Vesta Control Panel - Forum

trom wrote: ↑

Tue Sep 25, 2018 1:45 pm

I need work servers
How change vesta port?

dpeca wrote: ↑

Tue Sep 25, 2018 2:15 pm

In what datacenter are those servers?

lukapaunovic wrote: ↑

Tue Sep 25, 2018 2:30 pm

I just want to report I have two customers whose servers were recently reinstalled and everything was clean. They got hacked and their server suspended for outbound DoS
They had mod_security with Comodo WAF rules implemented on apache.... also maldetect... chkrootkit...
And also had these functions disabled. The sites weren't under admin account. Passwords were strong, clients weren't using nulled.

Code: Select all

disable_functions = "pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,show_source,system,passthru,shell_exec,proc_open,popen,phpinfo"

There seems to be a major security breach in VESTA. This cannot be coincidental. Two servers, same time. it means it was the same entry-point (similar like the one before in Roundcube). This needs to be investigated ASPAP.

trom wrote: ↑

Tue Sep 25, 2018 3:23 pm

I use servers on different hosters problem at all

If port change dont help i think we need hide or block login on vesta panel from web
but HOW ?

I noticed that on one server when i try to open :8083/login/
i see 502 erorr
this erorr was only in one hoster and appeared today