We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Got 10 VestaCP servers exploited
Re: Got 10 VestaCP servers exploited
As far as I can tell, for that vulnerability to be exploited, you need to be logged into RoundCube.
Moreover, the traces will be visible in the web server access log, since command are injected into the query string.
-
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: Got 10 VestaCP servers exploited
If archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
Re: Got 10 VestaCP servers exploited
And CentOS already has Roundcube 1.3.6 in yum repo?lukapaunovic wrote: ↑Thu Apr 12, 2018 6:37 pmIf archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Got 10 VestaCP servers exploited
Hi,
Is this security fix for Roundcube already included in the latest vesta version?
Or do I have to install it separately?
Anyone guide me please.
Thanks!
Re: Got 10 VestaCP servers exploited
Yesdpeca wrote: ↑Thu Apr 12, 2018 6:57 pmAnd CentOS already has Roundcube 1.3.6 in yum repo?lukapaunovic wrote: ↑Thu Apr 12, 2018 6:37 pmIf archive vulnerability has been fixed and roundcube is being updated from the repo then there's no sense in disabling it now, right?
Re: Got 10 VestaCP servers exploited
But the hack was done through Roundcube?
Did anyone already reproduced the hack?
Did anyone already reproduced the hack?
-
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: Got 10 VestaCP servers exploited
Just to update you all I am running updated vesta on different port with all the other security settings on server since last 3 days and no Infection yet.
Re: Got 10 VestaCP servers exploited
I wasn't hacked.
I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.
At the moment of attack, I was using vesta Version 0.9.8-17.
I have the vestacp installed 1 year on digitalocean, and I dind't installed mail (exim,dovecot,spamassim,clamav). Maybe the reason that I am not hacked.
At the moment of attack, I was using vesta Version 0.9.8-17.
Re: Got 10 VestaCP servers exploited
I only have 2 dedicated servers, they are in different data centers. The one that got hacked had exim/dovecot/spam/clam enabled (every service was enabled). The one that did not get hacked did not have any of those services enabled. Coincidence?
As for ports, both had the panel on default 8083. As for Vesta software both were on 0.9.8-19. One difference was that hacked server was running Centos 7 while the server that was not hacked had Centos 6.9.