Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index
  • Search

Search found 21 matches

Go to advanced search

Advanced search
Search found 21 matches
  • Previous
  • 1
  • 2
  • 3
  • Next
by nextgi
Sun Apr 08, 2018 8:23 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary.
  • Jump to post
by nextgi
Sun Apr 08, 2018 7:38 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

There might be an easier way to prevent attack and keep vesta running just by configuring http auth in /usr/local/vesta/nginx/conf/nginx.conf here is how it can be done https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ This in addition to a.... Firewa...
  • Jump to post
by nextgi
Sun Apr 08, 2018 7:12 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

while only you could not see the api of vesta to be accessed (because all vesta access logging goes to /dev/null per default) What are you doing to your installs? All of my API access is logged to /usr/local/vesta/log/system.log. Also auth for API is logged to /usr/local/vesta/log/auth.log. If the ...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:58 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

We just want logs and as much information as possible. that's what we all are here for, you're obviously just some hours behind ;-) and no worries, I perfectly understand, that you won't run off guesses from an internet board... sadly there are no logs to share - unless you get lucky and find someo...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:57 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

https://www.virustotal.com/#/file/48343c96812d4513d7109cb2a2e74c2d983f04e9baf075a47b442fe08dbec825/detection This is for libudev.so, the infected version. We all know this and discussed it on the first pages of this topic. Also, many of us has given access to infected servers to developers, and the...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:44 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:37 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

https://www.virustotal.com/#/file/48343 ... /detection

This is for libudev.so, the infected version.
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:35 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:31 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

Bullshit they are not accepting they have vulnerabilities Sandy, I am sorry you feel that way. We are in no way associated with VestaCP. We use VestaCP as many others do. However, we are also interested in resolving this as VestaCP, in our eyes, is a wonderful control panel. Everything has vulnerab...
  • Jump to post
by nextgi
Sun Apr 08, 2018 6:18 pm
Forum: General Discussion
Topic: Got 10 VestaCP servers exploited
Replies: 548
Views: 146382

Re: Got 10 VestaCP servers exploited

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportuni...
  • Jump to post

Search found 21 matches
  • Previous
  • 1
  • 2
  • 3
  • Next

Go to advanced search



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password