Cloudy Circumstances Surround LXLabs Suicide
There are never adequate words to describe tragedies, especially those that involve loss of life. Today we find ourselves struggling for words to report the apparent suicide of LXLabs founder K. T. Lingesh on Monday.
LXLabs is perhaps best known for HyperVM, a popular control panel for virtual private server management. The product is used by countless VPS providers to control Xen and OpenVZ virtualization and, along with the hosting control panel Lxadmin (now known as Kloxo), to build and manage shared web hosting systems. Some twenty-four vulnerabilities in the Kloxo platform were recently discovered and patched by the company, a harbinger, perhaps of what was to come. Over the weekend, Veraserv, a hosting provider based in the United Kingdom, was the subject of a hacking attack, resulting in some 100,000 websites hosted with the company being deleted — roughly half of the company's stored user data. According to reports, many of the affected accounts had chosen the company's unmanaged hosting plans — significantly less expensive than managed plans — which did not include automatic backups, and as a result, their data may have been lost permanently.
Veraserv, which says that other firms have acknowledged experiencing similar attacks, attributed the breach to a zero-day vulnerability in HyperVM (Version 2.0.7992), possibly involving a SQL-injection attack against the company's central management system. The company's website, which has been replaced with plain-text — presumably due to traffic volume — bears a notice to customers containing information about the attack, the status of the company's systems and users' accounts, the steps being taken to remedy the situation, and a brief FAQ. The obviously quickly-composed message also includes a log of the actions being taken by Veraserv staff, including the provisioning of new virtual private servers to all affected customers.
According to The Times of India1, K. T. Lingesh and a roommate identified only as "Sheenu" spent Sunday evening drinking and talking — according to the report, the two talked about Lingesh's mother and sister, both of whom committed suicide several years ago. The Times article also suggests he was upset over a contract recently lost by LXLabs — there is no mention of the Veraserv hack or the Kloxo vulnerabilities in the article, though most reports draw what is certainly a clear link between the attacks and Lingesh's death. The Times indicates that "Sheenu" went to bed sometime after midnight, and on awaking Monday morning, found the thirty-two year old had hung himself.
Lingesh's death — as hardly needs saying — came as a great shock to fellow developers and LXLabs customers. One provider, Seattle-based VPSLink — a subsidiary of Spry, providing unmanaged virtual private servers — reported his death on its blog, expressing its sadness and saying the company had been in contact with Lingesh as late as Saturday to discuss LXLabs' software, including the possibility of joining the firm.
As of this time, LXLabs has not commented on the attacks or Lingesh's death — it is not immediately apparent who, if anyone, will step into Lingesh's role and what the future of the company and its products will be. Breaking News will continue to update this article as new information becomes available.
1 — The Times of India article contains some India-specific descriptions which results in some unclear information.
Justin Ryan is a Contributing Editor for Linux Journal.
Practical books for the most technical people on the planet. Newly available books include:
- Agile Product Development by Ted Schmidt
- Improve Business Processes with an Enterprise Job Scheduler by Mike Diehl
- Finding Your Way: Mapping Your Network to Improve Manageability by Bill Childers
- DIY Commerce Site by Reven Lerner
Plus many more.
- Server Hardening
- Unikernels, Docker, and Why You Should Care
- diff -u: What's New in Kernel Development
- Controversy at the Linux Foundation
- 22 Years of Linux Journal on One DVD - Now Available
- Giving Silos Their Due
- Non-Linux FOSS: Snk
- Don't Burn Your Android Yet
- What's New in 3D Printing, Part III: the Software