All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
I didn't think of OVH datacenters in EU, because it looks like attacker scans all OVH datacenters, including EU datacenters.
I rather thought of EU companies that has EU datacenters... OVH competitors...
Because he obviously knows only OVH IP rangs...
Maybe IP rangs of Digitalocean and AWS too...
I rather thought of EU companies that has EU datacenters... OVH competitors...
Because he obviously knows only OVH IP rangs...
Maybe IP rangs of Digitalocean and AWS too...
Re: All VestaCP installations being attacked
Based on all the information, do you have any idea how to solve it?dpeca wrote: ↑Fri Sep 28, 2018 1:08 amI didn't think of OVH datacenters in EU, because it looks like attacker scans all OVH datacenters, including EU datacenters.
I rather thought of EU companies that has EU datacenters... OVH competitors...
Because he obviously knows only OVH IP rangs...
Maybe IP rangs of Digitalocean and AWS too...
I have 2 servers that have been locked back in the air for investigation.
I can share one with you via private message.
Re: All VestaCP installations being attacked
Generally, Serghey and Anton do investigations, you can send SSH logins to [email protected]
My rang is 'Collaborator', I'm personally not sure if it means that I'm core developer, even I have permission to push commits directly to official github.
Serghey and Anton probably reviewed a lot machines in last few days, maybe they are busy with doing it.
Let it be your decision if you want to send me login for investigation.
You can send it to [email protected], they will forward it to me if they are busy with other investigations.
Or you can send it to me anyway, I will share with them if they want to investigate too.
You decide, since I'm only 'Collaborator', and since you will share probably sensitive data from server in that case.
Keep in mind that I can do that for 9 hours until now.
(it's 3:48 AM night at my country, it's really late... i must sleep :)
Re: All VestaCP installations being attacked
May I add that also my vestacp is being attacked for a few days now, i don't have user pwd for room, just ssh and it seems it is working well for protection but i see all the time exim4 is down and I can't access e-mails nor a few domains, latest one is, I made a nextcloud site and I can't access it at all from nextcloud clients but only from web interface
-
- Posts: 1
- Joined: Fri Sep 28, 2018 12:39 pm
- Os: CentOS 6x
- Web: apache + nginx
Re: All VestaCP installations being attacked
hello,
Has anyone been able to detect the vulnerability?
From the updates, it seems like an exploit without login.
Has anyone been able to detect the vulnerability?
From the updates, it seems like an exploit without login.
-
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: All VestaCP installations being attacked
We are at DEFCON 1
Re: All VestaCP installations being attacked
I have more than 100 servers that are attacked by VESTA, which is a large number of SSHD attacks.
The server without VESTA is not attacked.
The server without VESTA is not attacked.
Re: All VestaCP installations being attacked
I have more than 100 servers that are attacked by VESTA, which is a large number of SSHD attacks.
The server without VESTA is not attacked.
The server without VESTA is not attacked.
Re: All VestaCP installations being attacked
I have 5 servers with OVH in multiple locations. none of them affected.
What i do is I use my own VestaCP Improved installer (CentOS only)
For those of you with other OS you can read what steps I do to hardening VestaCP here:
=> https://github.com/erikdemarco/VestaCP-Improved
Lastly I never never never ever use vestacp default installation without any additional hardening steps.
What i do is I use my own VestaCP Improved installer (CentOS only)
For those of you with other OS you can read what steps I do to hardening VestaCP here:
=> https://github.com/erikdemarco/VestaCP-Improved
Lastly I never never never ever use vestacp default installation without any additional hardening steps.