Hacker destroys OpenSim regions

An unknown hacker took down more than a hundred OpenSim regions this weekend, as well as over a hundred thousand websites.

This is bad news for some OpenSim hosting companies who relied on low-cost virtual shared servers to host their regions.

Chris Greenwell, for example, lost 41 regions total, including the Business Center region on OSGrid, and the Trombly Ltd office park. His backups were stored on other servers which were also hit, and he is currently investigating how much he will be able to salvage.

Greenwell was using the FsckVPS server company, which was running the hacked HyperVM virtual server management software.

Nebadon Izumi, president of the OSGrid — the largest grid running OpenSim — estimates that at least 100 regions went down as a result of the HyperVM hack.

Simon Gutteridge, director of Pioneerx Estates, said that he lost 30 regions to the hack — but that he had off-line backups, so he’ll be able to bring them back up again.

“We have off-site backups of all critical data so regions can be restored once we get the hardware back,” he said. “But some recent additions to our unique web interface will have been lost and need to be re-done.”

For example, Gutteridge said he spent three days working on fixing an asset-related issue with the OpenSim regions, and completed it just three hours before the attack.

“It has forced me to start looking harder at getting fully dedicated hardware and our own grid services,” he said.

Losses were limited to OpenSim regions hosted on Linux shared virtual servers running the HyperVM management software from LxLabs, whose president committed suicide in Bangalore on Monday.

Server companies affected include FsckVMS and VAServ.

As a result, ReactionGrid, which runs the Microsoft stack on servers from Cari.net, was not hit by the hackers.

“We have not been affected in the slightest,” said Chris Hart, ReactionGrid’s chief technology officer.

The problems were limited to servers running Linux-based virtualization technology, she said.

“We have a machine that runs Windows Server 2008 Datacenter Edition with Microsoft HyperV virtualization software,” she said. “This gives us native hardware-level access to the underlying technology and resources on that parent machine for each virtual machine we run, and hence provides great performance. The parent machine that we host at our Cari data center is a full hardware Windows server on which we run Microsoft HyperV to split the resources across different virtual servers.”

The Linux HyperVM problem is not related to the Microsoft HyperV product, she said.

This vulnerability is not a HyperV issue, but a major security hole in one Linux-based virtualization technology that thankfully has nothing to do with the Windows platform.

Maria Korolov

Maria Korolov is a science fiction writer who covers cybersecurity, AI and extended reality as a tech journalist at her day job.
Check out her author page on Amazon or follow her on Twitter, Facebook, or LinkedIn. Her first virtual world novella, Krim Times, made the Amazon best-seller list in its category. Her second novella, The Lost King of Krim, is out now.