VERY IMPORTANT SERVER HACKED!!

[mehargags]

Thanks XoXiLhJ0mn,

What I meant was... asking for both 1) CLI + API & 2) API Web Hook/Calls (that may also use CLI Commands)

I know for usual CLI you need SSH access, which is well protected and default port changed. So as you explained... I'm safe there.

The second was API Calls over the web (from a program or script). That means by default the API will make a call on default port 8083 which I have blocked in my Firewall. Am I all good ?

Hope I was more clear.

[m4th3us]

Hi m4th3us,

Even if you upgrade, you still have the choice to deactivate the vesta service from starting at boot and not have it running all the time. The problem is not Ubuntu related. ofcourse you could upgrade it.

But if you already have configured vesta server and it is running, will it help to upgrade it? I do not know as there are no new features inserted. You could upgrade it and again trun the service off, if you are the only user on the server. Well, in my case I am the only user. Now that I configured my server I do not need the vesta service running. I also deactivated crons.

What will it do for me, update stats? Now to update stats, I do not want to have any hacker access open, right. Why should I want to have vesta port accessible through web from a public IP address, when I have already configured my server, eh?

Perhaphs I could make one shell script to deactivate and activate vesta panel for all people in a similar situation like me.

I did not got hacked! i'm just being cautious... and wanna to know if this upgrade caused that problem...

[skurudo]

Please update your VestaCP version:

[mehargags]

Thanks Skurudo for the information.
Thanks VestaCP team for the update

[skurudo]

Thanks Skurudo for the information.
Thanks VestaCP team for the update

Thanks to you and all community ^_^

PS: Don't be afraid of 502 error when you press update button. Yes, it's normal. VestaCP have separate session folder for vesta-php, it's one of new security updates.

[Sanity]

as always thank you very much. everything went perfect.recently updated with an Ubuntu 12.04 vestacp 0.9.8 release 16 :=)

[sega]

Thanks VESTA team, what about 2FA in panel?

[mehargags]

@skurudo
I suggest you make a new post here at http://forum.vestacp.com/viewforum.php?f=25

[dpeca]

Hmmm, I know that it is sensitive to tell us where is a security hole, but... now when you published new version - you should think about it to tell us what exactly we should fix on version 15, if we want to keep vesion 15 at least for a while.

I have little modifications for version 15 on many servers (mostly bugfixes for known bugs in version 15), so it's not easy to make a quick upgrade to 16.

I will appreciate a quick fix for security hole in version 15, even via private message?

Kind rergards from Serbia.

[skurudo]

Hello Skurudo,
But how could we forget giving thanks to Mr. Sergey Rodin? I did not know his nickname in the forum so I tell you to pass it on.

Thanks.
Sergey nick here is skid.

How can we forget, we grateful to author and main dev
I pass your message. ;-)