We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
VERY IMPORTANT SERVER HACKED!!
Re: VERY IMPORTANT SERVER HACKED!!
will be as soon as possible ;-)mehargags wrote:@skurudo
I suggest you make a new post here at http://forum.vestacp.com/viewforum.php?f=25
Re: VERY IMPORTANT SERVER HACKED!!
Hmh, what is the purpose of this thread, is this some false alert or what? Is the new 0.9.8-16 version affected and has some security issue that is hacked or is the 0.9.8-15 version affected and the security hole is fixed in 0.9.8-16 so we should all upgrade ASAP? I do not understand from this thread what is going on and probably most users are asking the same question...
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: VERY IMPORTANT SERVER HACKED!!
In 0.9.8-15 is a security issue that is fixed in 0.9.8-16.Clouseau wrote:Hmh, what is the purpose of this thread, is this some false alert or what? Is the new 0.9.8-16 version affected and has some security issue that is hacked or is the 0.9.8-15 version affected and the security hole is fixed in 0.9.8-16 so we should all upgrade ASAP? I do not understand from this thread what is going on and probably most users are asking the same question...
Re: VERY IMPORTANT SERVER HACKED!!
Release note 0.9.8-16
viewtopic.php?f=25&t=11892
viewtopic.php?f=25&t=11892
Re: VERY IMPORTANT SERVER HACKED!!
This is a very serious issue at hand. While i do appreciate VestaCP and their team for the time and effort in building this control panel, after this vulnerability that effected supposedly many people, this creates some concern for people who may wish to use this at production level.
So, as a matter of fact, i think VestaCP should give a clear indication to general users about usage of this control panel, and clearly mark it as "Not suitable for production", as we've seen many security flaws over the last few years. This is to protect users who have no idea whats going on...
Maybe its time that VestaCP introduce some sort of bounty program, or even a simple way that people and security researchers can report vulnerabilities, and possibly get some kind of reward (of course, VestaCP is mainly used freely, so this is upto you).
Of course, no piece of software is going to be 100% secure - but i think VestaCP should do more in informing users and vulnerable users of this community with regards to security issues, not just in the form of a forum post. A simple suggestion would be a mailing list for general announcements/bugs/vulnerabilites?
So, as a matter of fact, i think VestaCP should give a clear indication to general users about usage of this control panel, and clearly mark it as "Not suitable for production", as we've seen many security flaws over the last few years. This is to protect users who have no idea whats going on...
Maybe its time that VestaCP introduce some sort of bounty program, or even a simple way that people and security researchers can report vulnerabilities, and possibly get some kind of reward (of course, VestaCP is mainly used freely, so this is upto you).
Of course, no piece of software is going to be 100% secure - but i think VestaCP should do more in informing users and vulnerable users of this community with regards to security issues, not just in the form of a forum post. A simple suggestion would be a mailing list for general announcements/bugs/vulnerabilites?
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: VERY IMPORTANT SERVER HACKED!!
Every software created in this world is full of bugs and Vulnerabilities. VestaCP is an excellent self management panel and it has to have its "maturity period" before it actually rolls for mass commercial production use. If you are reselling services, you should resort to cPanel and other commercially established software... your statements here are nothing more than unneccessary as all those points are well discussed in the forums. It'd be novice-ness of the users to start using VestaCP (or any other software) without doing proper research.patstan wrote:This is a very serious issue at hand. While i do appreciate VestaCP and their team for the time and effort in building this control panel, after this vulnerability that effected supposedly many people, this creates some concern for people who may wish to use this at production level.
So, as a matter of fact, i think VestaCP should give a clear indication to general users about usage of this control panel, and clearly mark it as "Not suitable for production", as we've seen many security flaws over the last few years. This is to protect users who have no idea whats going on...
Maybe its time that VestaCP introduce some sort of bounty program, or even a simple way that people and security researchers can report vulnerabilities, and possibly get some kind of reward (of course, VestaCP is mainly used freely, so this is upto you).
Of course, no piece of software is going to be 100% secure - but i think VestaCP should do more in informing users and vulnerable users of this community with regards to security issues, not just in the form of a forum post. A simple suggestion would be a mailing list for general announcements/bugs/vulnerabilites?