We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All VestaCP installations being attacked Topic is solved
-
- Posts: 2
- Joined: Tue Sep 25, 2018 7:32 pm
- Os: Ubuntu 15x
- Web: apache + nginx
Re: All VestaCP installations being attacked
Yes, login attempts are something that is happening nonstop...
Re: All VestaCP installations being attacked
I just published some random attempts. But I never had this many coming from the EU...
Re: All VestaCP installations being attacked
Hello,
Everyone running SSH on port 22? Did anyone here get hacked while having SSH firewalled by IP or running on a non-standard port?
Thank you
Everyone running SSH on port 22? Did anyone here get hacked while having SSH firewalled by IP or running on a non-standard port?
Thank you
Re: All VestaCP installations being attacked
He obviously entered via SSH because he deleted /var/log/secure and auth.log .
But mistery is HOW he got SSH.
But mistery is HOW he got SSH.
Re: All VestaCP installations being attacked
No, not that obvious to me, dpeca. There are things called "callback" that connect from the inside to the outside giving a shell. So, if people having SSH off got hacked I would look for something like that.
Re: All VestaCP installations being attacked
Was there any evidence of port scanning prior to the attack targeting the VestaCP port? There must have been port scanning if the ports were truly random (each server with a different random port).
-
- Posts: 3
- Joined: Tue Mar 20, 2018 3:43 pm
- Os: CentOS 5x
- Web: apache + nginx
Re: All VestaCP installations being attacked
My Vestacp (installed from 12/9/2018, Ubuntu 18.04) also was hacked.
I got an email from VPS provider they said my server was used for DDOS attack and Vesta CP was the cause of the issue.
I got an email from VPS provider they said my server was used for DDOS attack and Vesta CP was the cause of the issue.
Re: All VestaCP installations being attacked
All my servers were objective of port scanning since always. The matter is if they managed to enter that way.
Can anyone confirm that fail2ban works properly?
-
- Posts: 12
- Joined: Sun Sep 03, 2017 5:43 pm
- Contact:
- Os: Debian 7x
- Web: apache + nginx
Re: All VestaCP installations being attacked
to bad for me.. I turned fail2ban off weeks ago because of the much ram usage... I added a second ip address and now running via a extra firewall for filtering my network traffic, its now little bit safer to use i hoperealjumy wrote: ↑Wed Sep 26, 2018 9:30 amAll my servers were objective of port scanning since always. The matter is if they managed to enter that way.
Can anyone confirm that fail2ban works properly?