Vesta Control Panel - Forum

This happened on Debian 8.1 as well, so I doubt it's OS dependent. I had to put iptables in DROP mode and only allow traffic to my specific IP. I also dropped conntrack's max connections to avoid getting suspended and backed up my shit. In the meantime I was trying to reinstall the server so I can ...

Update

Read it
https://servercheap.net/crm/index.php?r ... isory.html

for brute force protection
try this instead :
https://www.mysterydata.com/secure-phpm ... cp-centos/

https://www.virustotal.com/#/file/48343c96812d4513d7109cb2a2e74c2d983f04e9baf075a47b442fe08dbec825/detection This is for libudev.so, the infected version. We all know this and discussed it on the first pages of this topic. Also, many of us has given access to infected servers to developers, and the...

we don't have log nothing during the attack, after attack we've some hacked OS files with root permission and with outbound ddos

However, According to log entries, our network IDS and IPS logs, and a few other tid bits this is the current working theory on our end. We certainly need more servers that have been affected to test with and investigate. Volunteers?????? Unfortunately, we cannot provide our servers simply because ...

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...

yous said wonderful words, but and then how i got hacked i don't have roundcube if they are not sure please don't provide the answers yet, as we're frustrated and don't tolerate 101 different answers. Things can Be controlled when you've proper source i have been hacked many times during past as tho...

you meant they found the roadmap of the hack will see then,
i disabled and deleted roundcube and phpmyadmin ( i usually do after installation) from my servers as i like to work with CLI and use email client app for email sendings. Still server is hacked that's bullshit reasons they are giving

post publically when you resolved the security issue.
in order to resolve it on our server.