Welcome!

Virtualization Authors: Pat Romanski, Liz McMillan, Maureen O'Gara, Dana Gardner, Elizabeth White

Related Topics: Virtualization, Cloud Expo

Virtualization: Article

Developer Dead after Hack Deletes 100,000 Hosted Sites

A 32-year-old software developer, who started a company called Lxlabs at home in Bangalore, is dead of an apparent suicide
By Maureen O'Gara
Article Rating:
June 9, 2009 04:45 PM EDT
Reads:
 3,572

A 32-year-old software developer, who started a company called Lxlabs at home in Bangalore, is dead of an apparent suicide after hackers exploited a critical vulnerability in the VPS management software he wrote and wiped out the data on a reported 100,000 web sites hosted by the British firm VAserv Sunday night.

KT Ligesh, who created the Xen/OpenVZ-based hyperVM package and the integrated Kloxo (née Lxadmin) web hosting platform that VAserv depended on, was found hanged from the ceiling of his bedroom by his roommate Monday morning after a late night of heavy drinking, according to the Times of India.

His mother and sister killed themselves the same way five years ago, the paper said, and Ligesh, whose shoulder tattoo read "God is a F****** Idiot," was reportedly brooding Sunday about their deaths and the loss of a contract. The hack may have pushed him over the edge.

LxLabs' web site claims that hyperVM managed more than 30,000 Windows-based virtual private servers and that 8,000 servers were running Kloxo. It says the largest single installation of hyperVM centrally managed more than 4,000 VPSes.

It touts the software as the most advanced and flexible hosting platform on planet Earth but security researchers at Milw0rm just warned that Kloxo is riddled with 24 glaring vulnerabilities.

VAserv believes a deliberate SQL injection attack on its servers penetrated its central management software and wiped out the vital binaries destroying about half the user data stored on its system all at once, according to The Register.

The company said it was attacked by a zero-day exploit in hyperVM version 2.0.7992 and that it's heard from other firms that have also been hit.

VAserv specializes in low-cost web hosting and runs CheapVPS and FSCKVPS. It has been struggling to restore its vandalized servers, but has given up hope of recovering all of the lost data.

About half the customers affected had no backup since they opted for VAserv's unmanaged service. The company's site lists two dozen servers as having "total data loss."

Its nodes in the US are also affected.

It is offering two-month of free hosting to customers that lost data and require a new VPS.

Published June 9, 2009 – Reads 3,572
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Maureen O'Gara

Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025. Twitter: @MaureenOGara

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.