Page 14 of 24
Re: All VestaCP installations being attacked
Posted: Mon Oct 08, 2018 7:02 pm
by Spheerys
I'm a little be disapointed by the fact we still don't have any clue to investigate about this hack.
We were several to ask how to check if ours servers are under attack, but we don't have any clear anwser to chek, and to understand the attack.
People which have hundred hacked servers : please give us more information, at least to check if we are impacted or not.
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 8:54 am
by jcerdan
Hi,
I think the issue is in VestaCP web interface.
Is there a possibilty for Vesta Dev Team to separate Vesta in little projects?
1) Vesta-core with API script
2) Vesta Web Interface
3) Vesta -softaculous & vesta-ioncube
This way, anybody would install only what they really want and develop its own web frontend, shared on github or not.
Also, security for Vesta Team should be focused on Vesta-core and API, letting other developers enter and modify/enhance Vesta Web interface.
Regards,
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 9:06 am
by Spheerys
We can maybe hardener VestaCP with a .htpasswd ?
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 11:07 am
by jcerdan
You can do that, but I don't know if API calls will be affected by the .htaccess.
Also, you can create a sort of "bridge" in PHP via another server to access VestaCP web interface, by translating POST and GET calls, but that's a little bit harder.
Best thing for now is restrict access to VestaCP Panel by IP and if Dev Team can separate VestaCP in projects that will allow other devs to create new Web interfaces to Vesta-core and API.
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 1:33 pm
by agus
jcerdan wrote: ↑Tue Oct 09, 2018 11:07 am
You can do that, but I don't know if API calls will be affected by the .htaccess.
Also, you can create a sort of "bridge" in PHP via another server to access VestaCP web interface, by translating POST and GET calls, but that's a little bit harder.
Best thing for now is restrict access to VestaCP Panel by IP and if Dev Team can separate VestaCP in projects that will allow other devs to create new Web interfaces to Vesta-core and API.
how to do this?
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 2:33 pm
by jcerdan
Hi @agus,
search in this forum and you'll find
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 4:42 pm
by imperio
We are thinking, what we can do with this
The project continues to develop. Don't worry
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 4:50 pm
by joni
Ohh thank you for info, we were in panic
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 5:03 pm
by imperio
kandalf wrote: ↑Fri Oct 05, 2018 10:11 am
How can we know if our server is compromised?
if this file /usr/bin/dhcprenew exists on your server it means that it is hacked
Re: All VestaCP installations being attacked
Posted: Tue Oct 09, 2018 5:43 pm
by joni
imperio wrote: ↑Tue Oct 09, 2018 5:03 pm
kandalf wrote: ↑Fri Oct 05, 2018 10:11 am
How can we know if our server is compromised?
if this file /usr/bin/dhcprenew exists on your server it means that it is hacked
Hallo,
..and what should we do? will just deleting this file help saving us from other problems or we must reinstall the servers?