All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
There is nothing wrong with that code, just a secured way to check entered password.
But anyway, if I must assume where is a hole, login code, reset password and api.php are most suspicious places to me...
But anyway, if I must assume where is a hole, login code, reset password and api.php are most suspicious places to me...
Re: All VestaCP installations being attacked
$ v_password value is
'; v-add-fs-file ********;
exec(VESTA_CMD。“v-check-user-password”。$ v_user。“”。$ v_password。“'”。$ v_ip_addr。“'”,$ output,$ auth_code);
It seems that you can join shell.
Re: All VestaCP installations being attacked
I will check now...
Re: All VestaCP installations being attacked
I can not find a code that you quoted in current version of that file - https://github.com/serghey-rodin/vesta/ ... /index.phppqpk2009 wrote: ↑Sun Sep 30, 2018 4:29 pmIs this a loophole? Why not fix it? This is the latest installation package code.
------------------------- 8083/api/index.php
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
unlink($v_password)
Actually, I can not find it even in other files.
From where you take it?
That could be a code from old versions of Vesta.
Re: All VestaCP installations being attacked
dpeca wrote: ↑Sun Sep 30, 2018 6:22 pmI can not find a code that you quoted in current version of that file - https://github.com/serghey-rodin/vesta/ ... /index.phppqpk2009 wrote: ↑Sun Sep 30, 2018 4:29 pmIs this a loophole? Why not fix it? This is the latest installation package code.
------------------------- 8083/api/index.php
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
unlink($v_password)
Actually, I can not find it even in other files.
From where you take it?
That could be a code from old versions of Vesta.
The latest installation package installed on my server, installed in September the 20th.
Re: All VestaCP installations being attacked
Installation is based on official website steps.
Re: All VestaCP installations being attacked
I installed Vesta before one hour, I can not find that code at all.
How it's possible that you get code that is fixed before 6 months?
How it's possible that you get code that is fixed before 6 months?
Re: All VestaCP installations being attacked
Can you install new server instance and check if you get that code in api.php ?
Re: All VestaCP installations being attacked
I can confirm that the server was installed in September.
I am in China, it is 2 in the morning, I need to go to the office about 8 hours later to confirm again.
I am in China, it is 2 in the morning, I need to go to the office about 8 hours later to confirm again.