hardwarefailure and as a customer don't have access to it?
proof? dm me with download so i can "verify"
im gonna hold your cock and tickle your balls when i say this, that is a very weird kink to have
Why not contact the previous owner yourself? Given it was a web server you could probably find a domain name or something
But if not, you will not erase?
Backup ?
Why am I not surprised
Hmm what would be the best thing to do? Dig a little to find the owner or just wipe without snooping?