Page 2 of 3
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 11:12 am
by mehargags
Thanks XoXiLhJ0mn,
What I meant was... asking for both 1) CLI + API & 2) API Web Hook/Calls (that may also use CLI Commands)
I know for usual CLI you need SSH access, which is well protected and default port changed. So as you explained... I'm safe there.
The second was API Calls over the web (from a program or script). That means by default the API will make a call on default port 8083 which I have blocked in my Firewall. Am I all good ?
Hope I was more clear.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 12:57 pm
by m4th3us
XoXiLhJ0mn wrote:Hi m4th3us,
Even if you upgrade, you still have the choice to deactivate the vesta service from starting at boot and not have it running all the time. The problem is not Ubuntu related. ofcourse you could upgrade it.
But if you already have configured vesta server and it is running, will it help to upgrade it? I do not know as there are no new features inserted. You could upgrade it and again trun the service off, if you are the only user on the server. Well, in my case I am the only user. Now that I configured my server I do not need the vesta service running. I also deactivated crons.
What will it do for me, update stats? Now to update stats, I do not want to have any hacker access open, right. Why should I want to have vesta port accessible through web from a public IP address, when I have already configured my server, eh?
Perhaphs I could make one shell script to deactivate and activate vesta panel for all people in a similar situation like me.
I did not got hacked! i'm just being cautious... and wanna to know if this upgrade caused that problem...
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 2:08 pm
by skurudo
Please update your VestaCP version:
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 3:22 pm
by mehargags
Thanks Skurudo for the information.
Thanks VestaCP team for the update
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 5:10 pm
by skurudo
mehargags wrote:Thanks Skurudo for the information.
Thanks VestaCP team for the update
Thanks to you and all community ^_^
PS: Don't be afraid of 502 error when you press update button. Yes, it's normal. VestaCP have separate session folder for vesta-php, it's one of new security updates.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 5:35 pm
by Sanity
as always thank you very much. everything went perfect.recently updated with an Ubuntu 12.04 vestacp 0.9.8 release 16 :=)
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 5:50 pm
by sega
Thanks VESTA team, what about 2FA in panel?
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 6:52 pm
by mehargags
@skurudo
I suggest you make a new post here at
http://forum.vestacp.com/viewforum.php?f=25
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 7:35 pm
by dpeca
Hmmm, I know that it is sensitive to tell us where is a security hole, but... now when you published new version - you should think about it to tell us what exactly we should fix on version 15, if we want to keep vesion 15 at least for a while.
I have little modifications for version 15 on many servers (mostly bugfixes for known bugs in version 15), so it's not easy to make a quick upgrade to 16.
I will appreciate a quick fix for security hole in version 15, even via private message?
Kind rergards from Serbia.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 7:46 pm
by skurudo
XoXiLhJ0mn wrote:Hello Skurudo,
But how could we forget giving thanks to Mr. Sergey Rodin? I did not know his nickname in the forum so I tell you to pass it on.
Thanks.
Sergey nick here is
skid.
How can we forget, we grateful to author and main dev
I pass your message. ;-)