We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 73 matches
- Mon Apr 09, 2018 5:32 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
wildwolf wrote: ↑Mon Apr 09, 2018 5:31 pmIt is safe now, but was it safe several days ago?lukapaunovic wrote: ↑Mon Apr 09, 2018 5:22 pmAS of speculation in regards to REPO, vesta staff has CHECKED the repo and repo is SAFE.
YES, that's exactly what they checked ... LOL
- Mon Apr 09, 2018 5:22 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
Stop speculating about Roundcube being the issue . That can't be true . If it was, many panels using it would be exploited too. Besides, all installations which were hacked were running latest roundcube version. Those people stating like: I had blah blah number of installations blah blah without an...
- Mon Apr 09, 2018 4:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
Stop speculating about Roundcube being the issue . That can't be true . If it was, many panels using it would be exploited too. Besides, all installations which were hacked were running latest roundcube version. Those people stating like: I had blah blah number of installations blah blah without an...
- Sun Apr 08, 2018 10:50 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
After this the best thing to do is to get backups and reinstall server and restore it
It's hassle free and you'll keep peace of mind
It's hassle free and you'll keep peace of mind
- Sun Apr 08, 2018 10:23 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
If login & api work fine it should be ok.
Another pair of eyes will check soon. But everything seems fine.
Another pair of eyes will check soon. But everything seems fine.
- Sun Apr 08, 2018 10:10 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
The previous patch is practically useless hacker only can insert another pair of quotes and viola This way with hashed input before passing it anywhere is safest. You can test it on your test servers if u have any. You can try logging with multiples users using multiple hashing types. Code looks fin...
- Sun Apr 08, 2018 10:02 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
Its on GitHub https://github.com/serghey-rodin/vesta/commit/eaf9d89096b11daa97f8da507eb369e359cda7dd It will be on main servers soon To update now from GitHub: cd $(mktemp -d) git clone git://github.com/serghey-rodin/vesta.git yes | /usr/bin/cp -rf vesta/* /usr/local/vesta service vesta restart inst...
- Sun Apr 08, 2018 9:25 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
As soon fix is ready on GitHub it will be pushed to main servers. Serghey is still working on it.
- Sun Apr 08, 2018 8:57 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850
Re: Got 10 VestaCP servers exploited
Serghey is going to hash POST password variable (because it's being passed to verify script, instead of plain/escaped string) that is the best way.
- Sun Apr 08, 2018 2:13 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 705850