Vesta Control Panel - Forum

Finally the new release is available. Please update your server as soon as possible. Release notes for 0.9.8-23 - Security fix for timing attack on password reset. Thanks to https://arcturussecurity.com - Security fix for v-open-fs-config. Its visibility is limited to /etc and /var/lib directories -...

Thank you for the explanation, it explains pretty much most of the things. Glad the project is not dead. A suggestion for future: aim for total transparency, update users more, use HTTPS on the repository and config servers, make r.vestacp.com and c.vestacp.com browsable so users could see when cer...

I'm sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect. The issue number one Our infrastructure server was hacked. Presuma...

First of all, there was no reports about hacks on 0.9.8-20. Please update your servers as soon as possible. For those who are interested in technical details here is how authentication model looked like in previous releases: - PHP script /api/index.php receives user password via POST request - then ...

The fix has been released just now! As usually there are 3 ways to update your server: 1. Via web interface - Login as admin - Go to updates tab - Click un update button under vesta package 2. Via package manager - SSH as root to your server - yum update / apt-get update && apt-get upgrade 3. Via Gi...

Here is what we know so far: 1. The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh 2. It was an automated hack 3. CentOS, Debian, Ubuntu all distros are affected it's platform independent 4. We didn't find any traces in vesta and system logs yet 5. On April 7 infe...

If your server got hacked please send us root access to [email protected] so we can take a look and inspect it. Thanks

While this issue is on-going, I highly urge everyone to change ports of your vestaCP-installation. This to ensure to make it harder for break-in attempts as usually the exploits only target certain ports (in this case, default port.) or : service vesta stop This is the best way to stay safe until w...

Ooops! Thanks for rising this. Unfortunately there is a bug in current version. New memory function ignores available cached/buffered memory. I can assure you that the real memory consumption on your server hasn't changed since release. Bugfix will be available soon. Old method: [root@r6 ~]# free -m...

К сожалению, в новом релизе была допущена ошибка. Функции учета доступной памяти не учитывает память доступную в системных кэшах, как это было раньше. Я хочу вас заверить, что реальное потребление памяти ни сколько не изменилось после обновления. В ближайшее время эта ошибка будет исправлена. Вот ка...