We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All my Wordpress sites got HACKED
Re: All my Wordpress sites got HACKED
I only host wordpress sites, + all my sites has been compromised. since I am not a "linux expert" I have to find something I can rely on.sin wrote:What does using VestaCP have anything to do with it? You don't even know how your Wordpress sites were hacked, you assumed they got shell access well what do your logs says?cagatay wrote:All use different database and some sites has their own vesta username. I assume he got himself a shell access.joem wrote:Do all your wordpress use the same database or a different one?
I am considering a safer paid panel solution. Using unmature panel for business is too risky for me.
it seems using cloud linux + cage fs + cpanel + varnish on a seperate server on same network is the easiest solution for me.
when it comes to logs, I dont know where to look, what to look.
By the way I noticed when I create an account, vesta sets chmod 775 for file permissions. Is this normal, do you manually change it to 755 ? could that be what this is all about?
Re: All my Wordpress sites got HACKED
Hello, I have a patch. You can change access permisions to web folders:
For Centos:
For Debian/Ubuntu:
Also edit all web sites and select nginx template "hosting", it's more secure.
For Centos:
Code: Select all
chgrp nginx /home/*/web/
chmod o= /home/*/web/
Code: Select all
chgrp www-data /home/*/web/
chmod o= /home/*/web/
Re: All my Wordpress sites got HACKED
thank you very much, I will use your advices.