Got 10 VestaCP servers exploited
Re: Got 10 VestaCP servers exploited
I'd like to thank the Admin for their hard work. Couldn't have been easy the last three days. I've every confidence they'll sort this out as most of the Admin have been around for many years and care about their script.
I've seen lots of discussion about the possibility of the script having been infected - is there proof that it has been infected and has this now been sorted out? Also are the Admin completely confident that the updated installation script is clean and we can use it for new servers? In your opinion what part of the installation script would be the focus of hackers? For example, I don't use the e-mail and FTP systems of VestaCP as I find that e-mails in particular are targeted by hackers. I wonder whether that could be the reason my VPSs have not been hacked?
Secondly, someone suggested that the hackers targeted IP ranges. Were those specific location ranges and what were those locations?
Finally I'm a bit puzzled about the updates. I thought that we're all on automatic updates by default? All of my VestaCP Panels have always been on automatic updates. I'm just asking as I see plenty of posts about getting patches and updates, and as far as I could see from my VestaCP Panels they were all automatically updated on 8th of April. If they have been automatically updated is there still a need for a patch?
I've seen lots of discussion about the possibility of the script having been infected - is there proof that it has been infected and has this now been sorted out? Also are the Admin completely confident that the updated installation script is clean and we can use it for new servers? In your opinion what part of the installation script would be the focus of hackers? For example, I don't use the e-mail and FTP systems of VestaCP as I find that e-mails in particular are targeted by hackers. I wonder whether that could be the reason my VPSs have not been hacked?
Secondly, someone suggested that the hackers targeted IP ranges. Were those specific location ranges and what were those locations?
Finally I'm a bit puzzled about the updates. I thought that we're all on automatic updates by default? All of my VestaCP Panels have always been on automatic updates. I'm just asking as I see plenty of posts about getting patches and updates, and as far as I could see from my VestaCP Panels they were all automatically updated on 8th of April. If they have been automatically updated is there still a need for a patch?
Re: Got 10 VestaCP servers exploited
After update to 0.9.8-20 now I am not able to login to my vestacp admin page. My websites seem to be still online. Did the update change the management port or something? not sure why I cannot login now. Any help ?
Re: Got 10 VestaCP servers exploited
Restart vesta from cli
service vesta restart
Re: Got 10 VestaCP servers exploited
[/quote]
Restart vesta from cli
service vesta restart
[/quote]
that worked, thank you.
Restart vesta from cli
service vesta restart
[/quote]
that worked, thank you.
Re: Got 10 VestaCP servers exploited
Hi Everyone,
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
Re: Got 10 VestaCP servers exploited
It's privatenextgi wrote: ↑Tue Apr 10, 2018 5:11 amHi Everyone,
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
Re: Got 10 VestaCP servers exploited
Haha, thanks. It should be open now.pipoy wrote: ↑Tue Apr 10, 2018 5:19 amIt's privatenextgi wrote: ↑Tue Apr 10, 2018 5:11 amHi Everyone,
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Got 10 VestaCP servers exploited
Can you name the files/dir that you see as suspicious in your /tmp ?
-
- Posts: 21
- Joined: Tue Sep 05, 2017 12:39 pm
Re: Got 10 VestaCP servers exploited
I dont know if my server is hacked but now i have this problem at least 3 days
Failed to create subdirectories: /var/log/httpd/20180410/20180410-0243
Can someone tell me what is attributes for the folders in centos ?
"var/log/httpd"
"var/log"
Failed to create subdirectories: /var/log/httpd/20180410/20180410-0243
Can someone tell me what is attributes for the folders in centos ?
"var/log/httpd"
"var/log"
Re: Got 10 VestaCP servers exploited
MiguelVESTACP wrote: ↑Tue Apr 10, 2018 7:20 amI dont know if my server is hacked but now i have this problem at least 3 days
Failed to create subdirectories: /var/log/httpd/20180410/20180410-0243
Can someone tell me what is attributes for the folders in centos ?
"var/log/httpd"
"var/log"
Code: Select all
# ls -lhad /var/log
drwxr-xr-x. 18 root root 4.0K кві 9 03:20 /var/log
# ls -lhad /var/log/httpd
drwx------ 2 root root 4.0K гру 15 2014 /var/log/httpd