Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index
  • Search

Search found 8 matches

Go to advanced search

Advanced search
Search found 8 matches • Page 1 of 1
by wildwolf
Thu Apr 12, 2018 5:26 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

dpeca wrote: ↑
Thu Apr 12, 2018 2:57 pm
https://roundcube.net/news/2018/04/11/s ... date-1.3.6
As far as I can tell, for that vulnerability to be exploited, you need to be logged into RoundCube.

Moreover, the traces will be visible in the web server access log, since command are injected into the query string.
  • Jump to post
by wildwolf
Thu Apr 12, 2018 12:52 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

Maybe, through /api/, he just ''altered'' roundcube PHP file, because roundcube is on known path (/usr/share/roundcube/) If so, this means that VestaCP has a tremendous security hole, which allows an intruder to bypass all sanity checks and change an arbitrary file in the system. Then he gets in vi...
  • Jump to post
by wildwolf
Tue Apr 10, 2018 8:47 am
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

MiguelVESTACP wrote: ↑
Tue Apr 10, 2018 7:52 am
THanks @wildwolf

How to chmood /var/log/httpd
drwx------ 2

Best Regards

Code: Select all

chmod 0700 /var/log/httpd
PS: don't have any directory under /dev/log/httpd.
  • Jump to post
by wildwolf
Tue Apr 10, 2018 7:29 am
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

I dont know if my server is hacked but now i have this problem at least 3 days Failed to create subdirectories: /var/log/httpd/20180410/20180410-0243 Can someone tell me what is attributes for the folders in centos ? "var/log/httpd" "var/log" # ls -lhad /var/log drwxr-xr-x. 18 root root 4.0K кві 9 ...
  • Jump to post
by wildwolf
Mon Apr 09, 2018 5:31 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

AS of speculation in regards to REPO, vesta staff has CHECKED the repo and repo is SAFE. It is safe now, but was it safe several days ago? Those who run CentOS and have auditd installed, you can run aureport -x to see what commands were run bu the server (does NOT show commands run by root unless a...
  • Jump to post
by wildwolf
Mon Apr 09, 2018 5:26 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

I don't think it was the repo - I had installations that were made 3 months ago and last updated in Jan 2018 suddenly get exploited around mid-day on Saturday 7th April. As far as I can tell, Vesta tries to update itself automatically. # crontab -l -u admin MAILTO=email@hidden CONTENT_TYPE="text/pl...
  • Jump to post
by wildwolf
Mon Apr 09, 2018 5:22 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

vishne0 wrote: ↑
Mon Apr 09, 2018 3:51 pm
There are few things I want to know if someone can please reply
1) The hacked server were running ssh on port 22 ?
2) Allow root to login were on?
No to both :-)
  • Jump to post
by wildwolf
Mon Apr 09, 2018 9:59 am
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 1088541

Re: Got 10 VestaCP servers exploited

Judging by audit.log's I have from several infected servers, it seems to me that it is not VestaCP that was compromised but its repository / repositories. For example, # ausearch -m USER_CMD -i | grep -v -- '----' | awk '{print $10}' | sort -u cmd=-bash cmd=/usr/local/vesta/bin/v-add-firewall-rule c...
  • Jump to post

Search found 8 matches • Page 1 of 1

Go to advanced search



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password