All VestaCP installations being attacked Topic is solved

[albertus]

Hello

Same here. I got 10 servers hacked.
All servers were attacking 144.0.2.180 (China). Last time VestaCP was hit by a zero day it was also discovered thanks to that attack. Too similar.

I'm done with VestaCP. Can't trust it anymore.

Good luck guys

[ctrlpac]

That's seems a CRITICAL issue. I need to identify that.

Please @vestacp team, if you need any help, don't hesitate to contact me!

[albertus]

Don't worry pal. VestaCP developers will take care of it, give them a month.

[ctrlpac]

Don't worry pal. VestaCP developers will take care of it, give them a month.

A month? :x

[slaapkopamy]

I have the same problem,

mine ip address is blocked by ovh during the ddos attack.. :(

So @vestea team please fix the issue right away. and maybe a idea in the firewall to a option all traffic to china disable

[albertus]

Don't worry pal. VestaCP developers will take care of it, give them a month.

A month? :x

How long it took them last time?

[realjumy]

If a developer wants to know more, I still have access to two of the infected servers.

Hello,
if you can provide access to those servers, please do it via [email protected]

I just sent you an email.

[slaapkopamy]

A month? :x

How long it took them last time?

I do not know.. Really it's strange and weird. Why hasn't VestaCP got a security team or at least a member who knows about security?

why is it even possible to sent a attack from our servers?

[trom]

What I can do right now
1) I reinstall vestaCP
2) Change root password

How block log in on vesta ?
Maybe some firewall rules ?

HELP PLEASE!

[realjumy]

What I can do right now
1) I reinstall vestaCP
2) Change root password

How block log in on vesta ?
Maybe some firewall rules ?

HELP PLEASE!

I don't think any of that will work. Just shut down the server temporarily until they find the source of the vulnerability.