Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index
  • Search

Search found 21 matches

Go to advanced search

Advanced search
Search found 21 matches
  • 1
  • 2
  • 3
  • Next
by nextgi
Sat Nov 02, 2019 9:27 pm
Forum: Web Server
Topic: Error: Let's Encrypt validation status 400
Replies: 61
Views: 71572

Re: Error: Let's Encrypt validation status 400

Well, seems a bit odd. I am receiving the same issue as described by OP on a fresh install of VestaCP, today. Here is what LetsEncrypt is returning { "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 } I am trying t...
  • Jump to post
by nextgi
Tue Oct 01, 2019 12:52 am
Forum: General Discussion
Topic: Error: Let's Encrypt new auth status 400
Replies: 21
Views: 12984

Re: Error: Let's Encrypt new auth status 400

@really,

I agree. Nuff said... lol
  • Jump to post
by nextgi
Sun Apr 15, 2018 4:15 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

Sent off 6 security vulnerabilities to info@vestacp.com with 3 of those leading to a easy root compromise. The other 3 are still very serious flaws, password / hash disclosures, etc. I'll send off more once they fix those. This is Patrick from Rack911 Labs, a Software Security Auditing company. goo...
  • Jump to post
by nextgi
Fri Apr 13, 2018 8:44 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

Well, Im glad we are making full circle on our original working theory lol. We have documented proof that the correlation between the url http://<your ip>/webmail was the vector entry point on the systems we have been examining. It may not be roundcube specific, we have yet to determine this. It may...
  • Jump to post
by nextgi
Tue Apr 10, 2018 3:48 pm
Forum: General Discussion
Topic: OpenVPN
Replies: 3
Views: 2046

Re: OpenVPN

Hi there, So, I am a little lost. It is clear you are trying to install OpenVPN, thats very clear. The purpose is not. Is it to manage VestaCP via the vpn? My Understanding: Client (You) -> VPN on same host as VestaCP -> VestaCP (Port 8083 Internal on the VPN) Is the accurate? I am trying to unders...
  • Jump to post
by nextgi
Tue Apr 10, 2018 5:22 am
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

Hi Everyone, We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know. https://goo.gl/forms/qXtzd6nZFrKNw7DN2 We greatly appreciate any input. It's private Haha...
  • Jump to post
by nextgi
Tue Apr 10, 2018 5:21 am
Forum: General Discussion
Topic: OpenVPN
Replies: 3
Views: 2046

Re: OpenVPN

Hi there, So, I am a little lost. It is clear you are trying to install OpenVPN, thats very clear. The purpose is not. Is it to manage VestaCP via the vpn? My Understanding: Client (You) -> VPN on same host as VestaCP -> VestaCP (Port 8083 Internal on the VPN) Is the accurate? I am trying to underst...
  • Jump to post
by nextgi
Tue Apr 10, 2018 5:11 am
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

Hi Everyone,

We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.

https://goo.gl/forms/qXtzd6nZFrKNw7DN2

We greatly appreciate any input.
  • Jump to post
by nextgi
Sun Apr 08, 2018 8:45 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Problem to many of us is that we have dynamic IPs from our ISPs and it can make accessing the vesta difficult since one ip is changed there iptables will have to be updated via ssh. ...
  • Jump to post
by nextgi
Sun Apr 08, 2018 8:43 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 137540

Re: Got 10 VestaCP servers exploited

The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Doesn't cut down the support tickets much though ;) True, But a unique solution is why im in business haha. Cybersecurity is not cut and dry. You may need to work around customer nee...
  • Jump to post

Search found 21 matches
  • 1
  • 2
  • 3
  • Next

Go to advanced search



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password