We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 45 matches
- Sun Sep 30, 2018 6:30 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 738199
Re: All VestaCP installations being attacked
Is this a loophole? Why not fix it? This is the latest installation package code. ------------------------- 8083/api/index.php $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); fclose($fp); $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);...
- Sun Sep 30, 2018 6:27 pm
- Forum: General Discussion
- Topic: 144.0.2.180 this IP is so strange.
- Replies: 1
- Views: 1656
Re: 144.0.2.180 this IP is so strange.
QQ group in China is an official group of VESTA. There is a ID in the group that is DDOS attack business.
Maybe I think about it.
Maybe I think about it.
- Sun Sep 30, 2018 6:24 pm
- Forum: General Discussion
- Topic: 144.0.2.180 this IP is so strange.
- Replies: 1
- Views: 1656
144.0.2.180 this IP is so strange.
The hijacked DDOS attack points to 144.0.2.180.
This is China's IP. It's a server supplier.
Is this a clue?
This is China's IP. It's a server supplier.
Is this a clue?
- Sun Sep 30, 2018 5:13 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 738199
Re: All VestaCP installations being attacked
There is nothing wrong with that code, just a secured way to check entered password. But anyway, if I must assume where is a hole, login code, reset password and api.php are most suspicious places to me... $ v_password value is '; v-add-fs-file ********; exec(VESTA_CMD。“v-check-user-password”。$ v_u...
- Sun Sep 30, 2018 4:29 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 738199
Re: All VestaCP installations being attacked
Is this a loophole? Why not fix it? This is the latest installation package code. ------------------------- 8083/api/index.php $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); fclose($fp); $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]); ...
- Sat Sep 29, 2018 6:20 pm
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 738199
Re: All VestaCP installations being attacked
The problem with all this is that if we start sharing too much info about our configurations we are making things easier to anyone willing to repeat a similar attack. Try to disclose as less as possible in public, and write in private to info@vestacp.com. They are the ones that can really fix it. H...
- Sat Sep 29, 2018 6:02 pm
- Forum: General Discussion
- Topic: Are you still interested in Vesta?
- Replies: 14
- Views: 12119
Re: Are you still interested in Vesta?
My 100 server was frozen yesterday!!!!!
If there is a community, I would like to join, Golang/PHP
If there is a community, I would like to join, Golang/PHP
- Sat Sep 29, 2018 4:23 pm
- Forum: General Discussion
- Topic: A large number of servers have been hijacked.
- Replies: 2
- Views: 2366
- Sat Sep 29, 2018 2:43 pm
- Forum: General Discussion
- Topic: A large number of servers have been hijacked.
- Replies: 2
- Views: 2366
A large number of servers have been hijacked.
Direction OUT Internal ***.***.***.** Threshold Packets 300.000 packets/s Sum 132.794.000 packets/300s (442.646 packets/s), 52.984 flows/300s (176 flows/s), 7,420 GByte/300s (202 MBit/s) External 144.0.2.180, 132.794.000 packets/300s (442.646 packets/s), 52.984 flows/300s (176 flows/s), 7,420 GByte/...
- Sat Sep 29, 2018 5:51 am
- Forum: General Discussion
- Topic: All VestaCP installations being attacked
- Replies: 230
- Views: 738199
Re: All VestaCP installations being attacked
@realjumy can you try to edit you original post adding a poll asking the infected server? Maybe It's help to understand how many server was infected. Just a simple question on Number of server infected, and people select how many of their server was infected ;) The problem with all this is that if ...