Got 10 VestaCP servers exploited

[imperio]

Who said that we are resting?

[StudioMaX]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

Because there are no any information that would tell the cause of the infection of the servers, I tried to find it myself. In existing logs, there are no other authorizations, no suspicious requests to nginx and apache.

[AKr0nizz]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

I dont think that they are resting. Just there is no official information. And people do not want to destribute unproved facts.

[zer0890]

Who want provide access to hacked server?
Please, send access via [email protected]

I am sending too

[sandy]

Who said that we are resting?

you don't know how much losses we're facing, even you don't care about security this types of attacks/exploits are from long time under vesta cp you better know

[sandy]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

I dont think that they are resting. Just there is no official information. And people do not want to destribute unproved facts.

thats the fact of vestacp developers they are careless, don't take me wrong i'm suffering from losses. You and we don't want this types of inconvenience in future.

[Prime]

thats the fact of vestacp developers they are careless, don't take me wrong i'm suffering from losses

I think you're being arrogant as you're not paying a cent for VestaCP. If it's business critical, the fault is yours for not paying for a service level agreement and using a freeware solution in the first place.

[imperio]

sandy, stop blaming us. In the next time I'll give you a warning.

[yigits]

My two VestaCp installed server is suspended due to attack of the other networks.
I checked one of them and I found gcc.sh in /etc/cron.hourly. It is created on 4 April 2018.
Info: After installation I changed VestaCp port to another port.

[sandy]

thats the fact of vestacp developers they are careless, don't take me wrong i'm suffering from losses

I think you're being arrogant as you're not paying a cent for VestaCP. If it's business critical, the fault is yours for not paying for a service level agreement and using a freeware solution in the first place.

you meant not to use the freewares ?