Cloudy Circumstances Surround LXLabs Suicide

There are never adequate words to describe tragedies, especially those that involve loss of life. Today we find ourselves struggling for words to report the apparent suicide of LXLabs founder K. T. Lingesh on Monday.

LXLabs is perhaps best known for HyperVM, a popular control panel for virtual private server management. The product is used by countless VPS providers to control Xen and OpenVZ virtualization and, along with the hosting control panel Lxadmin (now known as Kloxo), to build and manage shared web hosting systems. Some twenty-four vulnerabilities in the Kloxo platform were recently discovered and patched by the company, a harbinger, perhaps of what was to come. Over the weekend, Veraserv, a hosting provider based in the United Kingdom, was the subject of a hacking attack, resulting in some 100,000 websites hosted with the company being deleted — roughly half of the company's stored user data. According to reports, many of the affected accounts had chosen the company's unmanaged hosting plans — significantly less expensive than managed plans — which did not include automatic backups, and as a result, their data may have been lost permanently.

Veraserv, which says that other firms have acknowledged experiencing similar attacks, attributed the breach to a zero-day vulnerability in HyperVM (Version 2.0.7992), possibly involving a SQL-injection attack against the company's central management system. The company's website, which has been replaced with plain-text — presumably due to traffic volume — bears a notice to customers containing information about the attack, the status of the company's systems and users' accounts, the steps being taken to remedy the situation, and a brief FAQ. The obviously quickly-composed message also includes a log of the actions being taken by Veraserv staff, including the provisioning of new virtual private servers to all affected customers.

According to The Times of India1, K. T. Lingesh and a roommate identified only as "Sheenu" spent Sunday evening drinking and talking — according to the report, the two talked about Lingesh's mother and sister, both of whom committed suicide several years ago. The Times article also suggests he was upset over a contract recently lost by LXLabs — there is no mention of the Veraserv hack or the Kloxo vulnerabilities in the article, though most reports draw what is certainly a clear link between the attacks and Lingesh's death. The Times indicates that "Sheenu" went to bed sometime after midnight, and on awaking Monday morning, found the thirty-two year old had hung himself.

Lingesh's death — as hardly needs saying — came as a great shock to fellow developers and LXLabs customers. One provider, Seattle-based VPSLink — a subsidiary of Spry, providing unmanaged virtual private servers — reported his death on its blog, expressing its sadness and saying the company had been in contact with Lingesh as late as Saturday to discuss LXLabs' software, including the possibility of joining the firm.

As of this time, LXLabs has not commented on the attacks or Lingesh's death — it is not immediately apparent who, if anyone, will step into Lingesh's role and what the future of the company and its products will be. Breaking News will continue to update this article as new information becomes available.


1 — The Times of India article contains some India-specific descriptions which results in some unclear information.
______________________

Justin Ryan is a Contributing Editor for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More like weak repeated passwords!

Anonymous's picture

Do some research and you will find the txt from the hacker (who said it was not HyperVM) it was actually the admin / owner using the same password repeatedly.

R.I.P Ligesh

venerability

Anonymous's picture

> zero-day venerability in HyperVM

I think you mean "vulnerability" instead.

J

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix