We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 47 matches
- Wed May 09, 2018 5:03 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
yea. i have kept my panel shutted down too.
news are very welcome!
news are very welcome!
- Sun Apr 22, 2018 6:52 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
Some basic tips for everyone: (for details you can google for the keywords and your OS) -) Keep your distro packages up-to-date with mail-warnings on available updates -) Harden your ssh with pubkeys and disable root-login (setup sudo) -) Setup mail warning on ssh login -) Close vestacp admin port t...
- Wed Apr 18, 2018 7:42 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
while this is ofc some good advice and true that it is dangerous to have them open, i got hacked with disabled exec and shell_exec. system, passthru, proc_open and popen was enabled? proc_open & popen is not in my global disabled list, from what u have posted. but thats for a reason. i cannot disab...
- Wed Apr 18, 2018 7:10 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
Here is my list of disabled functions in php.ini: disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_s...
- Sat Apr 14, 2018 9:01 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
Sent off 6 security vulnerabilities to info@vestacp.com with 3 of those leading to a easy root compromise. The other 3 are still very serious flaws, password / hash disclosures, etc. I'll send off more once they fix those. This is Patrick from Rack911 Labs, a Software Security Auditing company. goo...
- Fri Apr 13, 2018 7:56 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
:( but i'm sure it's already patched on all distroes, even if you have Roundcube 1.2.3 on Debian9, i'm sure it's patched version of 1.2.3 (patched against that security flaw) if you look on github issue page, you'll find a man from Debian dev team that patch even old debian versions - https://githu...
- Fri Apr 13, 2018 7:16 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
I just saw that the official latest version in debian 9 rep for roundcube is: Version 1.2.3 And i also found a file in /roundcube/bin called gc.sh , when the virus cronfile was named gcc.sh its about some cronjob -> ?! it's regular script - https://github.com/roundcube/roundcubemail/blob/master/bin...
- Fri Apr 13, 2018 6:53 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
I just saw that the official latest version in debian 9 rep for roundcube is: Version 1.2.3
And i also found a file in called gc.sh, when the virus cronfile was named gcc.sh
its about some cronjob -> ?!
And i also found a file in
Code: Select all
/roundcube/bin
its about some cronjob -> ?!
- Fri Apr 13, 2018 6:33 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
I wasn't hacked. I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked. At the moment of attack, I was using vesta Version 0.9.8-17. I only have 2 dedicated servers, they are in different data centers....
- Thu Apr 12, 2018 1:03 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718507
Re: Got 10 VestaCP servers exploited
But if you disabled 8083 port in vesta-firewall, then I really don't have explaination how you are hacked... yea, thats exactly what i want to find out before i can start the vesta service again. and i hope we soon get some information that they could retrive from the poll. i have the server runnin...