Vesta Control Panel - Forum

The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary.

There might be an easier way to prevent attack and keep vesta running just by configuring http auth in /usr/local/vesta/nginx/conf/nginx.conf here is how it can be done https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ This in addition to a.... Firewa...

while only you could not see the api of vesta to be accessed (because all vesta access logging goes to /dev/null per default) What are you doing to your installs? All of my API access is logged to /usr/local/vesta/log/system.log. Also auth for API is logged to /usr/local/vesta/log/auth.log. If the ...

We just want logs and as much information as possible. that's what we all are here for, you're obviously just some hours behind ;-) and no worries, I perfectly understand, that you won't run off guesses from an internet board... sadly there are no logs to share - unless you get lucky and find someo...

https://www.virustotal.com/#/file/48343c96812d4513d7109cb2a2e74c2d983f04e9baf075a47b442fe08dbec825/detection This is for libudev.so, the infected version. We all know this and discussed it on the first pages of this topic. Also, many of us has given access to infected servers to developers, and the...

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...

https://www.virustotal.com/#/file/48343 ... /detection

This is for libudev.so, the infected version.

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...

Bullshit they are not accepting they have vulnerabilities Sandy, I am sorry you feel that way. We are in no way associated with VestaCP. We use VestaCP as many others do. However, we are also interested in resolving this as VestaCP, in our eyes, is a wonderful control panel. Everything has vulnerab...

Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportuni...