VERY IMPORTANT SERVER HACKED!!
VERY IMPORTANT SERVER HACKED!!
vestacp panel has any bug , because someone has hacked my server. I could not enter the control panel vesta , and I had to change the password.
It must be a 0day hack
this is the log vestacp ( all this has made the person who has entered )
23 Jun 2016
09:32:25
changed password
21 Jun 2016
22:01:06
updated nameservers ns1.localhost.ltd ns2.localhost.ltd
21 Jun 2016
22:01:06
changed contact email to [email protected]
21 Jun 2016
22:01:06
changed admin shell to bash
21 Jun 2016
22:01:06
changed password
It must be a 0day hack
this is the log vestacp ( all this has made the person who has entered )
23 Jun 2016
09:32:25
changed password
21 Jun 2016
22:01:06
updated nameservers ns1.localhost.ltd ns2.localhost.ltd
21 Jun 2016
22:01:06
changed contact email to [email protected]
21 Jun 2016
22:01:06
changed admin shell to bash
21 Jun 2016
22:01:06
changed password
-
stephenaxe
- Posts: 3
- Joined: Tue Jun 21, 2016 2:15 pm
Re: VERY IMPORTANT SERVER HACKED!!
ok thats scarey my server was also hacked on the same day!! ive only just got it back up and running again properly
They also changed my email on the admin account to [email protected]
Looks like there might be an issue on this
They also changed my email on the admin account to [email protected]
Looks like there might be an issue on this
Re: VERY IMPORTANT SERVER HACKED!!
since I have hacked the server, do not complete the automated backups. creates the temporary file, but never ends.
I tried to do it manually /usr/local/vesta/bin/v-backup but not end.
I tried to do it manually /usr/local/vesta/bin/v-backup but not end.
Re: VERY IMPORTANT SERVER HACKED!!
We know about this problem and working on it
New release with bug fixes will be on Monday
New release with bug fixes will be on Monday
Re: VERY IMPORTANT SERVER HACKED!!
the first thing I've done is change the port on the control panel. then add authentication to vesta panel, as a htaccess but ngnix.
Re: VERY IMPORTANT SERVER HACKED!!
Is there a vulnerability report for this issue that we can check and understand more about this issue?
So far I'm not too sure about what the exploit/bug is in this thread, could someone make it clear?
So far I'm not too sure about what the exploit/bug is in this thread, could someone make it clear?
-
mehargags
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: VERY IMPORTANT SERVER HACKED!!
does this affect vesta CLI API or the Vesta Admin Web login.
I ask this because I ususally randomize my Vesta Login port for my servers, however I'm not sure if the CLI listener is listening to some different Default port over the web. I can block that in my firewall.
Thanks
I ask this because I ususally randomize my Vesta Login port for my servers, however I'm not sure if the CLI listener is listening to some different Default port over the web. I can block that in my firewall.
Thanks
-
tjebbeke
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: VERY IMPORTANT SERVER HACKED!!
@XoXiLhJ0mn I think mehargags is talking about the Vesta (CLI) API. Wich is accessible over the web. The web API is using the same Apache instance as the control panel if you change or block this port you also affect the API.
Vesta CP is rolling out an update, and I have take a quick look, and it seems that the security bug is fixed.
Vesta CP is rolling out an update, and I have take a quick look, and it seems that the security bug is fixed.
Re: VERY IMPORTANT SERVER HACKED!!
I have exactly the same problem.
Re: VERY IMPORTANT SERVER HACKED!!
i'm running ubuntu 14.04, should i upgrade? i already changed vesta port and disable the service...Conf vesta (0.9.8-16 AORDEB:stable [amd64])
Conf vesta-nginx (0.9.8-16 AORDEB:stable [amd64])
Conf vesta-php (0.9.8-16 AORDEB:stable [amd64])