We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
100% not true, because, if something ''inside'' is ''calling'', then all datacenters will be hacked - in Europe you have very big datacenters that is completly UNTOUCHED by this hack.
Why?
Because only OVH is scanned - keyword is SCANNED - because hacker is scanning IP rangs.
Otherwise, in case that something is ''calling from inside'', then all datacenters in Europe will be also 'burned' - which is not happening.
Re: All VestaCP installations being attacked
Do you think that disabling vesta service + disabling the access to the default vesta port can prevent the hacking?
Re: All VestaCP installations being attacked
So the vulnerability is in the web interface?
I protected vesta, roundcube and phpmyadmin with HTTP Basic Auth... that should be enough.
I protected vesta, roundcube and phpmyadmin with HTTP Basic Auth... that should be enough.
Re: All VestaCP installations being attacked
Not even sure it's related to Vesta.
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
Re: All VestaCP installations being attacked
I don't think it's because of this issue, as it first needs the access data of an unprivileged user (One of my servers which was hacked had only the admin user).dpeca wrote: ↑Wed Sep 26, 2018 11:04 amNot even sure it's related to Vesta.
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
Re: All VestaCP installations being attacked
I'm not saying it's related to kernel issue, just that I'm not 100% sure it's related to Vesta...
-
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: All VestaCP installations being attacked
I think he is talking about the reverse shell.dpeca wrote: ↑Wed Sep 26, 2018 10:21 am100% not true, because, if something ''inside'' is ''calling'', then all datacenters will be hacked - in Europe you have very big datacenters that is completly UNTOUCHED by this hack.
Why?
Because only OVH is scanned - keyword is SCANNED - because hacker is scanning IP rangs.
Otherwise, in case that something is ''calling from inside'', then all datacenters in Europe will be also 'burned' - which is not happening.
http://pentestmonkey.net/cheat-sheet/sh ... heat-sheet
Re: All VestaCP installations being attacked
The same arguments are still here - why EU datracenters is untouched then....
-
- Posts: 1
- Joined: Wed Sep 26, 2018 12:35 pm
- Os: CentOS 5x
- Web: apache + nginx
Re: All VestaCP installations being attacked
I've been on and off the phone with OVH for the last 24 hours. I was able to get into a rescue ssh mode of my server, but they will not restore the server back to normal (even with removing everything to do with Vesta. Does anyone know if this is anything to do with the same thing last April? I am being told not to reinstall Vesta at all until I know for sure that everything is fixed. Doesn't seem like anyone from Vesta has mentioned anything yet? I guess i'll follow this thread for more.