Vesta Control Panel - Forum

Posted: **Mon Apr 09, 2018 8:40 pm**

Trentor wrote: ↑
Mon Apr 09, 2018 8:35 pm

Galaxian wrote: ↑
Mon Apr 09, 2018 8:32 pm
And I understand that this is open source and security vulnerabilities will always come about, but damn...
Does not the prop soft have security problems?

Of course. However, I hope that you see my point.

Just because my server had VestaCP running on it, it was indiscriminately blocked on the network from making outgoing requests, as well as having the 8083 port blocked. I don't mind the port blocking, but the outgoing requests block broke my apps. Worst part is, I'm not one of the compromised ones - I could certainly understand in that case.

Posted: **Mon Apr 09, 2018 8:43 pm**

Galaxian wrote: ↑
Mon Apr 09, 2018 8:40 pm

Trentor wrote: ↑
Mon Apr 09, 2018 8:35 pm

Galaxian wrote: ↑
Mon Apr 09, 2018 8:32 pm
And I understand that this is open source and security vulnerabilities will always come about, but damn...
Does not the prop soft have security problems?
Of course. However, I hope that you see my point.

Just because my server had VestaCP running on it, it was indiscriminately blocked on the network from making outgoing requests, as well as having the 8083 port blocked. I don't mind the port blocking, but the outgoing requests block broke my apps. Worst part is, I'm not one of the compromised ones - I could certainly understand in that case.

Completely agree, really bad decision by DO.

Posted: **Mon Apr 09, 2018 8:56 pm**

Galaxian, may I suggest you another cheap VPS hosting?
My server was hacked, while removing a virus something crashed and I can not login any more. The support answers "they are doing something, just wait" and it's a 24 hours passed already. All this time my server still DDOS'ing somebody and nobody cares haha

Posted: **Mon Apr 09, 2018 9:02 pm**

BartMan__X wrote: ↑
Mon Apr 09, 2018 8:07 pm
i didnt have any problems untill i ran the update this morning .. a few min. ago i got an email from my VPS host (OVH) that my VPS has been suspended.

From: OVH Support
Dear Customer,

Abnormal activity has been detected on your VPS vps177337.vps.ovh.ca.

As this constitutes a breach of contract, your virtual server
has been blocked.

You will find the logs brought up by our system below, which led to this alert.

- START OF ADDITIONAL INFORMATION -

Attack detail : 10Kpps/71Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason
2018.04.09 19:34:51 CEST MY_VPS_IP:1813 59.56.66.67:8811 TCP SYN 2048 1828864 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:43509 59.56.66.67:8811 TCP SYN 2048 1820672 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:57337 59.56.66.67:8811 TCP SYN 2048 1894400 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:57087 59.56.66.67:8811 TCP SYN 2048 1839104 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:51152 59.56.66.67:8811 TCP SYN 2048 1824768 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:28409 59.56.66.67:8811 TCP SYN 2048 1900544 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:60568 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:38289 59.56.66.67:8811 TCP SYN 2048 1902592 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:25782 59.56.66.67:8811 TCP SYN 2048 1867776 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:28951 59.56.66.67:8811 TCP SYN 2048 1873920 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:5011 59.56.66.67:8811 TCP SYN 2048 1865728 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:2420 59.56.66.67:8811 TCP SYN 2048 1828864 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:19935 59.56.66.67:8811 TCP SYN 2048 1910784 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:56914 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:55014 59.56.66.67:8811 TCP SYN 2048 1884160 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:17569 59.56.66.67:8811 TCP SYN 2048 1896448 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:64671 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:17837 59.56.66.67:8811 TCP SYN 2048 1837056 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:60514 59.56.66.67:8811 TCP SYN 2048 1875968 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:9150 59.56.66.67:8811 TCP SYN 2048 1845248 ATTACK:TCP_SYN

- END OF ADDITIONAL INFORMATION -

OVH Customer Support.

OVH Support
Call us at: 1-855-OVH-LINE (684-5463)
24/7/365
[ref=1.661c9fff]

That's quite concerning.

Did you have port 8083 opened after upgrade? Did you have the vesta service up after the upgrade?

Posted: **Mon Apr 09, 2018 9:14 pm**

Everybody who just installed or updated the panel, please check any command via terminal like
v-change-domain-owner or v-change-sys-hostname without parameters, it outputs an error like

/func/main.sh: No such file or directory

P.S. Deb 8

Posted: **Mon Apr 09, 2018 9:52 pm**

DigitalOcean just refused to unblock my outgoing traffic, even though I remain unaffected by the security vulnerability.

Hello and thank you for contacting DigitalOcean!

I'm sorry to hear you've been seeing this issue. We don't have any ETA at the moment as VestaCP hasn't solved the issue fully on their end. We closed port 8083 by default at this time due to a vulnerability with VestaCP. You can read more about that here:

https://do.co/vesta-vuln

I would recommend setting your Droplet to use a different port for VestaCP. Here’s an explainer on how to do that:

https://www.lowendguide.com/3/security/ ... ce-part-2/

You may also want to look into below link for update from VestaCP to have your Droplet patched:

viewtopic.php?f=10&t=16556&start=260#p68893

Please let us know if you have any other questions or if there's anything we can do to help.

They totally ignored the initial message where I told them I'd already changed port. I am also unable to update Vesta because of the outbound traffic block.

Posted: **Mon Apr 09, 2018 10:09 pm**

Tired to update on debian 9

Code: Select all

 
 v-update-sys-vesta-all
Error: vesta update failed
Error: vesta-nginx update failed
Error: vesta-php update failed
Error: vesta-ioncube update failed
Error: vesta-softaculous update failed

Posted: **Mon Apr 09, 2018 10:15 pm**

Code: Select all

apt-get update

Code: Select all

v-update-sys-vesta-all

Posted: **Mon Apr 09, 2018 10:22 pm**

I managed to sort my problem. However, when I updated VestaCP through the web interface, it jumped to 'bad gateway' and now refuses to connect. Anyone know of this problem?

Edit: Simply restarting the vesta service worked. Vesta-nginx was not running for some reason.

Posted: **Mon Apr 09, 2018 11:40 pm**

Andei wrote: ↑
Mon Apr 09, 2018 9:02 pm

BartMan__X wrote: ↑
Mon Apr 09, 2018 8:07 pm
i didnt have any problems untill i ran the update this morning .. a few min. ago i got an email from my VPS host (OVH) that my VPS has been suspended.

From: OVH Support
Dear Customer,

Abnormal activity has been detected on your VPS .

As this constitutes a breach of contract, your virtual server
has been blocked.

You will find the logs brought up by our system below, which led to this alert.

- START OF ADDITIONAL INFORMATION -

Attack detail : 10Kpps/71Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason
2018.04.09 19:34:51 CEST MY_VPS_IP:1813 59.56.66.67:8811 TCP SYN 2048 1828864 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:43509 59.56.66.67:8811 TCP SYN 2048 1820672 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:57337 59.56.66.67:8811 TCP SYN 2048 1894400 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:57087 59.56.66.67:8811 TCP SYN 2048 1839104 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:51152 59.56.66.67:8811 TCP SYN 2048 1824768 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:28409 59.56.66.67:8811 TCP SYN 2048 1900544 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:60568 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:38289 59.56.66.67:8811 TCP SYN 2048 1902592 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:25782 59.56.66.67:8811 TCP SYN 2048 1867776 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:28951 59.56.66.67:8811 TCP SYN 2048 1873920 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:5011 59.56.66.67:8811 TCP SYN 2048 1865728 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:2420 59.56.66.67:8811 TCP SYN 2048 1828864 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:19935 59.56.66.67:8811 TCP SYN 2048 1910784 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:56914 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:55014 59.56.66.67:8811 TCP SYN 2048 1884160 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:17569 59.56.66.67:8811 TCP SYN 2048 1896448 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:64671 59.56.66.67:8811 TCP SYN 2048 1892352 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:17837 59.56.66.67:8811 TCP SYN 2048 1837056 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:60514 59.56.66.67:8811 TCP SYN 2048 1875968 ATTACK:TCP_SYN
2018.04.09 19:34:51 CEST MY_VPS_IP:9150 59.56.66.67:8811 TCP SYN 2048 1845248 ATTACK:TCP_SYN

- END OF ADDITIONAL INFORMATION -

OVH Customer Support.

OVH Support
Call us at: 1-855-OVH-LINE (684-5463)
24/7/365
[ref=1.661c9fff]
That's quite concerning.

Did you have port 8083 opened after upgrade? Did you have the vesta service up after the upgrade?

nope changed port 8083 to 6073

Vesta Control Panel - Forum

Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited

Re: Got 10 VestaCP servers exploited