Page 54 of 55
Re: Got 10 VestaCP servers exploited
Posted: Tue May 08, 2018 4:15 pm
by Mark O Polo
It has been about a month since the 1st post regarding the exploited servers.
At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6).
I know that many users are running with the panel down until there is a general consensus that everything that can be reasonable done is complete.
Can we get a status regarding the dev teams findings and if there are other patches soon to be released?
As always, appreciate your work on the project and security hardening.
Re: Got 10 VestaCP servers exploited
Posted: Tue May 08, 2018 8:07 pm
by ScIT
+1!
Re: Got 10 VestaCP servers exploited
Posted: Tue May 08, 2018 8:46 pm
by DarthVader
+1
Re: Got 10 VestaCP servers exploited
Posted: Wed May 09, 2018 10:18 am
by RevengeFNF
Mark O Polo wrote: ↑Tue May 08, 2018 4:15 pm
It has been about a month since the 1st post regarding the exploited servers.
At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6).
I know that many users are running with the panel down until there is a general consensus that everything that can be reasonable done is complete.
Can we get a status regarding the dev teams findings and if there are other patches soon to be released?
As always, appreciate your work on the project and security hardening.
I would also like to have news about this.
Re: Got 10 VestaCP servers exploited
Posted: Wed May 09, 2018 11:05 am
by Farrow
I haven't used it since and won't until I'm sure it's been patched fully, It worries me that no one knows for sure how the panel became exploited in the first place. We have had little information on the progress of fixing the vulnerabilities that have been reported which I feel is very important. Vesta was a good little panel but the list of vulnerabilities makes it unusable for me.
Re: Got 10 VestaCP servers exploited
Posted: Wed May 09, 2018 5:03 pm
by kobo1d
yea. i have kept my panel shutted down too.
news are very welcome!
Re: Got 10 VestaCP servers exploited
Posted: Fri May 11, 2018 7:26 pm
by imperio
New release with mass security fixes will in Monday or Tuesday
Now we are thinking about the roundcube
Re: Got 10 VestaCP servers exploited
Posted: Sat May 12, 2018 2:04 pm
by sohail_sandy
albertus wrote: ↑Sat Apr 07, 2018 2:56 pm
Hello!
Today I was surprised to discover that 10 of our customers servers were being exploited (attacking a chinese IP). All these servers have nothing in common but the fact they all run VestaCP. None of my non-VestaCP servers were affected.
I would like to ask if anyone was also affected. Any chance there's a VestaCP vulnerability being exploited in the wild?
Thank you in advance
Kindly, Albertus
Yes. The server has just gone down. Nobody was able to login to my website and when I tried to log into vestacp dashboard, it also failed. After I SSH into the server, I found that there was no space left on the server. And after a couple of minutes, Digitalocean deactivated networking.
Right now my website is down.
Re: Got 10 VestaCP servers exploited
Posted: Sat May 12, 2018 9:42 pm
by paulokruz
I found this entrys in negix error log:
Code: Select all
2018/05/11 16:24:21 [error] 3422#0: *50 open() "/usr/local/vesta/web/sdk" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "POST /sdk HTTP/1.1", host: "my_domain_name.XXX:8$
2018/05/11 16:24:31 [error] 3422#0: *53 "/usr/local/vesta/web/profilemanager/index.php" is not found (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /profilemanager/ HTTP/1$
2018/05/11 16:25:16 [error] 3422#0: *135 open() "/usr/local/vesta/web/sdk" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "POST /sdk HTTP/1.1", host: "my_domain_name.XXX:$
2018/05/11 16:36:49 [error] 3422#0: *1918 open() "/usr/local/vesta/web/Portal/Portal.mwsl" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /Portal/Portal.mwsl?PriNav$
2018/05/11 16:50:30 [error] 3422#0: *6691 open() "/usr/local/vesta/web/db" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /db HTTP/1.1", host: "my_domain_name.XXX:80$
Seems calls from my domain url.
It's related to exploited ?
Re: Got 10 VestaCP servers exploited
Posted: Sun May 13, 2018 7:45 am
by imperio
Not related