We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 47 matches
- Mon Apr 09, 2018 6:44 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
even after you clean the trojan, your system is still infected from what i see.
systemd (process 1) still creates supicious files under /tmp while all other directories are still clean.
but this is speculating now
systemd (process 1) still creates supicious files under /tmp while all other directories are still clean.
but this is speculating now
- Mon Apr 09, 2018 3:55 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
There are few things I want to know if someone can please reply 1) The hacked server were running ssh on port 22 ? 2) Allow root to login were on? The above two questions will sort few things. I will post my report once I will have answers. Also if anyone need any help to clean the server or migrat...
- Mon Apr 09, 2018 3:16 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
if the backdoor really is not shipped from the rep, it can be only a serious bug inside vestacp service, no matter which port you run and if its protected or not. and i cant figure out how that should be possible... until its clear and the update fully available, i still sugesst to stop your vesta m...
- Mon Apr 09, 2018 1:20 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
you can also check for infection by doing a netstat -natp and check for a high port number on your server going to some ip at port 25 (smtp) entry looks like this: your.server.com:39472->209.141.61.140:smtp (25) the command it sends when its idle is sleep 1 the 2nd ip is real by the way. i think its...
- Mon Apr 09, 2018 1:06 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
wait until the fixed their rep. its down casuse the virus was spread from over there False Alarm. Im using VestaCP for more than 4 years. I got the latest update via auto-update of vesta. Till now, i never seen any hacks on my server. Im keep checking/expecting the files inside my server on wheneve...
- Mon Apr 09, 2018 1:05 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
how certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs? so far you are the only one to be hacked with claiming to have had that port closed/whitelisted. no o...
- Mon Apr 09, 2018 12:39 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
blocking the port wont help you, i got hacked with closed port. how certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs? so far you are the only one to be hac...
- Mon Apr 09, 2018 12:37 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
I have just tried to make a new vesta server on Digital Ocean, Ubuntu 16 and got these errors during install. Hit:1 http://apt.vestacp.com/xenial xenial InRelease Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:3 https://repos.sonar.digitalocean.com/apt main InRelease Hit:4 ht...
- Mon Apr 09, 2018 12:34 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 717295
Re: Got 10 VestaCP servers exploited
How did you got hacked if the port was closed? With the port closed, there is not access to the Web UI. If that is true, the only way iam seeing it, is that Vesta repositories were hacked and people installed an exploited version of Vesta. When did you installed your VestaCP? yes thats how the hack...
- Mon Apr 09, 2018 12:32 pm
- Forum: General Discussion
- Topic: Two servers are hacked today via Vestacp
- Replies: 21
- Views: 28170
Re: Two servers are hacked today via Vestacp
i got hacked on debian 9 with blocked port 8083 -> only available to my ip via iptables (tested and working)
only fix until u can use the vestacp updater again is to stop the vesta service!
only fix until u can use the vestacp updater again is to stop the vesta service!