We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 26 matches
- Mon Apr 09, 2018 4:36 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
Finally got OVH to enable my server. I've mounted rootfs and checked for files modifed in last 7 days find -L / -mtime -7 To check for suspicious files and got this: Modified - /etc/crontab Removed line */3 * * * * root /etc/cron.hourly/gcc.sh Added Files from exploit removed all of them from rescue...
- Mon Apr 09, 2018 4:28 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
There are few things I want to know if someone can please reply 1) The hacked server were running ssh on port 22 ? 2) Allow root to login were on? The above two questions will sort few things. I will post my report once I will have answers. Also if anyone need any help to clean the server or migrat...
- Sun Apr 08, 2018 10:54 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
Just did an update using CLI please note that /usr/local/vesta/nginx/nginx.conf was not updated
Access log should be manualy enabled after update for easier debugging in future
Access log should be manualy enabled after update for easier debugging in future
- Sun Apr 08, 2018 8:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Problem to many of us is that we have dynamic IPs from our ISPs and it can make accessing the vesta difficult since one ip is changed there iptables will have to be updated via ssh. ...
- Sun Apr 08, 2018 8:34 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary. Problem to many of us is that we have dynamic IPs from our ISPs and it can make accessing the vesta difficult since one ip is changed there iptables will have to be updated via ssh. ...
- Sun Apr 08, 2018 7:55 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
I've already provided FTP access to OVH files. Haven't got any response on mail though. I was unable to get in touch with OVH to enable SSH rescue access. Anyway I noticed malicious files in /etc/rc.d/init.d/ those files are also symliked in all rc0.d, rc1.d .... rc6.d https://preview.ibb.co/cxx2zx/...
- Sun Apr 08, 2018 7:34 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
There might be an easier way to prevent attack and keep vesta running just by configuring http auth in /usr/local/vesta/nginx/conf/nginx.conf here is how it can be done https://docs.nginx.com/nginx/admin-guid ... ntication/
- Sun Apr 08, 2018 3:15 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
I may be also good idea to set up VPN and allow vesta connection only via VPN this is true but you could also make a bastion than only authorize it use TINC or only authorize the port 8083 through TOR authorise only your VPN provider or pay for a static IP at home and authorise only this one and so...
- Sun Apr 08, 2018 2:43 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
Just to remove some water on the fire This same hack append to me almost a year ago on a server where I use ISPConfig. With a Terabytes connection the ISP (exoscale) charge me 2000$ for a almost 48h of DDOS they never showed me the log ;) So All that to say it's not specific to VestaCP If I may, ma...
- Sun Apr 08, 2018 2:36 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 714673
Re: Got 10 VestaCP servers exploited
Can we get more info, a hint to what module issue is related ? Can we be sure that is absolutely not related to RoundCube since I have servers on VestaCp which are sill operational. Vesta service is of course disabled.