We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Search found 90 matches
- Sun Apr 08, 2018 12:38 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
you can monitor suspicious process running via this command, this processes can be found usually at the end/bottom :lukapaunovic wrote: ↑Sun Apr 08, 2018 12:34 pmDoes anyone have any idea what I can perform on this hacked server to find attack source I tried everything I can't pinpoint it
Code: Select all
top -c
- Sun Apr 08, 2018 12:32 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
I'm cheering it's not roundcube cuz another server didn't got hacked again with disabled Vesta. I'm still keeping this hacked server mounted in rescue until sergehey is back. I truly hope he will be back my client is insisting on puting sites back up Mine isn't hacked either and I've been running V...
- Sun Apr 08, 2018 12:27 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
Then I think we can eliminate the theory that Roundcube is the fault here. Then why "/tmp/update" was launched from the working directory of Roundcube? [root@mail /]# lsof -p 985 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME update 985 root cwd DIR 182,178001 4096 786628 /usr/share/roundcubema...
- Sun Apr 08, 2018 12:25 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
I'm cheering it's not roundcube cuz another server didn't got hacked again with disabled Vesta. I'm still keeping this hacked server mounted in rescue until sergehey is back. I truly hope he will be back my client is insisting on puting sites back up Mine isn't hacked either and I've been running V...
- Sun Apr 08, 2018 12:24 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
One of my VPS at OVH got exploit this morning. I did reinstall the os and restored all accounts from my remote backup. I'm now monitoring any change in /etc with inotify. From the information I read here, it seems like all created executables have to be done with root access. The exploit has to be ...
- Sun Apr 08, 2018 12:08 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
don't aim roundcube as the exploit i don't have roundcube on my servers even phpmyadmin, i disabled them and deleted it still got hacked.
- Sun Apr 08, 2018 12:05 pm
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
Hi i just send access to readonly ftp to info@vestacp.com My serves is on OVH and its in rescue64-ftp mode. Haven't contacted them yes. Has anyone been able to reactivate the server on OVH ? I am still waiting to get to bottom of the issue so when I contact them to know the exact details of the iss...
- Sun Apr 08, 2018 11:58 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
no, but server hangs because of outbound ddoslukapaunovic wrote: ↑Sun Apr 08, 2018 11:56 amwas the vesta service stopped when new server got breached?
- Sun Apr 08, 2018 11:28 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
sorry i'm not from vesta, from else wherelukapaunovic wrote: ↑Sun Apr 08, 2018 11:25 amsandy can you check [email protected]
i'm waiting for more than 20 minutes.
I sent you access to hacked server.
serghey is not online so he can't look into it.
can anyone from vesta look into it. the disk is mounted it's in rescue mode.
- Sun Apr 08, 2018 11:21 am
- Forum: General Discussion
- Topic: Got 10 VestaCP servers exploited
- Replies: 548
- Views: 712376
Re: Got 10 VestaCP servers exploited
More likely its problem with RoundCube. 23 hours ago critical exploit for it was published Please, write more about that https://github.com/roundcube/roundcubemail/issues/6238 exploit resulting : (will return a File not Found template, nonetheless code'll be executed). again not related with curren...