We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 1476 matches
- Thu Oct 18, 2018 8:58 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 725344
Re: All VestaCP installations being attacked
Finally the new release is available. Please update your server as soon as possible. Release notes for 0.9.8-23 - Security fix for timing attack on password reset. Thanks to https://arcturussecurity.com - Security fix for v-open-fs-config. Its visibility is limited to /etc and /var/lib directories -...
- Wed Oct 17, 2018 10:18 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 725344
Re: All VestaCP installations being attacked
Thank you for the explanation, it explains pretty much most of the things. Glad the project is not dead. A suggestion for future: aim for total transparency, update users more, use HTTPS on the repository and config servers, make r.vestacp.com and c.vestacp.com browsable so users could see when cer...
- Wed Oct 17, 2018 8:25 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 725344
Re: All VestaCP installations being attacked
I'm sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect. The issue number one Our infrastructure server was hacked. Presuma...
- Tue Apr 10, 2018 3:42 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705578
Re: Got 10 VestaCP servers exploited
First of all, there was no reports about hacks on 0.9.8-20. Please update your servers as soon as possible. For those who are interested in technical details here is how authentication model looked like in previous releases: - PHP script /api/index.php receives user password via POST request - then ...
- Sun Apr 08, 2018 10:26 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705578
Re: Got 10 VestaCP servers exploited
The fix has been released just now! As usually there are 3 ways to update your server: 1. Via web interface - Login as admin - Go to updates tab - Click un update button under vesta package 2. Via package manager - SSH as root to your server - yum update / apt-get update && apt-get upgrade 3. Via Gi...
- Sun Apr 08, 2018 7:05 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705578
Re: Got 10 VestaCP servers exploited
Here is what we know so far: 1. The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh 2. It was an automated hack 3. CentOS, Debian, Ubuntu all distros are affected it's platform independent 4. We didn't find any traces in vesta and system logs yet 5. On April 7 infe...
- Sat Apr 07, 2018 8:27 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705578
Re: Got 10 VestaCP servers exploited
If your server got hacked please send us root access to [email protected] so we can take a look and inspect it. Thanks
- Sat Apr 07, 2018 8:25 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705578
Re: Got 10 VestaCP servers exploited
While this issue is on-going, I highly urge everyone to change ports of your vestaCP-installation. This to ensure to make it harder for break-in attempts as usually the exploits only target certain ports (in this case, default port.) or : service vesta stop This is the best way to stay safe until w...
- Mon Nov 28, 2016 3:33 pm
- Forum: General Discussion
- Topic: high ram usage?
- Replies: 18
- Views: 32811
Re: high ram usage?
Ooops! Thanks for rising this. Unfortunately there is a bug in current version. New memory function ignores available cached/buffered memory. I can assure you that the real memory consumption on your server hasn't changed since release. Bugfix will be available soon. Old method: [root@r6 ~]# free -m...
- Mon Nov 28, 2016 3:24 pm
- Forum: Общие вопросы
- Topic: RAM после обновления до 17
- Replies: 104
- Views: 82893
Re: RAM после обновления до 17
К сожалению, в новом релизе была допущена ошибка. Функции учета доступной памяти не учитывает память доступную в системных кэшах, как это было раньше. Я хочу вас заверить, что реальное потребление памяти ни сколько не изменилось после обновления. В ближайшее время эта ошибка будет исправлена. Вот ка...