Search found 16 matches
- Tue Apr 10, 2018 7:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
n0x, if you havent so yet, you can check out this poll and fill in your infos there: Hi Everyone, We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know. http...
- Tue Apr 10, 2018 7:28 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
just noticed, I do have some weird commands being run as 'root' when I do ps -fU admin with things like 'ifconfig eth0', 'su', 'pwd', 'cat resolv.conf', etc along with the standard Vesta admin processes (NGINX, etc). I'm not sure what that is but I don't see it on any other VM running Vesta and I d...
- Tue Apr 10, 2018 7:17 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
So the droplet was disconnected by Digital Ocean at 3:53pm today (10/04/2018), it was pushing 1 Gbps outbound at the time but looks like traffic had been spiking outbound for a number of hours prior to that. Backups on the VM run at 5 and 6am so I'm pretty sure it wasn't outbound backup traffic. My ...
- Tue Apr 10, 2018 5:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
Just had a message from Digital Ocean that I had an outbound DDoS originating from a clean OS install after the Saturday problems. This was a clean 0.9.8-19 install that I updated to 0.9.8-20. Looks like my clean 0.9.8-20 installation hasn't been compromised. I'll be back at a PC in half an hour and...
- Tue Apr 10, 2018 9:33 am
- Forum: 3rd Party Software
- Topic: Upload Vesta user backups to Dropbox automatically daily
- Replies: 29
- Views: 32217
Re: Upload Vesta user backups to Dropbox automatically daily
Really nice script and solution for remote backup storage.
Running nicely on the VM now :)
Running nicely on the VM now :)
- Tue Apr 10, 2018 8:09 am
- Forum: General Discussion
- Topic: VestaCP is not installable from Ubuntu 16.04
- Replies: 13
- Views: 2389
- Mon Apr 09, 2018 3:37 pm
- Forum: General Discussion
- Topic: Block layer-7 attacks
- Replies: 2
- Views: 564
Re: Block layer-7 attacks
You'd need a web application firewall (WAF), or some sort of proxy to inspect all the traffic.
Probably the easiest way is to put it behind CloudFlare and use their WAF - Otherwise there are some open source options.
Probably the easiest way is to put it behind CloudFlare and use their WAF - Otherwise there are some open source options.
- Mon Apr 09, 2018 2:45 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
My vestas are 3 months old That is very strange. How the hell they exploited your server? In my case, i have three servers with Vesta, none of them was exploited. In the most important one, i did have port 8083 blocked with iptables Then i have one test server where i installed Vesta last week, and...
- Mon Apr 09, 2018 2:43 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 137540
Re: Got 10 VestaCP servers exploited
Did you install VestaCP recently? We are trying to know if their repo was exploited. I don't think it was the repo - I had installations that were made 3 months ago and last updated in Jan 2018 suddenly get exploited around mid-day on Saturday 7th April. This is almost definitely a vulnerability wi...
- Mon Apr 09, 2018 2:39 pm
- Forum: General Discussion
- Topic: I can't able to login vesta cpanel.
- Replies: 5
- Views: 891
Re: I can't able to login vesta cpanel.
Yep, DigitalOcean blocked port 8083 across all zones. Change the port by following: https://forum.vestacp.com/viewtopic.php?f=10&t=16585&p=68940&hilit=8383#p68940 Then you can access on the new port with no issues (also make sure you update to 0.9.8-20 before changing the port), you can do that with...