We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 21 matches
- Sat Nov 02, 2019 9:27 pm
- Forum: Web Server
- Topic: Error: Let's Encrypt validation status 400
- Replies: 62
- Views: 186900
Re: Error: Let's Encrypt validation status 400
Well, seems a bit odd. I am receiving the same issue as described by OP on a fresh install of VestaCP, today. Here is what LetsEncrypt is returning { "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 } I am trying t...
- Tue Oct 01, 2019 12:52 am
- Forum: General Discussion
- Topic: Error: Let's Encrypt new auth status 400
- Replies: 21
- Views: 40917
Re: Error: Let's Encrypt new auth status 400
@really,
I agree. Nuff said... lol
I agree. Nuff said... lol
- Sun Apr 15, 2018 4:15 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
Sent off 6 security vulnerabilities to info@vestacp.com with 3 of those leading to a easy root compromise. The other 3 are still very serious flaws, password / hash disclosures, etc. I'll send off more once they fix those. This is Patrick from Rack911 Labs, a Software Security Auditing company. goo...
- Fri Apr 13, 2018 8:44 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
Well, Im glad we are making full circle on our original working theory lol. We have documented proof that the correlation between the url http://<your ip>/webmail was the vector entry point on the systems we have been examining. It may not be roundcube specific, we have yet to determine this. It may...
- Tue Apr 10, 2018 3:48 pm
- Forum: General Discussion
- Topic: OpenVPN
- Replies: 3
- Views: 4916
Re: OpenVPN
Hi there, So, I am a little lost. It is clear you are trying to install OpenVPN, thats very clear. The purpose is not. Is it to manage VestaCP via the vpn? My Understanding: Client (You) -> VPN on same host as VestaCP -> VestaCP (Port 8083 Internal on the VPN) Is the accurate? I am trying to unders...
- Tue Apr 10, 2018 5:22 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
Hi Everyone, We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know. https://goo.gl/forms/qXtzd6nZFrKNw7DN2 We greatly appreciate any input. It's private Haha...
- Tue Apr 10, 2018 5:21 am
- Forum: General Discussion
- Topic: OpenVPN
- Replies: 3
- Views: 4916
Re: OpenVPN
Hi there, So, I am a little lost. It is clear you are trying to install OpenVPN, thats very clear. The purpose is not. Is it to manage VestaCP via the vpn? My Understanding: Client (You) -> VPN on same host as VestaCP -> VestaCP (Port 8083 Internal on the VPN) Is the accurate? I am trying to underst...
- Tue Apr 10, 2018 5:11 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
Hi Everyone,
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
We have put together a survey to help us better understand the general configuration in relation to some of the working theories. If you have suggestions to broaden the survey, please let us know.
https://goo.gl/forms/qXtzd6nZFrKNw7DN2
We greatly appreciate any input.
- Sun Apr 08, 2018 8:45 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Problem to many of us is that we have dynamic IPs from our ISPs and it can make accessing the vesta difficult since one ip is changed there iptables will have to be updated via ssh. ...
- Sun Apr 08, 2018 8:43 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709701
Re: Got 10 VestaCP servers exploited
The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Doesn't cut down the support tickets much though ;) True, But a unique solution is why im in business haha. Cybersecurity is not cut and dry. You may need to work around customer nee...