We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it soon. Read more about it: https://vestacp.com/docs/vesta-2-development
Search found 92 matches
- Wed Mar 20, 2024 5:23 pm
- Forum: General Discussion
- Topic: Future OS Compatibility
- Replies: 10
- Views: 49997
Re: Future OS Compatibility
There are already Vesta alternatives for Ubuntu and Debian.
If you want to focus on a single distro, i hope it is Centos and it's variants (Almalinux and Rocky Linux).
If you want to focus on a single distro, i hope it is Centos and it's variants (Almalinux and Rocky Linux).
- Sun Aug 14, 2022 3:41 pm
- Forum: General Discussion
- Topic: VestaCP Alternative
- Replies: 15
- Views: 69848
Re: VestaCP Alternative
There is also a fork of Vesta that works on RHEL based distros. In this case, it works with Centos 7, Centos Stream 8, Alma Linux 8 and Rocky Linux 8. https://github.com/madeITBelgium/vesta PS: In less than 2 years, Centos 7 will go EOL, and since VestaCP doesn't support newer versions of RHEL based...
- Sat Oct 23, 2021 6:59 pm
- Forum: General Discussion
- Topic: Question to VestaCP legitimate owners. Is original VestaCP secure?
- Replies: 8
- Views: 58620
- Wed May 09, 2018 10:18 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
It has been about a month since the 1st post regarding the exploited servers. At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6). I know that many users are running with th...
- Tue Apr 17, 2018 10:45 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
I always disable exec, system, popen, proc_open and shell_exec.
- Sat Apr 14, 2018 12:47 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
This is Patrick from Rack911 Labs, a Software Security Auditing company.Sent off 6 security vulnerabilities to [email protected] with 3 of those leading to a easy root compromise. The other 3 are still very serious flaws, password / hash disclosures, etc.
I'll send off more once they fix those.
- Tue Apr 10, 2018 6:26 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
Found this in my nginx-error.log 2018/04/09 03:52:05 [error] 8641#0: *32 "/usr/local/vesta/web/_asterisk/index.php" is not found (2: No such file or directory), client: 46.161.55.106, server: _, request: "GET /_asterisk/ HTTP/1.1", host: "myip:8083" Wow this is exactly the same i got. Same IP and o...
- Tue Apr 10, 2018 6:18 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
Only my dev vps was infected and after cleaning it up and updating vesta, today i got a log in the nginx-error.log: 2018/04/09 03:55:52 [error] 1124#0: *8 "/usr/local/vesta/web/_asterisk/index.php" is not found (2: No such file or directory), client: 46.161.55.106, server: _, request: "GET /_asteris...
- Tue Apr 10, 2018 5:56 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785
Re: Got 10 VestaCP servers exploited
First of all, there was no reports about hacks on 0.9.8-20. Please update your servers as soon as possible. For those who are interested in technical details here is how authentication model looked like in previous releases: - PHP script /api/index.php receives user password via POST request - then...
- Tue Apr 10, 2018 12:32 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 1047785