We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 20 matches
- Sun Apr 08, 2018 6:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
Understood, However, According to log entries, our network IDS and IPS logs, and a few other tid bits this is the current working theory on our end. We certainly need more servers that have been affected to test with and investigate. Volunteers?????? Your theory really doesn't make much sense at th...
- Sun Apr 08, 2018 4:55 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
- Sun Apr 08, 2018 4:14 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
Hi, I've two vps on ovh with attack, I downloaded the three last backups of vesta from /backup and was reinstalled the S.O. (Debian 9) with vestacp. I was restore the backup on new installation and change port of vestacp. At the moment, i monitoring and don't see anything wrong. On my VPSs, the arc...
- Sun Apr 08, 2018 3:35 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
Wonder how many hosts that are infected, considering this... Our engineering team continues to work to resolve the networking issue impacting our NYC regions. We believe a previously undisclosed vulnerability in software by some customers on their Droplets is allowing for denial of service (DoS) att...
- Sun Apr 08, 2018 3:31 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
Are you using VestaCP? Why would I post here if I don't use it? I've got VestaCP running on one of my not-so-important servers for the past few years, but due to this problem I am likely migrating over all content and sites to Plesk. I don't feel confident having public or private API's for that ma...
- Sun Apr 08, 2018 3:23 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
I've mentioned it before, but the patches that will be released now are not a fix for the actual problem - as it stands right now VestaCP is insecure by it's design. As far as I know, basically the entire API and all commands in the background run on the user "admin", that have sudo rights and thus ...
- Sun Apr 08, 2018 2:59 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
I think the main issue here is the fact that the API runs as root... that is a major security hole alone.
- Sun Apr 08, 2018 2:09 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
I'm setting up a Honeypot server on a VPS right now and we'll see how it goes. I'm not very hopeful as my other installation of Vesta is running behind same network and wasn't attacked.
- Sun Apr 08, 2018 12:41 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
Then I think we can eliminate the theory that Roundcube is the fault here. Then why "/tmp/update" was launched from the working directory of Roundcube? [root@mail /]# lsof -p 985 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME update 985 root cwd DIR 182,178001 4096 786628 /usr/share/roundcubema...
- Sun Apr 08, 2018 12:24 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 718388
Re: Got 10 VestaCP servers exploited
I'm cheering it's not roundcube cuz another server didn't got hacked again with disabled Vesta. I'm still keeping this hacked server mounted in rescue until sergehey is back. I truly hope he will be back my client is insisting on puting sites back up Mine isn't hacked either and I've been running V...