Vesta Control Panel - Forum

Falzo , stop the insults. We have all said in this thread. More information you can find here https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/ In the next time I'll give you a warning. how did I insult anyone? you can warn me all over the...

Please check if your server IP here >>>>> http://vestacp.com/test/?ip=127.0.0.1 <<<<< sorry to be the bummer here again, but this shows 'not infected' for a server IP of mine where the malicious installer (debian) has been used on 13th august. the server was not hacked at all, because I change the ...

sorry for the delay, I have been quite busy but finally found the time again to check on it more. I have been looking for a pattern and to see why only a few installations were affected. obviously there were some with vesta service running, some not and as written above it might even be dependant on...

The Vesta service was running and I had SSH access enabled just for the admin user. I set the password with the installation command. thanks for the info, that's interesting... I tried to investigate some more and checked some servers I installed in august and came across this entries in auth.log a...

so anything new on that? from what we can read so far here, is that only a few servers have been hit and the attacker somehow gained ssh access? some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password? to thos...

It worries me that no one knows for sure how the panel became exploited in the first place. this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement. sad...

It worries me that no one knows for sure how the panel became exploited in the first place. this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement. sad...

The pity things are: 1) I have not records in apache logs of it. They are missing or deleted or never created. I see only a /webmail/ HEAD access (from a japanese IP) 3 seconds before that "update" file was created in that "tmp" folder: ======== 119.82.29.17 - - [04/Apr/2018:06:25:38 -0400] "HEAD /...

I think that we can throw away theory that Vesta repo is compromised. This is why: I know MANY datacenters (one of them hosts 30% of all dedicated servers in a world) where NONE of Vesta servers got hacked. Also, ZERO servers that are physically located in my country got hacked. Bad guy simply scan...

I might be wrong but I just wanted to point out that I believe fail2ban might not work correctly for the panel after changing from the default port. Looks like the port used for setting up the vesta fail2ban chain is set in v-add-firewall-chain. # Action # #-----------------------------------------...