We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Got 10 VestaCP servers exploited
Re: Got 10 VestaCP servers exploited
That's great to here there will be security fixes on Monday or Tuesday. Is this: https://github.com/serghey-rodin/vesta/issues/1558 included in the fixes?
edit: Yes, it is included! Nice work everyone.
Last edited by ipkpjersi on Mon May 14, 2018 1:33 pm, edited 1 time in total.
Re: Got 10 VestaCP servers exploited
The same problem today, I can´t access Vesta panel and some sites are down (error 500)... waiting the fixes...
Re: Got 10 VestaCP servers exploited
It seems that the attack is over but it doesn't mean your server is not crawling with viruses.
Read the first pages of this thread to remove the virus then your sites should be ok.
Upgrade afterwards or migrate to a new server
Re: Got 10 VestaCP servers exploited
Hi imperio,
I am wondering, the newer version 0.9.8-21 was supposed to be released Monday or Tuesday and it is Tuesday now and I think it is not released: https://i.imgur.com/Z06oSRK.png
Are there still plans for releasing it today, or would it be later in the week like Wednesday or Thursday?
Thanks.
Re: Got 10 VestaCP servers exploited
the new release R21 is live
Please update your platform and test ....
Please update your platform and test ....
Re: Got 10 VestaCP servers exploited
Are you sure? It doesn't seem like R21 is live: https://i.imgur.com/NGPFvVL.png
edit: Oh, it says it is "updated" not "outdated" but I can still apply the updates.
Re: Got 10 VestaCP servers exploited
this sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.
For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.
Re: Got 10 VestaCP servers exploited
Possible??? or certain???Falzo wrote: ↑Fri May 18, 2018 6:50 pmthis sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.
For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.
If we are waiting for a "true patch" then I guess you would advise no one to use Vesta Panel because it's still a security risk correct?
Re: Got 10 VestaCP servers exploited
certain.Farrow wrote: ↑Fri May 18, 2018 8:11 pmPossible??? or certain???Falzo wrote: ↑Fri May 18, 2018 6:50 pmthis sadly is not true. some are well aware of how that was possible and what has been the initial vector at least, but were waiting for Serghey to release a true patch and make an official announcement.
sadly those informations have never been released to the public.
as far as I can tell, in the end the vesta-nginx and closing the port 8083 got nothing to do with it _and_ would most likely not even have protected against a second attack.
For the moment I'll leave it to Serghey to man up and tell the full story, now that the automatic vesta update should have run through and done it's work.
If we are waiting for a "true patch" then I guess you would advise no one to use Vesta Panel because it's still a security risk correct?
the v21 update is supposed to have now finally fixed that (amongst other things), but until yesterday probably a lot of installations were still vulnerable - regardless if the vesta service was up or not.
as I am no security expert like Patrick or others, I won't advise anything here. just saying that I (still) use Vesta a lot and I am grateful for it's existance. but I certainly don't like the way such security issues are handled. even if it's free software people rely on it being trustworthy which requires open and honest communication and not leaving hundreds or thousands of servers running vulnerable for more than a month ...