We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 21 matches
- Sun Apr 08, 2018 8:23 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
The best way to secure just about any web application is to use a firewall. White list the hosts that are necessary.
- Sun Apr 08, 2018 7:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
There might be an easier way to prevent attack and keep vesta running just by configuring http auth in /usr/local/vesta/nginx/conf/nginx.conf here is how it can be done https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ This in addition to a.... Firewa...
- Sun Apr 08, 2018 7:12 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
while only you could not see the api of vesta to be accessed (because all vesta access logging goes to /dev/null per default) What are you doing to your installs? All of my API access is logged to /usr/local/vesta/log/system.log. Also auth for API is logged to /usr/local/vesta/log/auth.log. If the ...
- Sun Apr 08, 2018 6:58 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
We just want logs and as much information as possible. that's what we all are here for, you're obviously just some hours behind ;-) and no worries, I perfectly understand, that you won't run off guesses from an internet board... sadly there are no logs to share - unless you get lucky and find someo...
- Sun Apr 08, 2018 6:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
https://www.virustotal.com/#/file/48343c96812d4513d7109cb2a2e74c2d983f04e9baf075a47b442fe08dbec825/detection This is for libudev.so, the infected version. We all know this and discussed it on the first pages of this topic. Also, many of us has given access to infected servers to developers, and the...
- Sun Apr 08, 2018 6:44 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...
- Sun Apr 08, 2018 6:37 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
https://www.virustotal.com/#/file/48343 ... /detection
This is for libudev.so, the infected version.
This is for libudev.so, the infected version.
- Sun Apr 08, 2018 6:35 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportun...
- Sun Apr 08, 2018 6:31 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
Bullshit they are not accepting they have vulnerabilities Sandy, I am sorry you feel that way. We are in no way associated with VestaCP. We use VestaCP as many others do. However, we are also interested in resolving this as VestaCP, in our eyes, is a wonderful control panel. Everything has vulnerab...
- Sun Apr 08, 2018 6:18 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 700128
Re: Got 10 VestaCP servers exploited
Alright, Another update. This issue seems to be with roundcube. We are not seeing any typical communications with VestaCPs admin interface that would indicate it was compromised. However, we are still investigating the issue. For those of you that have compromised systems. We would love an opportuni...