Vesta Control Panel - Forum

Falzo , stop the insults. We have all said in this thread. More information you can find here https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/ In the next time I'll give you a warning. Excuse me, I don't think there were any insults from ...

The Vesta service was running and I had SSH access enabled just for the admin user. I set the password with the installation command. thanks for the info, that's interesting... I tried to investigate some more and checked some servers I installed in august and came across this entries in auth.log a...

I see we have 4 options: a) Rely on the community to find the exploited vulnerability and then fork VestaCP into something else. b) Make a fund to offer a prize for whoever finds the hole, and then fork VestaCP. c) Forget about VestaCP d) Rely on the core dev team. Meaning no ETA no info until they ...

He obviously entered via SSH because he deleted /var/log/secure and auth.log . But mistery is HOW he got SSH. No, not that obvious to me, dpeca. There are things called "callback" that connect from the inside to the outside giving a shell. So, if people having SSH off got hacked I would look for so...

Hello,

Everyone running SSH on port 22? Did anyone here get hacked while having SSH firewalled by IP or running on a non-standard port?

Thank you

My dev server got compromise as the password for admin user got changed, lucky I had the shell for admin user set to rssh so that attempt to run the payload in /var/tmp got blocked. Heres the attempted command run via ssh from ip:45.76.146.8 command: echo "9WlgVjGkot" | sudo -S -p "" chmod 0777 /va...

ctrlpac wrote: ↑

Tue Sep 25, 2018 12:41 pm

albertus wrote: ↑

Tue Sep 25, 2018 12:36 pm

Don't worry pal. VestaCP developers will take care of it, give them a month.

A month? :x

How long it took them last time?

Don't worry pal. VestaCP developers will take care of it, give them a month.

Hello

Same here. I got 10 servers hacked.
All servers were attacking 144.0.2.180 (China). Last time VestaCP was hit by a zero day it was also discovered thanks to that attack. Too similar.

I'm done with VestaCP. Can't trust it anymore.

Good luck guys

Problem to many of us is that we have dynamic IPs from our ISPs and it can make accessing the vesta difficult since one ip is changed there iptables will have to be updated via ssh. And I have clients that want to be able to access the admin panel to add new webistes Completely understandable, This...