We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 112 matches
- Tue Apr 10, 2018 3:54 am
- Forum: General Discussion
- Topic: OpenVPN
- Replies: 3
- Views: 4909
OpenVPN
I tried installing openvpn before but failed. I think it is time to revisit this task due to the recent attack. So downloaded and installed openvpn using this guide https://www.vultr.com/docs/installing-openvpn-on-centos-7 by default, openvpn will have this IP address 172.27.224.0/20 Port are 943 fo...
- Mon Apr 09, 2018 2:58 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Did you install VestaCP recently? We are trying to know if their repo was exploited. I don't think it was the repo - I had installations that were made 3 months ago and last updated in Jan 2018 suddenly get exploited around mid-day on Saturday 7th April. This is almost definitely a vulnerability wi...
- Mon Apr 09, 2018 2:43 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
My vestas are 3 months old That is very strange. How the hell they exploited your server? In my case, i have three servers with Vesta, none of them was exploited. In the most important one, i did have port 8083 blocked with iptables Then i have one test server where i installed Vesta last week, and...
- Mon Apr 09, 2018 2:27 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Isn't by default that when your firewall is enabled, everything is dropped? And by default, only the accepted ones are in the FIREWALL tab. If you already changed your admin port, automatically your 8083 is dropped I really dont think the exploitation is related to 8083. Mine is a different port bu...
- Mon Apr 09, 2018 2:09 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Isn't by default that when your firewall is enabled, everything is dropped? And by default, only the accepted ones are in the FIREWALL tab. If you already changed your admin port, automatically your 8083 is dropped I really dont think the exploitation is related to 8083. Mine is a different port but...
- Mon Apr 09, 2018 12:35 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
I have a different port. Was hacked
- Mon Apr 09, 2018 12:17 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
It seems that my CP autoupdated and now I can't access web UI. All services are active. What should I do? DigitalOcean (and perhaps Vultr and others) have recently blocked the default Vesta port (8083). Follow these steps to change the port (and optionally add IP firewall) and then see if you can a...
- Mon Apr 09, 2018 11:57 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Judging by audit.log's I have from several infected servers, it seems to me that it is not VestaCP that was compromised but its repository / repositories. For example, # ausearch -m USER_CMD -i | grep -v -- '----' | awk '{print $10}' | sort -u cmd=-bash cmd=/usr/local/vesta/bin/v-add-firewall-rule ...
- Mon Apr 09, 2018 11:54 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Dear Community, does somebody noticed any hacks since ? Either this was a one-time mass exploiting or they never return to the same servers. Honeypots are already installed for all servers, but my own code that was technically the same as provided here. My observation, once I removed the viruses, i...
- Mon Apr 09, 2018 5:08 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 706668
Re: Got 10 VestaCP servers exploited
Im trying to update my vesta but for some of my instances but it's failing. I've found out that yum update is failing also Loaded plugins: fastestmirror Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 14: curl#6 - "Could not resolve hos...