We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 73 matches
- Thu Apr 12, 2018 8:29 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
- Thu Apr 12, 2018 6:37 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
- Wed Apr 11, 2018 2:31 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
It's on Digital Ocean, and I only have limited console access to it, is there a command line way to check or a file? Yes it's on a newly installed Ubuntu 16.04.4 OS Yes try this cat /usr/local/vesta/src/deb/vesta/control | grep Version Release 19 Version 0.9.8 but I did do the update after the inst...
- Wed Apr 11, 2018 2:13 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
I reinstalled on Sunday. New OS Installed Patch. Was Hacked last night. Going to rebuild server again, is there anything I you need before I delete it. Is it not fixed or did I miss something? Before u rebuild server check which version of vestacp are u using. as I see you are probably on ubuntu? I...
- Wed Apr 11, 2018 1:48 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
I reinstalled on Sunday. New OS Installed Patch. Was Hacked last night. Going to rebuild server again, is there anything I you need before I delete it. Is it not fixed or did I miss something? Before u rebuild server check which version of vestacp are u using. as I see you are probably on ubuntu?
- Wed Apr 11, 2018 1:23 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
I think we need mod_security on VestaCP Nginx
that way we could have prevented this.
100%
that way we could have prevented this.
100%
- Tue Apr 10, 2018 2:30 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
I agree with you. The fix was based on one user enabling log and reporting /API/ requests But he didn't enable post logging. And we never got post data. And the only flaw that could be the possible reason is patched even though many tried exploiting older version and didn't succeed. So noone knows w...
- Mon Apr 09, 2018 7:06 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
even after you clean the trojan, your system is still infected from what i see. systemd (process 1) still creates supicious files under /tmp while all other directories are still clean. but this is speculating now it's on new clean server, now it's inside /tmp: ls -l /tmp total 12 drwx------ 3 root...
- Mon Apr 09, 2018 6:45 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
also, the Password variable in API was written to /tmp and virus does appear to be in temp, it was resting for over a month until it activated systemd-private-bab3623b0b0a419abb1d8894d719d904-httpd.service-aceQDx systemd-private-bab3623b0b0a419abb1d8894d719d904-named.service-H1orys inside each was ...
- Mon Apr 09, 2018 6:09 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
also, the Password variable in API was written to /tmp and virus does appear to be in temp, it was resting for over a month until it activated systemd-private-bab3623b0b0a419abb1d8894d719d904-httpd.service-aceQDx systemd-private-bab3623b0b0a419abb1d8894d719d904-named.service-H1orys inside each was t...