For information, this was made possible because of the crappy control panel known as "Virtualizor" that many little hosting companies use.
Whenever your start a Virtual Machine, you may notice that it takes quite a while before it shows as started up, this is because Virtualizor effectively attempts to read the disks and check for partitions, if partitions are found, it will mount them then search for certain files and overwrite them, such as network configuration files. This cannot be disabled even by the administrator of the hypervisor! So after compromising Virtualizor, the attacker simply altered the disk analysis scripts. It is however possible to prevent Virtualizor from running the disk analysis scripts by preventing it from mounting your partitions, one way to do this is by encrypting everything. But in general, you should always avoid renting a VM from a service that rely on "Virtualizor". _______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
