CloudCone 洛杉矶 VPS 节点遭漏洞攻击：Virtualizor 平台被入侵，多台服务器数据不可恢复，服务重建中

近日，海外云服务商 CloudCone 发布事件通告称，其洛杉矶（LA）VPS 节点因第三方虚拟化管理平台 Virtualizor 存在安全漏洞，被攻击者非法利用取得访问权限，导致部分 VPS 所在磁盘遭到破坏，用户数据出现不可恢复的损失。

事件经过：漏洞入侵 + 磁盘损毁

根据官方说明，本次事故源于 Virtualizor 平台的安全缺陷。攻击者通过该漏洞进入 LA 区域的 VPS 管理节点，并直接破坏了部分虚拟机所挂载的磁盘。

由于属于底层存储级破坏，相关数据无法恢复。受影响用户只能通过重新部署 VPS 并使用自有备份进行恢复。

换句话说：

• 未做备份 = 数据基本无法找回
• 有异地/本地备份 = 可重新上线

这类事故再次印证了 VPS 使用中的一条铁律：云服务器 ≠ 自动备份，备份必须自己做。

官方处置进展

CloudCone 表示，目前正在：

• 重装所有受影响节点与宿主机系统（清除后门与残留）
• 强化防火墙策略与 IP 层访问限制
• 全面重置访问密钥、密码、Token
• 下月开始逐步 迁移离开 Virtualizor，改用自研内部平台

同时，平台将允许用户重新安装 VPS，并自行恢复数据。

安全说明：哪些数据没泄露？

官方特别强调，此次事件影响范围仅限于 VPS 管理层，并未扩散至核心系统：

✅ 攻击者未读取用户 VPS 内的数据
✅ 无个人身份信息（PII）泄露
✅ 无账单或支付信息泄露
✅ 计费系统与客户数据库未受影响

也就是说，本次更像是**“基础设施破坏型事故”**，而非“数据窃取型攻击”。

行业点评：这次事故释放了什么信号？

从技术角度看，这属于典型的：

第三方控制面板漏洞 → 节点权限被拿 → 底层磁盘被破坏

暴露出几个问题：

1. 依赖第三方虚拟化面板的安全风险
2. 单节点/单存储无冗余架构的脆弱性
3. 用户普遍缺乏自动备份机制

不少小型或高性价比 VPS 商家都使用 Virtualizor、SolusVM 等面板，一旦控制层被攻破，影响往往是整节点级别。

给用户的实用建议

如果你也在用 VPS / 云服务器，建议立即：

• 开启 每日自动备份
• 至少保留 1 份 异地备份（本地或对象存储）
• 不要把 VPS 当“网盘”
• 关键业务使用多节点或多云容灾

一句话总结：
👉 服务器随时可能挂，备份才是真正的保险。

附cloudcone官方的回复全文：

We are writing to provide a clear update regarding the incident affecting your service.

A vulnerability in the platform we use (Virtualizor) allowed an attacker to gain access to our LA VPS nodes where your VPS was hosted. As a result, the attacker damaged the disk associated with your VPS, and the data on it is irrecoverable.
We are currently rebuilding the affected nodes and preparing the platform for service re-installation, so that users will be able to reinstall their VPS and deploy their own backups in order to get back online.

Further information on when servers will be ready for re-installation will be communicated to affected users via email.

Actions and precautions taken;
To prevent similar incidents in the future, the following measures are being implemented:

• All affected nodes and hypervisors are undergoing fresh OS installations to remove any backdoors or residual traces.
• Existing firewall policies and IP-level blocking are being revised and deployed.
• All access keys, passwords, and tokens have been fully refreshed.
• A migration away from Virtualizor to a different, in-house platform is being implemented and will begin next month.

Data and security clarification;

• The attacker does not have access to your VPS data.
• No customers’ personally identifiable information was compromised.
• No billing or payment information was compromised.
• The incident was isolated to the VPS management platform (Virtualizor) / LA VPS products and did not affect our billing systems, customer databases or other product lines we offer.

We sincerely understand the impact this incident has caused and appreciate your patience while we work to restore service availability.

For transparency and ongoing updates, a detailed incident report and progress updates are available on our status page (https://status.cloudcone.com/), which is our central communication channel for this incident.

To help manage communications and prevent system overload, this ticket has been temporarily locked; all further updates regarding this incident will be shared via the status page and email.