We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 60 matches
- Tue Apr 10, 2018 10:56 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
https://forum.vestacp.com/viewtopic.php?f=25&p=69296#p69296 Any chance of a proper statement being released on how this patch fixes the vulnerability? Were any specific (confirmed) details collected on the attack vector? All I really saw was a lot of speculation on what the problem COULD be, and a ...
- Mon Apr 09, 2018 12:46 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
blocking the port wont help you, i got hacked with closed port. how certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs? so far you are the only one to be hac...
- Mon Apr 09, 2018 12:37 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
blocking the port wont help you, i got hacked with closed port. how certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs? so far you are the only one to be hac...
- Sun Apr 08, 2018 8:13 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
Theoretically, at least. It's not going to log the contents of a POST request by any application's default. sadly that's very true. so even with being able to see that vesta or it's api was accessed via the nginx there would not have been any POST data anyway. it would only have helped to narrow it...
- Sun Apr 08, 2018 7:14 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
while only you could not see the api of vesta to be accessed (because all vesta access logging goes to /dev/null per default) What are you doing to your installs? All of my API access is logged to /var/log/vesta/system.log. Also auth for API is logged to /usr/local/vesta/log/auth.log. if it is call...
- Sun Apr 08, 2018 6:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
We just want logs and as much information as possible. that's what we all are here for, you're obviously just some hours behind ;-) and no worries, I perfectly understand, that you won't run off guesses from an internet board... sadly there are no logs to share - unless you get lucky and find someo...
- Sun Apr 08, 2018 6:37 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...
- Sun Apr 08, 2018 1:16 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
A bit more info: My /etc/cron.hourly/gcc.sh file was modified on 04.04.2018 16:25:00 I've analyzed the modified /var/lib/mysql/roundcube/session.ibd file, which was modified at the same time on 04.04.2018 16:24:56 In SQL dump of this "session" table from "roundcube" database I found new session at ...
- Sun Apr 08, 2018 12:47 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712748
Re: Got 10 VestaCP servers exploited
@lukapaunovic I also strongly doubt that roundcube is involved here. if the attacker/bot checked the website he might have automatically tried the roundcube url and therefore an entry in the session table of the rc db has been made. I did not find anything in the usual webserver logfiles that gave r...
- Wed Sep 20, 2017 2:56 pm
- Forum: Debian/Ubuntu
- Topic: Debian 8 - Nginx + PHP7-FPM - Pool does not exist when adding new domain
- Replies: 7
- Views: 20745
Re: Debian 8 - Nginx + PHP7-FPM - Pool does not exist when adding new domain
Hi, as I can't find what exact place you need to put the proposed change php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d /) if [ -z "$php_fpm" ]; then service $WEB_BACKEND restart >/dev/null 2>&1 else service $php_fpm restart >/dev/null 2>&1 fi i̶t̶ ̶i̶s̶ ̶i̶n̶ ̶/̶u̶s̶r̶/̶l̶o̶c̶a̶l̶/̶v̶...