We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 21 matches
- Wed Apr 11, 2018 5:56 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
- Mon Apr 09, 2018 5:16 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
Stop speculating about Roundcube being the issue . That can't be true . If it was, many panels using it would be exploited too. Besides, all installations which were hacked were running latest roundcube version. Those people stating like: I had blah blah number of installations blah blah without an...
- Mon Apr 09, 2018 4:12 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
i have not heard anyone bypassed Google Authenticator. its looks safe to me , also its not about perfect security , it add security layer , it slow down attackers a bit , better than nothing. No, sorry, I disagree. That's maybe marginally useful for a situation where someone already has your passwo...
- Mon Apr 09, 2018 3:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
looks like my vps was also hit from china but fail2ban blocked IP : 210.13.64.18 2018-04-09 06:27:38,027 fail2ban.actions[471]: WARNING [ssh-iptables] Unban 202.120.79.106 2018-04-09 06:27:39,766 fail2ban.actions[471]: WARNING [ssh] Unban 202.120.79.106 2018-04-09 06:27:49,026 fail2ban.actions[471]:...
- Mon Apr 09, 2018 3:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
i have not heard anyone bypassed Google Authenticator. its looks safe to me , also its not about perfect security , it add security layer , it slow down attackers a bit , better than nothing.
- Mon Apr 09, 2018 3:24 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
good that my vps is safe :) . now hope they approve security enhancements , months ago multiple time i suggests 2 factor auths and google captcha but they decline it , childish arguments they give , i do not want to enter captcha for my own panel , now here you go hope you learned lesson
- Mon Apr 09, 2018 3:20 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 709719
Re: Got 10 VestaCP servers exploited
I don't think it was the repo - I had installations that were made 3 months ago and last updated in Jan 2018 suddenly get exploited around mid-day on Saturday 7th April. This is almost definitely a vulnerability within the code, I would guess it allowed a malicious user to access the 'admin' accoun...
- Sat Jan 14, 2017 6:16 pm
- Forum: Web Server
- Topic: PHP5-FPM throwing 404
- Replies: 0
- Views: 1601
PHP5-FPM throwing 404
hi i have setup vestacp with PHP5-FPM nginx mariadb on Debian 8.6 when i loaded my custom php script it throwing 404 error on all links looks like htaccess is rules are not working with php5-fpm the same script was working ok on my another vps where i had apache , this time on new vps i thought i sh...
- Wed Sep 07, 2016 5:18 pm
- Forum: Database Server
- Topic: Setting Up MariaDB 10.0 (Debain Instructions)
- Replies: 14
- Views: 21555
Re: Setting Up MariaDB 10.0 (Debain Instructions)
on my debian 8.3 along vestacp am using mariadb 10.1.2 compiled from source with lz4 compressor Detail instruction can be found on my site :: https://answers.w3db.xyz/question/how-to-install-mariadb-from-source-along-vestacp/ will be thankful if anybody could provide smooth way of upgrading it to 10...
- Sat Aug 27, 2016 9:10 am
- Forum: Debian/Ubuntu
- Topic: Configuring nginx for best security.
- Replies: 1
- Views: 3620
Re: Configuring nginx for best security.
it was due to
after removing it , nginx tests are OKserver_tokens off;