We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 60 matches
- Fri Oct 19, 2018 11:30 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 798529
Re: All VestaCP installations being attacked
Falzo , stop the insults. We have all said in this thread. More information you can find here https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/ In the next time I'll give you a warning. how did I insult anyone? you can warn me all over the...
- Fri Oct 19, 2018 9:33 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 798529
Re: All VestaCP installations being attacked
Please check if your server IP here >>>>> http://vestacp.com/test/?ip=127.0.0.1 <<<<< sorry to be the bummer here again, but this shows 'not infected' for a server IP of mine where the malicious installer (debian) has been used on 13th august. the server was not hacked at all, because I change the ...
- Wed Oct 17, 2018 8:39 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 798529
Re: All VestaCP installations being attacked
sorry for the delay, I have been quite busy but finally found the time again to check on it more. I have been looking for a pattern and to see why only a few installations were affected. obviously there were some with vesta service running, some not and as written above it might even be dependant on...
- Thu Oct 11, 2018 5:57 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 798529
Re: All VestaCP installations being attacked
The Vesta service was running and I had SSH access enabled just for the admin user. I set the password with the installation command. thanks for the info, that's interesting... I tried to investigate some more and checked some servers I installed in august and came across this entries in auth.log a...
- Thu Oct 11, 2018 10:36 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 798529
Re: All VestaCP installations being attacked
so anything new on that? from what we can read so far here, is that only a few servers have been hit and the attacker somehow gained ssh access? some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password? to thos...
- Fri May 18, 2018 9:00 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 754597
Re: Got 10 VestaCP servers exploited
It worries me that no one knows for sure how the panel became exploited in the first place. this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement. sad...
- Fri May 18, 2018 6:50 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 754597
Re: Got 10 VestaCP servers exploited
It worries me that no one knows for sure how the panel became exploited in the first place. this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement. sad...
- Sat Apr 21, 2018 11:18 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 754597
Re: Got 10 VestaCP servers exploited
The pity things are: 1) I have not records in apache logs of it. They are missing or deleted or never created. I see only a /webmail/ HEAD access (from a japanese IP) 3 seconds before that "update" file was created in that "tmp" folder: ======== 119.82.29.17 - - [04/Apr/2018:06:25:38 -0400] "HEAD /...
- Thu Apr 12, 2018 11:36 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 754597
Re: Got 10 VestaCP servers exploited
I think that we can throw away theory that Vesta repo is compromised. This is why: I know MANY datacenters (one of them hosts 30% of all dedicated servers in a world) where NONE of Vesta servers got hacked. Also, ZERO servers that are physically located in my country got hacked. Bad guy simply scan...
- Tue Apr 10, 2018 12:01 pm
- Forum: General Discussion
- Topic: Tut: Change VestaCP port through SSH Command line
- Replies: 14
- Views: 19293
Re: Tut: Change VestaCP port through SSH Command line
I might be wrong but I just wanted to point out that I believe fail2ban might not work correctly for the panel after changing from the default port. Looks like the port used for setting up the vesta fail2ban chain is set in v-add-firewall-chain. # Action # #-----------------------------------------...