We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Can not Connect to Vesta - LOGIN anymore
Can not Connect to Vesta - LOGIN anymore
Can not Connect to Vesta - LOGIN anymore
https://78.47.157.226:8083/login/
it worked 2 days ago.
is me 94.176.251.185
is server 78.47.157.226
am i hacked?
it has nothing to do with fail2ban! i checked that. service fail2ban stop -> does not work either.
... keeps repeating.
the debian system:
is up to date:
i did a
2016-10-03 12:29:07 v-change-user-password 'MYPASSWORDINCLEARTEXT' [Error 1]
and it shows my password in cleartext in: /var/log/vesta/error.log
is that supposed to be? :-D (a bug or a feature?)
====================== cannot connect to login site anymore
the harddisk is NOT full.
====================== searching for the problem
====================== more details:
====================== it is funny and interesting to watch realtime what your webserver is doing
but it does not help this problem :-D
how can i debug the problem?
plz help, thanks.
https://78.47.157.226:8083/login/
it worked 2 days ago.
is me 94.176.251.185
is server 78.47.157.226
am i hacked?
it has nothing to do with fail2ban! i checked that. service fail2ban stop -> does not work either.
Code: Select all
wget https://78.47.157.226:8083/login/
--2016-10-03 13:00:30-- (try:14) https://78.47.157.226:8083/login/
Connecting to 78.47.157.226:8083... failed: Connection timed out.
Retrying.
the debian system:
Code: Select all
uname -a
Linux DOMAIN.COM 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux
Code: Select all
apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2016-10-03 12:29:07 v-change-user-password 'MYPASSWORDINCLEARTEXT' [Error 1]
and it shows my password in cleartext in: /var/log/vesta/error.log
is that supposed to be? :-D (a bug or a feature?)
====================== cannot connect to login site anymore
Code: Select all
cat /var/log/vesta/nginx-error.log; # is empty
cat /var/log/vesta/error.log; # shows
2016-09-23 05:10:02 v-backup-user 'admin' [Error 11]
2016-09-24 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-25 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-26 05:10:02 v-backup-user 'admin' [Error 11]
2016-09-27 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-28 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-29 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-30 05:10:01 v-backup-user 'admin' [Error 11]
2016-10-01 05:10:02 v-backup-user 'admin' [Error 11]
2016-10-02 05:10:01 v-backup-user 'admin' [Error 11]
2016-10-03 05:10:02 v-backup-user 'admin' [Error 11]
cat /var/log/vesta/system.log; # shows
2016-10-02 03:28:33 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-02 04:14:40 v-add-firewall-chain 'SSH'
2016-10-02 04:14:40 v-add-firewall-ban '54.70.180.66' 'SSH'
2016-10-02 14:03:16 v-delete-firewall-chain 'MAIL'
2016-10-02 14:03:17 v-delete-firewall-ban '54.70.180.66' 'SSH'
2016-10-02 14:03:17 v-delete-firewall-chain 'SSH'
2016-10-02 14:03:19 v-delete-firewall-chain 'MAIL'
2016-10-02 14:03:22 v-delete-firewall-chain 'VESTA'
2016-10-02 14:03:25 v-add-firewall-chain 'MAIL'
2016-10-02 14:03:25 v-add-firewall-chain 'MAIL'
2016-10-02 14:03:25 v-add-firewall-chain 'VESTA'
2016-10-02 14:03:26 v-add-firewall-chain 'SSH'
2016-10-02 15:38:41 v-add-firewall-chain 'MAIL'
2016-10-02 15:38:41 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-03 00:20:04 v-update-user-stats
2016-10-03 01:40:30 v-delete-firewall-chain 'MAIL'
2016-10-03 01:40:32 v-delete-firewall-chain 'SSH'
2016-10-03 01:40:35 v-delete-firewall-chain 'MAIL'
2016-10-03 01:40:39 v-delete-firewall-chain 'VESTA'
2016-10-03 01:41:32 v-add-firewall-chain 'SSH'
2016-10-03 01:41:32 v-add-firewall-chain 'MAIL'
2016-10-03 01:41:32 v-add-firewall-chain 'MAIL'
2016-10-03 01:41:32 v-add-firewall-chain 'VESTA'
2016-10-03 02:20:51 v-update-user-disk 'admin'
2016-10-03 02:21:16 v-update-web-domains-disk 'admin'
2016-10-03 02:21:34 v-update-mail-domains-disk 'admin'
2016-10-03 03:32:40 v-add-firewall-chain 'SSH'
2016-10-03 03:32:40 v-add-firewall-ban '91.224.161.103' 'SSH'
2016-10-03 04:46:10 v-add-firewall-chain 'MAIL'
2016-10-03 04:46:10 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-03 08:11:18 v-add-firewall-chain 'SSH'
2016-10-03 08:11:18 v-add-firewall-ban '185.110.132.92' 'SSH'
2016-10-03 08:21:15 v-add-firewall-chain 'SSH'
2016-10-03 08:21:15 v-add-firewall-ban '91.224.160.184' 'SSH'
2016-10-03 12:29:13 v-change-user-password 'admin' '******'
2016-10-03 12:30:16 v-delete-firewall-chain 'MAIL'
2016-10-03 12:30:17 v-delete-firewall-ban '91.224.161.103' 'SSH'
2016-10-03 12:30:17 v-delete-firewall-ban '185.110.132.92' 'SSH'
2016-10-03 12:30:17 v-delete-firewall-ban '91.224.160.184' 'SSH'
2016-10-03 12:30:18 v-delete-firewall-chain 'SSH'
2016-10-03 12:30:20 v-delete-firewall-chain 'MAIL'
2016-10-03 12:30:22 v-delete-firewall-chain 'VESTA'
2016-10-03 12:31:41 v-add-firewall-chain 'SSH'
2016-10-03 12:31:41 v-add-firewall-chain 'MAIL'
2016-10-03 12:31:41 v-add-firewall-chain 'MAIL'
2016-10-03 12:31:41 v-add-firewall-chain 'VESTA'
2016-10-03 12:35:01 v-update-user-quota 'admin'
2016-10-03 12:36:05 v-delete-firewall-chain 'MAIL'
2016-10-03 12:36:06 v-delete-firewall-chain 'SSH'
2016-10-03 12:36:08 v-delete-firewall-chain 'MAIL'
2016-10-03 12:36:10 v-delete-firewall-chain 'VESTA'
2016-10-03 12:37:25 v-add-firewall-chain 'SSH'
2016-10-03 12:37:25 v-add-firewall-chain 'MAIL'
2016-10-03 12:37:25 v-add-firewall-chain 'MAIL'
2016-10-03 12:37:26 v-add-firewall-chain 'VESTA'
2016-10-03 12:44:36 v-delete-firewall-chain 'MAIL'
2016-10-03 12:44:37 v-delete-firewall-chain 'SSH'
2016-10-03 12:44:39 v-delete-firewall-chain 'MAIL'
2016-10-03 12:44:41 v-delete-firewall-chain 'VESTA'
2016-10-03 12:45:34 v-add-firewall-chain 'SSH'
2016-10-03 12:45:35 v-add-firewall-chain 'MAIL'
2016-10-03 12:45:35 v-add-firewall-chain 'MAIL'
2016-10-03 12:45:35 v-add-firewall-chain 'VESTA'
2016-10-03 13:35:16 v-add-firewall-chain 'MAIL'
2016-10-03 13:35:16 v-add-firewall-ban '80.87.205.6' 'MAIL'
tail -n10 /var/log/vesta/auth.log
-rw-rw---- 1 root root 3.3K Sep 30 10:49 auth.log <- has not been modified since 30.09.2016 so nobody else logged in since then.
admin 178.217.187.39 failed to login
admin 178.217.187.39 failed to login
admin 178.217.187.39 successfully logged in
admin 85.248.227.163 successfully logged in
admin 178.217.187.39 failed to login
admin 178.217.187.39 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.1.138 successfully logged in
Code: Select all
df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 24G 17G 6.1G 73% /
udev 10M 0 10M 0% /dev
tmpfs 201M 4.7M 196M 3% /run
tmpfs 501M 0 501M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 501M 0 501M 0% /sys/fs/cgroup
tmpfs 101M 0 101M 0% /run/user/0
Code: Select all
cat /var/log/vesta/*.log|grep "94.176.251.185"; -> no result
cat /var/log/nginx/*.log|grep "94.176.251.185"; -> no result
Code: Select all
iptables -L -n|grep 8083
fail2ban-VESTA tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
/usr/local/vesta/bin/v-list-sys-config json
{
"config": {
"WEB_SYSTEM": "apache2",
"WEB_RGROUPS": "www-data",
"WEB_PORT": "8080",
"WEB_SSL": "mod_ssl",
"WEB_SSL_PORT": "8443",
"WEB_BACKEND": "",
"PROXY_SYSTEM": "nginx",
"PROXY_PORT": "80",
"PROXY_SSL_PORT": "443",
"FTP_SYSTEM": "vsftpd",
"MAIL_SYSTEM": "exim4",
"IMAP_SYSTEM": "dovecot",
"ANTIVIRUS_SYSTEM": "",
"ANTISPAM_SYSTEM": "",
"DB_SYSTEM": "mysql",
"DNS_SYSTEM": "bind9",
"DNS_CLUSTER": "",
"STATS_SYSTEM": "webalizer,awstats",
"BACKUP_SYSTEM": "local",
"CRON_SYSTEM": "cron",
"DISK_QUOTA": "",
"FIREWALL_SYSTEM": "iptables",
"FIREWALL_EXTENSION": "fail2ban",
"FILEMANAGER_KEY": "",
"SFTPJAIL_KEY": "",
"REPOSITORY": "",
"VERSION": "0.9.8",
"LANGUAGE": "en",
"BACKUP_GZIP": "",
"BACKUP": "",
"MAIL_URL": "",
"DB_PMA_URL": "",
"DB_PGA_URL": ""
}
}
but it does not help this problem :-D
Code: Select all
tail -f /var/log/vesta/*.log &
tail -f /var/log/nginx/*.log &
plz help, thanks.
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: Can not Connect to Vesta - LOGIN anymore
Can you restart the vesta service?
You used a wrong command:
Try this:
Code: Select all
v-restart-service vesta
Code: Select all
v-change-user-password 'MYPASSWORDINCLEARTEXT'
Code: Select all
v-change-user-password admin 'MYPASSWORDINCLEARTEXT'
Re: Can not Connect to Vesta - LOGIN anymore
i did...
but still no connection to https://78.47.157.226:8083/login/ is possible.
Code: Select all
/usr/local/vesta/bin/v-restart-service vesta
Re: Can not Connect to Vesta - LOGIN anymore
the same thing goes on my server. i lost connectivity (credentials just wipe from login input forms after pressing login) and can`t even reinstall now -- multiple errors on install (clean system required i think)...
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Can not Connect to Vesta - LOGIN anymore
That's quite strange...
Are you sure there is no external firewall or security groups active outside of your hosting blocking port 8083 ? Like AWS and other cloud providers with openstack have ?
or
Seems you may have a port conflict with something else running on 8083:
and look for 8083 listeners
Are you sure there is no external firewall or security groups active outside of your hosting blocking port 8083 ? Like AWS and other cloud providers with openstack have ?
or
Seems you may have a port conflict with something else running on 8083:
Code: Select all
netstat -atun | grep ':8083'
Re: Can not Connect to Vesta - LOGIN anymore
Code: Select all
netstat -atun | grep ':8083'
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
Re: Can not Connect to Vesta - LOGIN anymore
Code: Select all
lsof -i -P|grep nginx
nginx 897 root 84u IPv4 13613 0t0 TCP Debian-85-jessie-64-minimal:80 (LISTEN)
nginx 897 root 85u IPv4 13614 0t0 TCP localhost.localdomain:8084 (LISTEN)
nginx 897 root 86u IPv4 13615 0t0 TCP Debian-85-jessie-64-minimal:443 (LISTEN)
nginx 899 www-data 84u IPv4 13613 0t0 TCP Debian-85-jessie-64-minimal:80 (LISTEN)
nginx 899 www-data 85u IPv4 13614 0t0 TCP localhost.localdomain:8084 (LISTEN)
nginx 899 www-data 86u IPv4 13615 0t0 TCP Debian-85-jessie-64-minimal:443 (LISTEN)
nginx 900 www-data 84u IPv4 13613 0t0 TCP Debian-85-jessie-64-minimal:80 (LISTEN)
nginx 900 www-data 85u IPv4 13614 0t0 TCP localhost.localdomain:8084 (LISTEN)
nginx 900 www-data 86u IPv4 13615 0t0 TCP Debian-85-jessie-64-minimal:443 (LISTEN)
was investigating..
Code: Select all
could it be fail2ban?
vim /etc/fail2ban/jail.conf
# has
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /usr/local/vesta/log/nginx-error.log
# the log file does exists
cat /usr/local/vesta/log/nginx-error.log
# it's content is like this... this shurely shows some kind of automatic search for exploitable web based software
2016/10/15 19:28:11 [error] 808#0: *7 open() "/usr/local/vesta/web/script" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /script HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:28:46 [error] 808#0: *9 open() "/usr/local/vesta/web/jenkins/script" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /jenkins/script HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:30:11 [error] 808#0: *15 open() "/usr/local/vesta/web/jmx-console" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /jmx-console HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:30:46 [error] 808#0: *17 open() "/usr/local/vesta/web/manager/html" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /manager/html HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:31:19 [error] 808#0: *19 open() "/usr/local/vesta/web/msd" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /msd HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:31:49 [error] 808#0: *21 open() "/usr/local/vesta/web/mySqlDumper" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /mySqlDumper HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:32:20 [error] 808#0: *23 open() "/usr/local/vesta/web/msd1.24stable" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /msd1.24stable HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:32:50 [error] 808#0: *25 open() "/usr/local/vesta/web/msd1.24.4" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /msd1.24.4 HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:33:20 [error] 808#0: *27 open() "/usr/local/vesta/web/mysqldumper" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /mysqldumper HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:33:50 [error] 808#0: *29 open() "/usr/local/vesta/web/MySQLDumper" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /MySQLDumper HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:34:20 [error] 808#0: *31 open() "/usr/local/vesta/web/mysql" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /mysql HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:34:52 [error] 808#0: *33 open() "/usr/local/vesta/web/sql" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /sql HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:35:25 [error] 808#0: *35 open() "/usr/local/vesta/web/phpmyadmin" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /phpmyadmin HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:35:57 [error] 808#0: *37 open() "/usr/local/vesta/web/phpMyAdmin" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /phpMyAdmin HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:36:33 [error] 808#0: *39 open() "/usr/local/vesta/web/mysql" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /mysql HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:37:07 [error] 808#0: *41 open() "/usr/local/vesta/web/sql" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /sql HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:37:40 [error] 808#0: *43 open() "/usr/local/vesta/web/myadmin" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /myadmin HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:38:13 [error] 808#0: *45 open() "/usr/local/vesta/web/phpMyAdmin-4.2.1-all-languages" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /phpMyAdmin-4.2.1-all-languages HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:38:48 [error] 808#0: *47 open() "/usr/local/vesta/web/phpMyAdmin-4.2.1-english" failed (2: No such file or directory), client: 46.105.35.55, server: _, request: "GET /phpMyAdmin-4.2.1-english HTTP/1.1", host: "78.46.249.71:8083"
2016/10/15 19:40:15 [error] 808#0: *54 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /sqlite/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
# does this have to do with nginx and vestacp?
2016/10/15 19:40:49 [error] 808#0: *57 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /SQLite/SQLiteManager-1.2.4/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
2016/10/15 19:41:22 [error] 808#0: *60 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /SQLiteManager-1.2.4/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
2016/10/15 19:41:57 [error] 808#0: *63 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /sqlitemanager/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
2016/10/15 19:42:31 [error] 808#0: *66 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /SQlite/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
2016/10/15 19:43:06 [error] 808#0: *69 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /SQLiteManager/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
# while
vim /etc/fail2ban/jail.local
# has nothing nginx related
[vsftpd-iptables]
enabled = false
filter = vsftpd
action = vesta[name=FTP]
logpath = /var/log/vsftpd.log
maxretry = 5
[exim-iptables]
enabled = true
filter = exim
action = vesta[name=MAIL]
logpath = /var/log/exim4/mainlog
[dovecot-iptables]
enabled = true
filter = dovecot
action = vesta[name=MAIL]
logpath = /var/log/dovecot.log
[mysqld-iptables]
enabled = false
filter = mysqld-auth
action = vesta[name=DB]
logpath = /var/log/mysql.log
maxretry = 5
[vesta-iptables]
enabled = true
filter = vesta
action = vesta[name=VESTA]
logpath = /var/log/vesta/auth.log
maxretry = 5
but what is that:
Code: Select all
2016/10/15 19:42:31 [error] 808#0: *66 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 46.105.35.55, server: _, request: "GET /SQlite/main.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/vesta-php.sock:", host: "78.46.249.71:8083"
just updated to latest stable
Code: Select all
cat /etc/debian_version
8.6
uname -a
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux
Code: Select all
/var/log/nginx/error.log
# says
2016/10/24 12:19:28 [notice] 12156#12156: using inherited sockets from "84;85;86;"
Code: Select all
ll /var/log/
total 23M
drwxr-xr-x 14 root root 4.0K Oct 24 06:25 .
drwxr-xr-x 12 root root 4.0K Oct 3 22:04 ..
-rw-r--r-- 1 root root 5.3M Oct 3 13:47 2016-10-03_nginx.tar.gz
-rw-r--r-- 1 root root 124 Oct 3 13:50 2016-10-03_vesta.tar.gz
-rw-r--r-- 1 root root 3.1K Oct 24 12:17 alternatives.log
-rw-r--r-- 1 root root 2.5K Sep 21 12:12 alternatives.log.1
-rw-r--r-- 1 root root 299 Aug 22 12:18 alternatives.log.2.gz
-rw-r--r-- 1 root root 164 Aug 20 20:49 alternatives.log.3.gz
-rw-r--r-- 1 root root 886 Jul 1 14:41 alternatives.log.4.gz
drwxr-x--x 3 root adm 4.0K Oct 23 06:25 apache2
drwxr-xr-x 2 root root 4.0K Oct 1 06:25 apt
-rw-r--r-- 1 root root 0 Jul 1 13:58 aptitude
drwxr-xr-x 2 root root 4.0K Oct 24 00:00 atop
-rw-r----- 1 root adm 723K Oct 24 13:46 auth.log
-rw-r----- 1 root adm 3.8M Oct 23 06:25 auth.log.1
-rw-r----- 1 root adm 196K Oct 16 06:25 auth.log.2.gz
-rw-r----- 1 root adm 273K Oct 10 06:25 auth.log.3.gz
-rw-r----- 1 root adm 179K Oct 2 06:25 auth.log.4.gz
-rw------- 1 root utmp 763K Oct 24 13:28 btmp
-rw------- 1 root utmp 553K Oct 1 06:18 btmp.1
-rw-r----- 1 root adm 139K Oct 24 12:38 daemon.log
-rw-r----- 1 root adm 302K Oct 23 06:25 daemon.log.1
-rw-r----- 1 root adm 51K Oct 16 06:25 daemon.log.2.gz
-rw-r----- 1 root adm 66K Oct 10 06:25 daemon.log.3.gz
-rw-r----- 1 root adm 48K Oct 2 06:25 daemon.log.4.gz
drwxr-xr-x 2 root root 4.0K Jul 1 14:38 dbconfig-common
-rw-r----- 1 root adm 33K Oct 24 12:23 debug
-rw-r----- 1 root adm 60K Oct 23 01:30 debug.1
-rw-r----- 1 root adm 6.2K Oct 16 02:16 debug.2.gz
-rw-r----- 1 root adm 7.5K Oct 10 01:26 debug.3.gz
-rw-r----- 1 root adm 6.2K Oct 2 02:44 debug.4.gz
-rw-r----- 1 root adm 0 Jul 1 13:58 dmesg
-rw------- 1 root root 6.8M Oct 24 13:10 dovecot.log
-rw-r--r-- 1 root root 101K Oct 24 12:19 dpkg.log
-rw-r--r-- 1 root root 34K Sep 21 21:26 dpkg.log.1
-rw-r--r-- 1 root root 4.5K Aug 22 12:19 dpkg.log.2.gz
-rw-r--r-- 1 root root 1.7K Jul 3 04:12 dpkg.log.3.gz
-rw-r--r-- 1 root root 13K Jul 2 02:27 dpkg.log.4.gz
drwxr-s--- 2 Debian-exim adm 4.0K Oct 24 06:25 exim4
-rw-r----- 1 root adm 51K Oct 24 13:45 fail2ban.log
-rw-r----- 1 root adm 122K Oct 23 05:12 fail2ban.log.1
-rw-r----- 1 root adm 12K Oct 16 04:49 fail2ban.log.2.gz
-rw-r----- 1 root adm 18K Oct 10 04:57 fail2ban.log.3.gz
-rw-r----- 1 root adm 17K Oct 2 04:14 fail2ban.log.4.gz
-rw-r--r-- 1 root root 32K Jul 3 04:12 faillog
-rw-r--r-- 1 root root 1.5K Aug 22 12:17 fontconfig.log
drwxr-xr-x 2 root root 4.0K Oct 10 2014 fsck
-rw-r----- 1 root adm 126K Oct 24 12:23 kern.log
-rw-r----- 1 root adm 283K Oct 23 01:30 kern.log.1
-rw-r----- 1 root adm 82K Oct 16 02:16 kern.log.2.gz
-rw-r----- 1 root adm 90K Oct 10 01:26 kern.log.3.gz
-rw-r----- 1 root adm 72K Oct 2 02:44 kern.log.4.gz
-rw-rw-r-- 1 root utmp 287K Oct 24 12:23 lastlog
-rw-r----- 1 root adm 0 Aug 1 06:25 mail.err
-rw-r----- 1 root adm 1.6K Aug 1 05:12 mail.err.1
-rw-r----- 1 root adm 218 Jul 24 05:17 mail.err.2.gz
-rw-r----- 1 root adm 184 Jul 17 05:15 mail.err.3.gz
-rw-r----- 1 root adm 162 Jul 8 05:12 mail.err.4.gz
-rw-r----- 1 root adm 0 Aug 1 06:25 mail.info
-rw-r----- 1 root adm 1.6K Aug 1 05:12 mail.info.1
-rw-r----- 1 root adm 218 Jul 24 05:17 mail.info.2.gz
-rw-r----- 1 root adm 184 Jul 17 05:15 mail.info.3.gz
-rw-r----- 1 root adm 162 Jul 8 05:12 mail.info.4.gz
-rw-r----- 1 root adm 0 Aug 1 06:25 mail.log
-rw-r----- 1 root adm 1.6K Aug 1 05:12 mail.log.1
-rw-r----- 1 root adm 218 Jul 24 05:17 mail.log.2.gz
-rw-r----- 1 root adm 184 Jul 17 05:15 mail.log.3.gz
-rw-r----- 1 root adm 162 Jul 8 05:12 mail.log.4.gz
-rw-r----- 1 root adm 0 Aug 1 06:25 mail.warn
-rw-r----- 1 root adm 1.6K Aug 1 05:12 mail.warn.1
-rw-r----- 1 root adm 218 Jul 24 05:17 mail.warn.2.gz
-rw-r----- 1 root adm 184 Jul 17 05:15 mail.warn.3.gz
-rw-r----- 1 root adm 162 Jul 8 05:12 mail.warn.4.gz
-rw-r----- 1 root adm 103K Oct 24 12:23 messages
-rw-r----- 1 root adm 229K Oct 23 06:25 messages.1
-rw-r----- 1 root adm 70K Oct 16 06:25 messages.2.gz
-rw-r----- 1 root adm 75K Oct 10 06:25 messages.3.gz
-rw-r----- 1 root adm 60K Oct 2 06:25 messages.4.gz
drwxr-x--- 2 mumble-server adm 4.0K Oct 23 06:25 mumble-server
drwxr-s--- 2 mysql adm 4.0K Oct 24 06:25 mysql
-rw-r----- 1 mysql adm 0 Sep 16 17:55 mysql.err
-rw-r----- 1 mysql adm 0 Oct 24 06:25 mysql.log
-rw-r----- 1 mysql adm 20 Oct 23 06:25 mysql.log.1.gz
-rw-r----- 1 mysql adm 20 Oct 22 06:25 mysql.log.2.gz
-rw-r----- 1 mysql adm 20 Oct 21 06:25 mysql.log.3.gz
-rw-r----- 1 mysql adm 20 Oct 20 06:25 mysql.log.4.gz
-rw-r----- 1 mysql adm 20 Oct 19 06:25 mysql.log.5.gz
-rw-r----- 1 mysql adm 20 Oct 18 06:25 mysql.log.6.gz
-rw-r----- 1 mysql adm 20 Oct 17 06:25 mysql.log.7.gz
drwxr-xr-x 3 root root 4.0K Oct 24 06:25 nginx
-rw------- 1 root root 116K Aug 19 11:59 rkhunter.log
-rw------- 1 root root 3.8K Aug 19 11:49 rkhunter.log.old
drwxr-x--- 2 www-data adm 4.0K Sep 16 20:13 roundcube
-rw-r----- 1 root adm 241K Oct 24 13:46 syslog
-rw-r----- 1 root adm 302K Oct 24 06:25 syslog.1
-rw-r----- 1 root adm 34K Oct 23 06:25 syslog.2.gz
-rw-r----- 1 root adm 34K Oct 22 06:25 syslog.3.gz
-rw-r----- 1 root adm 35K Oct 21 06:25 syslog.4.gz
-rw-r----- 1 root adm 35K Oct 20 06:25 syslog.5.gz
-rw-r----- 1 root adm 35K Oct 19 06:25 syslog.6.gz
-rw-r----- 1 root adm 35K Oct 18 06:25 syslog.7.gz
drwxr-xr-x 2 root root 4.0K Sep 27 2014 sysstat
drwxr-s--- 2 debian-tor adm 4.0K Oct 24 06:25 tor
-rw-r----- 1 root adm 0 Jul 1 13:58 user.log
lrwxrwxrwx 1 root root 20 Jul 1 14:41 vesta -> /usr/local/vesta/log
-rw-r----- 1 root adm 0 Jul 11 06:25 vsftpd.log
-rw-r----- 1 root adm 36K Jul 4 08:21 vsftpd.log.1
-rw------- 1 root root 77K Jul 3 05:56 vsftpd.log.2
-rw-rw-r-- 1 root utmp 91K Oct 24 12:23 wtmp
-rw-rw-r-- 1 root utmp 93K Oct 1 01:42 wtmp.1
-rw------- 1 root root 0 Jul 1 17:03 xferlog
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Can not Connect to Vesta - LOGIN anymore
Your port 8083 is being listened (as per your nestat output) but your port 8083 is blocked and closed on your server.
http://ping.eu/port-chk/
http://canyouseeme.org/
http://www.yougetsignal.com/tools/open-ports/
On your IP a port scan shows all possible ports blocked:
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
78.47.157.226 is Hetzner.de IP and they do not block anything from their infrastructure side. I have 10 servers with them so I know it well.
From the amount of information you are posting, you seem to be smart enough to know Server Administration yourself. But when you post your server IP deliberately exposing your publicly reachable IP on this forum, it seems like you are more of "testing your skills" of port blocking rather than seeking help.
Something doesn't seem right... :(
http://ping.eu/port-chk/
http://canyouseeme.org/
http://www.yougetsignal.com/tools/open-ports/
On your IP a port scan shows all possible ports blocked:
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
78.47.157.226 is Hetzner.de IP and they do not block anything from their infrastructure side. I have 10 servers with them so I know it well.
From the amount of information you are posting, you seem to be smart enough to know Server Administration yourself. But when you post your server IP deliberately exposing your publicly reachable IP on this forum, it seems like you are more of "testing your skills" of port blocking rather than seeking help.
Something doesn't seem right... :(
Re: Can not Connect to Vesta - LOGIN anymore
ok guys forget about the whole threat... i think hetzner changed my ip address :-D
:-D
everything working fine! :-D
paranoia: OFF.
:-D
everything working fine! :-D
paranoia: OFF.
Re: Can not Connect to Vesta - LOGIN anymore
I can't login to VestaCP
viewtopic.php?f=10&t=14958&p=61578#p61578
viewtopic.php?f=10&t=14958&p=61578#p61578