DMIT补货美西及日本地区的中国大陆优化线路
因为IP资源不足,硬件价格上涨。之前一段时间DMIT下架了相关机型。现在补货了,但仍因为上述限制,取消了一些机型的季付…
目前如果想要比较稳定中国大陆优化线路机型的,可以认真考虑用这些进行过渡,等有更优惠机型了再考虑换掉(不知道猴年马月了)。
LAX.AN4.Pro.TINY
线路:洛杉矶 三网CN2 GIA, IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-pro
配置:1C / 2G / 20G SSD
流量:1TB / 1Gbps
价格:88USD/ 年
https://www.dmit.io/aff.php?aff=184&pid=237
LAX.AN4.EB.TINY
线路:洛杉矶 电联 9929/移动CMIN2,IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-eb
配置:1C / 2G / 20G SSD
流量:1.5TB / 1Gbps
价格:88USD/ 年
https://www.dmit.io/aff.php?aff=184&pid=245
TYO.AS3.Pro.TINY
线路:东京 三网CTGNet CN2 GIA
Looking Glass (可自测速度):
https://lg.dmit.sh/?server=tyo-pro
配置:1C / 1G / 20G SSD
流量:500GB / 1Gbps
价格:21.9USD/ 月
https://www.dmit.io/aff.php?aff=184&pid=138
消息来源(感谢): Nanase的随记 / Faker的个人频道
因为IP资源不足,硬件价格上涨。之前一段时间DMIT下架了相关机型。现在补货了,但仍因为上述限制,取消了一些机型的季付…
目前如果想要比较稳定中国大陆优化线路机型的,可以认真考虑用这些进行过渡,等有更优惠机型了再考虑换掉(不知道猴年马月了)。
LAX.AN4.Pro.TINY
线路:洛杉矶 三网CN2 GIA, IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-pro
配置:1C / 2G / 20G SSD
流量:1TB / 1Gbps
价格:88USD/ 年
https://www.dmit.io/aff.php?aff=184&pid=237
LAX.AN4.EB.TINY
线路:洛杉矶 电联 9929/移动CMIN2,IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-eb
配置:1C / 2G / 20G SSD
流量:1.5TB / 1Gbps
价格:88USD/ 年
https://www.dmit.io/aff.php?aff=184&pid=245
TYO.AS3.Pro.TINY
线路:东京 三网CTGNet CN2 GIA
Looking Glass (可自测速度):
https://lg.dmit.sh/?server=tyo-pro
配置:1C / 1G / 20G SSD
流量:500GB / 1Gbps
价格:21.9USD/ 月
https://www.dmit.io/aff.php?aff=184&pid=138
消息来源(感谢): Nanase的随记 / Faker的个人频道
❤2
出租/22 ARIN IP,不能加ROA的,只能prepend asn 用。🤪😕如有需要请联系: @RCE_Exploit
🥳靠谱VPS推荐(默认带aff) - VPS仓/古博
DMIT补货美西及日本地区的中国大陆优化线路 因为IP资源不足,硬件价格上涨。之前一段时间DMIT下架了相关机型。现在补货了,但仍因为上述限制,取消了一些机型的季付… 目前如果想要比较稳定中国大陆优化线路机型的,可以认真考虑用这些进行过渡,等有更优惠机型了再考虑换掉(不知道猴年马月了)。 LAX.AN4.Pro.TINY 线路:洛杉矶 三网CN2 GIA, IPv6为CMIN2 LookingGlass(可自测速度): https://lg.dmit.sh/?server=lax-pro 配置:1C /…
DMIT 洛杉矶 LAX AN4的已经全部下架,目前只有AN5有资源,最低年付从88美金升级到119.99美金。硬件性能更强,并且可以选择月付。
LAX.AN5.Pro.TINY
线路:洛杉矶 三网CN2 GIA, IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-pro
配置:1C / 2G / 20G SSD
流量:1TB / 1Gbps
价格:119.99USD/ 年 或12.98USD/月
https://www.dmit.io/aff.php?aff=184&pid=100
LAX.AN5.EB.TINY
线路:洛杉矶 电联 9929/移动CMIN2,IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-eb
配置:1C / 2G / 20G SSD
流量:1.5TB / 1Gbps
价格:119.99USD/ 年 或12.98USD/月
https://www.dmit.io/aff.php?aff=184&pid=189
日本的AS3不受影响,继续维持。
TYO.AS3.Pro.TINY
线路:东京 三网CTGNet CN2 GIA
Looking Glass (可自测速度):
https://lg.dmit.sh/?server=tyo-pro
配置:1C / 1G / 20G SSD
流量:500GB / 1Gbps
价格:21.9USD/ 月
https://www.dmit.io/aff.php?aff=184&pid=138
LAX.AN5.Pro.TINY
线路:洛杉矶 三网CN2 GIA, IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-pro
配置:1C / 2G / 20G SSD
流量:1TB / 1Gbps
价格:119.99USD/ 年 或12.98USD/月
https://www.dmit.io/aff.php?aff=184&pid=100
LAX.AN5.EB.TINY
线路:洛杉矶 电联 9929/移动CMIN2,IPv6为CMIN2
LookingGlass(可自测速度):
https://lg.dmit.sh/?server=lax-eb
配置:1C / 2G / 20G SSD
流量:1.5TB / 1Gbps
价格:119.99USD/ 年 或12.98USD/月
https://www.dmit.io/aff.php?aff=184&pid=189
日本的AS3不受影响,继续维持。
TYO.AS3.Pro.TINY
线路:东京 三网CTGNet CN2 GIA
Looking Glass (可自测速度):
https://lg.dmit.sh/?server=tyo-pro
配置:1C / 1G / 20G SSD
流量:500GB / 1Gbps
价格:21.9USD/ 月
https://www.dmit.io/aff.php?aff=184&pid=138
❤5
咕咕云洛杉矶精品网 CN2 - 2C/2G/30G SSD/500G 月付49 年付588元
洛杉矶精品网 CN2 按流量计费峰值带宽已调整至 500M,起售价格已下调 30%。
默认按带宽付费需要手动选择500G流量
需要实名认证
适合对商家有了解或者已经实名的老用户,之前他家IPLC被下架挺伤的
https://urls.vpscang.com/ggy-lax-cn2
洛杉矶精品网 CN2 按流量计费峰值带宽已调整至 500M,起售价格已下调 30%。
默认按带宽付费需要手动选择500G流量
需要实名认证
适合对商家有了解或者已经实名的老用户,之前他家IPLC被下架挺伤的
https://urls.vpscang.com/ggy-lax-cn2
推荐 Na师傅 的频道;nexttrace的作者;对国外到国内的线路极端了解且极度能折腾。
适合想要详细了线路信息,想要精细化折腾线路,尤其适合北京地区的朋友们。
https://t.iss.one/nanaselog
适合想要详细了线路信息,想要精细化折腾线路,尤其适合北京地区的朋友们。
https://t.iss.one/nanaselog
❤8
$29.00 USD/Annually(折扣前)
1 vCPU, 512 MB, 10 GB RAID-10, 1 IPv4, 500 GB/mo@1 Gigab, Los Angeles, DC99
购买链接:
刚才补货那个瓦工minibox是要邀请码的
没有邀请码购买不了
👍8❤1
We are writing to inform you of a critical security vulnerability, CVE-2026-41940, affecting cPanel & WHM — the web hosting control panel software used to manage websites and servers. This vulnerability has a CVSS score of 9.8 (Critical) and is being actively exploited in the wild. We strongly urge you to take action immediately.
━━ WHAT IS THE VULNERABILITY? ━━
CVE-2026-41940 is an authentication bypass vulnerability caused by a CRLF (Carriage Return Line Feed) injection flaw in the cPanel login and session-handling process. It allows unauthenticated remote attackers to bypass the login process entirely and gain full administrative access to the cPanel or WHM control panel — without any username or password.
Successful exploitation could give an attacker complete control over:
• Your cPanel host system and its configuration
• All databases hosted on the server
• All websites and accounts managed under the panel
The vulnerability affects all cPanel & WHM versions after v11.40, as well as v136.1.7 of WP Squared (a managed WordPress hosting platform built on cPanel).
━━ IS THIS BEING ACTIVELY EXPLOITED? ━━
Yes. Active exploitation has been observed in the wild since at least 23 February 2026 — several weeks before the public disclosure. A proof-of-concept exploit was published by security firm watchTowr on 29 April 2026, which means exploitation attempts are now expected to increase significantly. Security researchers have observed nearly 4,000 attack attempts targeting exposed cPanel instances, spanning multiple industries and countries.
━━ WHAT SHOULD YOU DO? ━━
1. Update immediately
Apply the security patch released by cPanel/WebPros on 28 April 2026. Verify your cPanel build version after updating and restart the cPanel service (cpsrvd).
2. Block access at the firewall (if you cannot patch immediately)
Block inbound traffic on the following ports:
*2083 (cPanel HTTPS)
*2087 (WHM HTTPS)
*2095 (Webmail HTTP)
*2096 (Webmail HTTPS)
3. Check for signs of compromise
cPanel has released a detection script to help identify known indicators of compromise. We recommend running this against any affected systems. Additionally:
* Review WHM access logs for any unauthorised activity
*Inspect session files for anomalies
*Purge existing sessions and force password resets for root and WHM users
*Check for any persistence mechanisms (new admin accounts, changed configurations, etc.)
4. Contact your hosting provider
If your cPanel environment is managed by a hosting provider, contact them to confirm that the patch has been applied to your server.
━━ FURTHER RESOURCES ━━
• cPanel Security Advisory: https://support.cpanel.net
• Rapid7 Technical Analysis: https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
• NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2026-41940
If you have any questions or need assistance applying this patch, please do not hesitate to contact our support team.
We take the security of your infrastructure seriously and will continue to monitor this situation and provide updates as new information becomes available.
https://t.iss.one/zaihuapd/41138
这个和上次的 CVE-2026-31431 名为"Copy Fail" 的还不同,这次是CVE-2026-41940,主要是cpanel和whm,很多商家都用这两个
BuyVM涨价
影响所有客户;包括现有合同未到期的客户(下一个续费周期会涨价),六月一号之前不执行
We've never raised prices in all the years we've operated, and have eaten every data-center & bandwidth provider increase. Most of these have been fairly small, usually pinned to inflation, but over the past 6 months we've been hit with >15% hikes from most of our facilities. With that, we'll be adjusting your plans during the next renewal (though, no earlier than July 1st)
影响所有客户;包括现有合同未到期的客户(下一个续费周期会涨价),六月一号之前不执行
We've never raised prices in all the years we've operated, and have eaten every data-center & bandwidth provider increase. Most of these have been fairly small, usually pinned to inflation, but over the past 6 months we've been hit with >15% hikes from most of our facilities. With that, we'll be adjusting your plans during the next renewal (though, no earlier than July 1st)
👍2
【WHMCS 高危漏洞通告|CVE-2026-29204】
WHMCS 近日发布安全公告,确认存在高危漏洞 CVE-2026-29204。
受影响版本:
官方修复版本:
建议所有自托管 WHMCS 用户立即升级。升级前请备份数据库和完整 WHMCS 目录,升级后检查 Activity Log,重点关注异常 SSO、服务访问、账号与服务归属不匹配等记录。
官方公告:
https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204
社区讨论:
https://lowendtalk.com/discussion/217201/whmcs-cve-patch-cve-2026-29204
消息来源:https://t.iss.one/nanaselog/1943
WHMCS 近日发布安全公告,确认存在高危漏洞 CVE-2026-29204。
漏洞核心为 Client Area 授权校验不足。攻击者在已登录 WHMCS 账号的前提下,可能在特定条件下越权访问或操作不属于自己的服务资源。社区讨论中将其描述为通过修改 addonid 等参数触发的越权问题,但官方公告未披露具体参数级利用细节。
受影响版本:
WHMCS 9.x < 9.0.4
WHMCS 8.x < 8.13.3
WHMCS 7.4 及之后的 7.x 版本
官方修复版本:
WHMCS 9.0.4
WHMCS 8.13.3
建议所有自托管 WHMCS 用户立即升级。升级前请备份数据库和完整 WHMCS 目录,升级后检查 Activity Log,重点关注异常 SSO、服务访问、账号与服务归属不匹配等记录。
官方公告:
https://help.whmcs.com/m/125386/l/2073908-cve-2026-29204
社区讨论:
https://lowendtalk.com/discussion/217201/whmcs-cve-patch-cve-2026-29204
消息来源:https://t.iss.one/nanaselog/1943
❤1
Nginx 被发现一个存在18年的内存损坏漏洞,可导致远程代码执行,利用门槛低
漏洞存在于每个通用发行版都会包含的rewrite模块
建议用户尽快更新至 1.30.1 / 1.31.0 版本
Ref: https://depthfirst.com/nginx-rift
消息来源 https://t.iss.one/c/2491097767/1486
不想升级的解决办法: https://t.iss.one/nanaselog/1945
漏洞存在于每个通用发行版都会包含的rewrite模块
ngx_http_rewrite_module ,影响开原版本Nginx 0.6.27至最近的1.30.0版本,在计算目标缓冲区大小时,使用的是原始字节长度,但在实际写入时,却进行了 URL 转义( + , % , & 等字符会扩展为 3 倍长度),溢出长度可控导致堆喷射建议用户尽快更新至 1.30.1 / 1.31.0 版本
Ref: https://depthfirst.com/nginx-rift
消息来源 https://t.iss.one/c/2491097767/1486
不想升级的解决办法: https://t.iss.one/nanaselog/1945
👍9❤3