English
Русский
Hosting provider 4VPS·SU has disclosed new details about a large-scale cyberattack that hit its website, client billing system, and part of its server infrastructure in late April and early May. It turned into one of those stories where the internet first screams “everything is gone,” and engineers then spend weeks sorting through the aftermath of somebody else’s enthusiasm for chaos and extortion.
According to the company, attackers managed to replace a proxy server, temporarily redirecting the provider’s domain to a phishing page displaying a fake message about the complete destruction of the infrastructure. As it later turned out, the dramatic “total breach” announcement was part of the attack itself. The internet has apparently reached the stage where panic is now delivered as a service.
Container Exploit and Damage Across 151 Nodes
4VPS·SU said the attackers used an exploit connected to a container inside the hosting control panel. After gaining access, they deleted the client billing system and damaged GRUB bootloaders on 151 virtual machine nodes.
The incident quickly escalated beyond a routine outage. Corrupted bootloaders triggered endless reboot cycles, which then caused filesystem integrity issues on part of the VPS fleet. Engineers also discovered disabled RAID arrays, disconnected network interfaces on nodes, and attempts to enable rpcbind services for further SSH-based attacks.
The company noted that the SSH exploitation attempts ultimately failed because the affected packages had already been updated to current versions. Sometimes a timely apt upgrade turns out to be more useful than it looks at three in the morning.
Failed Drives and Lost VPS Instances
The most severe consequences came from hardware failures. During the repeated reboot loops, physical disks failed on five nodes: three in Kemerovo, one in Novosibirsk, and one in Moscow.
As a result, some virtual servers could not be recovered. The provider said customers affected by the irreversible losses received full refunds for their VPS services.
At the same time, 4VPS·SU stressed that the core infrastructure itself was not physically destroyed and that customer data remained intact in most cases. A large part of the downtime was caused either by emergency network isolation measures designed to contain the attack or by the damaged bootloaders themselves.
What Has Already Been Restored
According to the provider, the website, billing platform, ticket system, and the 4DEDIC·IO service have now been restored. Access to VMmanager has also been reopened, although VPS instances ordered between April 21 and May 2 still face temporary restrictions while recovery work continues.
The company’s Telegram bot is operational again, and the 4domain service is expected to return in the coming days.
Engineers continue auditing the infrastructure and addressing architectural weaknesses uncovered during the incident. The provider admitted that the attack exposed several systemic flaws that now have to be fixed without any remaining illusions about how “creative” modern infrastructure attacks can become.