We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Possibly infected passwd file?
Possibly infected passwd file?
Can someone please post an ORIGINAL /etc/passwd file that VestaCP installer sets up? After this recent infection, I'm seeing some new users that look suspicious. Thanks!
Here's what my file looks like. Anything look suspicious??? I've obfuscated known users.
Here's what my file looks like. Anything look suspicious??? I've obfuscated known users.
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Possibly infected passwd file?
You can do fresh install yourself and then compare the files.
I think no one will post their password file here.
Re: Possibly infected passwd file?
Okay, FYI, anybody else noticed RSYSLOG being installed or is this part of VestaCP?
I went ahead and disabled it using these instructions. Not sure if this is a third party service that uses this or if the trojan was sending syslog data to a remote server....
I went ahead and disabled it using these instructions. Not sure if this is a third party service that uses this or if the trojan was sending syslog data to a remote server....
Re: Possibly infected passwd file?
Why you think is infected ?
If you have all in false or no-login shell no access from ssh can be made from that users
If you have all in false or no-login shell no access from ssh can be made from that users