We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All VestaCP installations being attacked Topic is solved
All VestaCP installations being attacked
Hello everyone.
Since this morning I have noticed that all the VestaCP installations I have, and all the VestaCP installations of my friends, are being attacked. All of them had extra features such as Fail2Ban and the VestaCP panel port changed to a non-standard one.
In one case at least, the attack have been stopped by my hosting company. All the other installations simply stopped working.
I know that they have access to my ssh and that they added functions to clean the history of the ssh on log out, so I don't think this is easy to check, but please, check all of your logs, and check for hidden, strange files/folders.
Since this morning I have noticed that all the VestaCP installations I have, and all the VestaCP installations of my friends, are being attacked. All of them had extra features such as Fail2Ban and the VestaCP panel port changed to a non-standard one.
In one case at least, the attack have been stopped by my hosting company. All the other installations simply stopped working.
I know that they have access to my ssh and that they added functions to clean the history of the ssh on log out, so I don't think this is easy to check, but please, check all of your logs, and check for hidden, strange files/folders.
Re: All VestaCP installations being attacked
hello, some of my sites are down as well today, I'm not an expert yet of centos/vestacp
what can I do to stop the attack, to correct and make my site up again ?
also, how can that happen ? Is VestaCP secure enough ?
what can I do to stop the attack, to correct and make my site up again ?
also, how can that happen ? Is VestaCP secure enough ?
Re: All VestaCP installations being attacked
Usually VestaCP is fairly secure, but sometimes some vulnerabilities are exploited by undesirable people. Check all your logs constantly to be sure that all your servers are safe.
Re: All VestaCP installations being attacked
Thanks for this. I usually ignore system update etc.
Just to make sure the checklist for hardening the system:
viewtopic.php?t=14346
Just to make sure the checklist for hardening the system:
viewtopic.php?t=14346
Re: All VestaCP installations being attacked
Thanks for the link.
Today I woke up with the same problem. My servers and my friend's servers have been compromised.
Our servers were following all those recommendations, and even so they have fallen. The only thing they had in common is having VestaCP installed. I wiped my servers the other day, and the security was strengthen.
Today I woke up with the same problem. My servers and my friend's servers have been compromised.
Our servers were following all those recommendations, and even so they have fallen. The only thing they had in common is having VestaCP installed. I wiped my servers the other day, and the security was strengthen.
Last edited by realjumy on Tue Sep 25, 2018 8:10 am, edited 1 time in total.
Re: All VestaCP installations being attacked
Actually, I just checked and a famous website where they compare different panels and servers configurations, and that I know it was using VestaCP, is also down. There might be some vulnerability somewhere in VestaCP.
If a developer wants to know more, I still have access to two of the infected servers.
If a developer wants to know more, I still have access to two of the infected servers.
Re: All VestaCP installations being attacked
now problem is solved?
If I install new vesta on new server?
If I install new vesta on new server?
Re: All VestaCP installations being attacked
The problem is still the same. I will not install any instance of VestaCP until I'm 100% sure they sorted this problem. I have 4 servers myself with important data, and I'm not taking any risk.
Re: All VestaCP installations being attacked
Re: All VestaCP installations being attacked
I've PM'ed you for that. I'm a computer forense analyst. I could help ;)