Got 10 VestaCP servers exploited

wildwolf · Post by **wildwolf** » Thu Apr 12, 2018 5:26 pm

dpeca wrote: ↑
Thu Apr 12, 2018 2:57 pm
https://roundcube.net/news/2018/04/11/s ... date-1.3.6

As far as I can tell, for that vulnerability to be exploited, you need to be logged into RoundCube.

Moreover, the traces will be visible in the web server access log, since command are injected into the query string.

lukapaunovic · Post by **lukapaunovic** » Thu Apr 12, 2018 6:37 pm

If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?

Post by **dpeca** » Thu Apr 12, 2018 6:57 pm

lukapaunovic wrote: ↑
Thu Apr 12, 2018 6:37 pm
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?

And CentOS already has Roundcube 1.3.6 in yum repo?

yoko eagle · Post by **yoko eagle** » Thu Apr 12, 2018 7:04 pm

dpeca wrote: ↑
Thu Apr 12, 2018 2:57 pm
https://roundcube.net/news/2018/04/11/s ... date-1.3.6

Hi,
Is this security fix for Roundcube already included in the latest vesta version?
Or do I have to install it separately?
Anyone guide me please.
Thanks!

Post by **imperio** » Thu Apr 12, 2018 7:05 pm

dpeca wrote: ↑
Thu Apr 12, 2018 6:57 pm

lukapaunovic wrote: ↑
Thu Apr 12, 2018 6:37 pm
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
And CentOS already has Roundcube 1.3.6 in yum repo?

Yes

kandalf · Post by **kandalf** » Thu Apr 12, 2018 8:14 pm

But the hack was done through Roundcube?
Did anyone already reproduced the hack?

lukapaunovic · Post by **lukapaunovic** » Thu Apr 12, 2018 8:29 pm

No & no

vishne0 · Post by **vishne0** » Fri Apr 13, 2018 7:06 am

Just to update you all I am running updated vesta on different port with all the other security settings on server since last 3 days and no Infection yet.

rlasmar · Post by **rlasmar** » Fri Apr 13, 2018 4:04 pm

I wasn't hacked.

I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.

At the moment of attack, I was using vesta Version 0.9.8-17.

homicide · Post by **homicide** » Fri Apr 13, 2018 5:55 pm

rlasmar wrote: ↑
Fri Apr 13, 2018 4:04 pm
I wasn't hacked.

I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.

At the moment of attack, I was using vesta Version 0.9.8-17.

I only have 2 dedicated servers, they are in different data centers. The one that got hacked had exim/dovecot/spam/clam enabled (every service was enabled). The one that did not get hacked did not have any of those services enabled. Coincidence?

As for ports, both had the panel on default 8083. As for Vesta software both were on 0.9.8-19. One difference was that hacked server was running Centos 7 while the server that was not hacked had Centos 6.9.

Vesta Control Panel - Forum

Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Login • Register