Got 10 VestaCP servers exploited

[ipkpjersi]

New release with mass security fixes will in Monday or Tuesday
Now we are thinking about the roundcube

That's great to here there will be security fixes on Monday or Tuesday. Is this: https://github.com/serghey-rodin/vesta/issues/1558 included in the fixes?

edit: Yes, it is included! Nice work everyone.

[scristi]

The same problem today, I can´t access Vesta panel and some sites are down (error 500)... waiting the fixes...

[pipoy]

The same problem today, I can´t access Vesta panel and some sites are down (error 500)... waiting the fixes...

It seems that the attack is over but it doesn't mean your server is not crawling with viruses.

Read the first pages of this thread to remove the virus then your sites should be ok.

Upgrade afterwards or migrate to a new server

[ipkpjersi]

Not related

Hi imperio,

I am wondering, the newer version 0.9.8-21 was supposed to be released Monday or Tuesday and it is Tuesday now and I think it is not released: https://i.imgur.com/Z06oSRK.png

Are there still plans for releasing it today, or would it be later in the week like Wednesday or Thursday?

Thanks.

[mephivio]

the new release R21 is live
Please update your platform and test ....

[ipkpjersi]

the new release R21 is live
Please update your platform and test ....

Are you sure? It doesn't seem like R21 is live: https://i.imgur.com/NGPFvVL.png

edit: Oh, it says it is "updated" not "outdated" but I can still apply the updates.

[Falzo]

It worries me that no one knows for sure how the panel became exploited in the first place.

this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.

For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.

[Farrow]

It worries me that no one knows for sure how the panel became exploited in the first place.

this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.

For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.

Possible??? or certain???
If we are waiting for a "true patch" then I guess you would advise no one to use Vesta Panel because it's still a security risk correct?

[Falzo]

It worries me that no one knows for sure how the panel became exploited in the first place.

this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.

For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.

Possible??? or certain???
If we are waiting for a "true patch" then I guess you would advise no one to use Vesta Panel because it's still a security risk correct?

certain.

the v21 update is supposed to have now finally fixed that (amongst other things), but until yesterday probably a lot of installations were still vulnerable - regardless if the vesta service was up or not.

as I am no security expert like Patrick or others, I won't advise anything here. just saying that I (still) use Vesta a lot and I am grateful for it's existance. but I certainly don't like the way such security issues are handled. even if it's free software people rely on it being trustworthy which requires open and honest communication and not leaving hundreds or thousands of servers running vulnerable for more than a month ...