As per the clarifications made by LiquidVPN, we have come to know that only a small fraction of VPN accounts (1 in 50) needed to be recreated due to corrupting of LiquidVPN’s primary authentication database.
The DDoS affected secondary auth databases network of LiquidVPN.
Further, the message for enabling of logging was meant to warn the hackers to stop their illegal activities. The logging information to be taken was specified basics of VPN sessions including, timestamps, user accounts and IPs.
The logging was only planned to hit a cluster of 6 VPN servers and 2 security related servers located in Dallas, the network then under complaint for misuse.
However, LiquidVPN memo did not seem to have any worries for the attackers, because attacks to Bank of America did not stop.
A statement by LiquidVPN reads
“Apparently the hacker didn’t get the memo because more reports came in and they shut down our servers there without giving us a refund for the time we had pre-paid and before logging was ever actually enabled.”
The incident has been an immense learning for LiquidVPN. It has made some tremendous improvements in its transparency and log policies and has adopted the path of full disclosure for abuse reports and complaints, including network status and tickets.
Now that LiquidVPN servers are working perfectly fine, these policy updates and will keep users well informed in advance.
End of Update.
DDoS, corrupted servers and user abuses have sent LiquidVPN in hot waters. Its south USA subscribers are facing a VPN blackout until they get their account manually recreated.
Eight of LiquidVPN servers may also possibly go completely offline without notice, LiquidVPN reported today.
The Distributed Denial of Service (DDoS) attack affected one of Liquid VPN authorization servers. Users logging on LiquidVPN from these servers might face a temporary suspension of personal unlimited VPN service.
The main database used for authorization has failed.
As a result, LiquidVPN south US subscribers won’t be able to sign in to their accounts taking the usual path. The failover database corrupted accounts of some subscribers to an old, single session plan.
If your account is facing signing issues, LiquidVPN said, shoot a trouble ticket to support for a manual configuration.
Logging Being Enabled on Abuse Reports
The data centre hosting LiquidVPN servers has also reported over 50 misuses of VPN service, including an attack on Bank of America along with distribution of copyrighted, hate and defamatory material.
As a result, LiquidVPN has been mandated to keep logs and other user information to address issues of illegal activities taking place via its servers.
LiquidVPN has clearly asked users to keep a watch on any misuse of their accounts to save itself from further damage.
Summing it Up
The DDoS attacks and misuse of VPN service have compelled Liquid VPN to enable monitoring of user logs and other information.
With an authentication server down, LiquidVPN user might not be able to sign in their accounts until they get it manually reconfigured from LiquidVPN’s support.
It is advised that LiquidVPN users review and abide by terms and policies of their service, and stop any illegal activities that can create legal troubles both for their vendor and themselves.
Latest posts by Faisal Arshad (Posts)
- Who’s affected and who’s not? How to Stay Safe from OpenSSL’s Heartbleed - April 11, 2014
- Cheapest VPN – Get Best Value for money with Cheap VPN - April 11, 2014
- Get the Best p2p VPN for Safe File Sharing - April 10, 2014