Page 1 of 3
VERY IMPORTANT SERVER HACKED!!
Posted: Fri Jun 24, 2016 8:01 pm
by Sanity
vestacp panel has any bug , because someone has hacked my server. I could not enter the control panel vesta , and I had to change the password.
It must be a 0day hack
this is the log vestacp ( all this has made the person who has entered )
23 Jun 2016
09:32:25
changed password
21 Jun 2016
22:01:06
updated nameservers ns1.localhost.ltd ns2.localhost.ltd
21 Jun 2016
22:01:06
changed contact email to
[email protected]
21 Jun 2016
22:01:06
changed admin shell to bash
21 Jun 2016
22:01:06
changed password
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Fri Jun 24, 2016 10:05 pm
by stephenaxe
ok thats scarey my server was also hacked on the same day!! ive only just got it back up and running again properly
They also changed my email on the admin account to
[email protected]
Looks like there might be an issue on this
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Sat Jun 25, 2016 7:38 am
by Sanity
since I have hacked the server, do not complete the automated backups. creates the temporary file, but never ends.
I tried to do it manually /usr/local/vesta/bin/v-backup but not end.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Sat Jun 25, 2016 4:23 pm
by imperio
We know about this problem and working on it
New release with bug fixes will be on Monday
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Sat Jun 25, 2016 7:14 pm
by Sanity
the first thing I've done is change the port on the control panel. then add authentication to vesta panel, as a htaccess but ngnix.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Sun Jun 26, 2016 7:29 am
by mike08
Is there a vulnerability report for this issue that we can check and understand more about this issue?
So far I'm not too sure about what the exploit/bug is in this thread, could someone make it clear?
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 8:25 am
by mehargags
does this affect vesta CLI API or the Vesta Admin Web login.
I ask this because I ususally randomize my Vesta Login port for my servers, however I'm not sure if the CLI listener is listening to some different Default port over the web. I can block that in my firewall.
Thanks
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 9:00 am
by tjebbeke
@XoXiLhJ0mn I think
mehargags is talking about the
Vesta (CLI) API. Wich is accessible over the web. The web API is using the same Apache instance as the control panel if you change or block this port you also affect the API.
Vesta CP is rolling out an update, and I have take a quick look, and it seems that the security bug is fixed.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 9:56 am
by sseleraci
I have exactly the same problem.
Re: VERY IMPORTANT SERVER HACKED!!
Posted: Tue Jun 28, 2016 10:44 am
by m4th3us
Conf vesta (0.9.8-16 AORDEB:stable [amd64])
Conf vesta-nginx (0.9.8-16 AORDEB:stable [amd64])
Conf vesta-php (0.9.8-16 AORDEB:stable [amd64])
i'm running ubuntu 14.04, should i upgrade? i already changed vesta port and disable the service...