Возможная уязвимость в Vesta 0.9.8.19
Re: Возможная уязвимость в Vesta 0.9.8.19
Потанцевав с бубном, попробовал разные варианты, остановился на том, что установил Debian 9 и откатил на ней версию PHP на 5.6
Но таки сервер поднял =))
Сейчас работает всё так же, как и на Debian 8.
Re: Возможная уязвимость в Vesta 0.9.8.19
Как обычно Debian 8, так же устанавливается Debian 9. А затем нужно установить PHP 5.6 вот здесь описано как и потом включить нужную версию PHP. Всё остальное программное обеспечение ставится точно так же, как и на восьмёрке.
P.S. И ещё главное потом отключить в апаче PHP 7.0 и включить PHP 5.6
a2dismod php7.0
a2enmod php5.6
service apache2 restart
Re: Возможная уязвимость в Vesta 0.9.8.19
Благодарю.Искал как откатить но вот именно такой инструкции я не находил.
Пы.Зы. Завелось.Ещё раз благодарю.
Пы.Зы. Завелось.Ещё раз благодарю.
Re: Возможная уязвимость в Vesta 0.9.8.19
Кстати...Ни у кого не наблюдается в последнее время аномальная активность сканирования портов?
Вот прокатилась волна взломов,потом вроде как приутихли.И последние месяца два временами просто бешеная активность сканирования портов разным сбродом.Не знаю,совпадение это или нет...
Вот прокатилась волна взломов,потом вроде как приутихли.И последние месяца два временами просто бешеная активность сканирования портов разным сбродом.Не знаю,совпадение это или нет...
Re: Возможная уязвимость в Vesta 0.9.8.19
Как, чем Вы мониторите активность?yariksat wrote: ↑Sat Jun 23, 2018 5:15 amКстати...Ни у кого не наблюдается в последнее время аномальная активность сканирования портов?
Вот прокатилась волна взломов,потом вроде как приутихли.И последние месяца два временами просто бешеная активность сканирования портов разным сбродом.Не знаю,совпадение это или нет...
Re: Возможная уязвимость в Vesta 0.9.8.19
CSF...one wrote: ↑Sat Jun 23, 2018 6:41 amКак, чем Вы мониторите активность?yariksat wrote: ↑Sat Jun 23, 2018 5:15 amКстати...Ни у кого не наблюдается в последнее время аномальная активность сканирования портов?
Вот прокатилась волна взломов,потом вроде как приутихли.И последние месяца два временами просто бешеная активность сканирования портов разным сбродом.Не знаю,совпадение это или нет...
Он установлен и настроен уже очень давно.Ну и как начинают активно порты сканить он начинает всю эту братию с Малазии,Китая,Гон Конга,Пекина,ЮАР и прочее в бан пачками засовывать.Могут сканить в 500-600 айпи,начинаю залетать во временный бан и как особо упоротые потом залетают и в постоянный бан.Ибо даже во время бана не угомонятся.Оно и понятно,боты.Как только в бан залетает под сотню айпи остальная часть отваливает,разрывает соединение.И потом тишина,но потом рандомно опять наскакивают.
Ставил на два месяца ISP.Тишина,ничего не заметил.Но там то и CSF нет,но судя по нагрузке порты не сканировали.Но ISP это не то,мягко говоря.Привык я к панели.Поставил панель обратно.И...Такое впечатление что как простукивают на предмет панели...Буквально и недели не прошло,мягкий такой наплыв в течении часа...Видать родная панель им и понеслась по новой...Снова отгребли по зубам и отвалили...
SpoilerShow
Code: Select all
133.18.194.0/24 # lfd: (NETBLOCK) 133.18.194.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 14:01:14 2018
133.18.200.0/24 # lfd: (NETBLOCK) 133.18.200.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 14:12:00 2018
133.18.203.0/24 # lfd: (NETBLOCK) 133.18.203.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 14:12:15 2018
140.163.70.8 # lfd: (PERMBLOCK) 140.163.70.8 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:13:12 2018
83.238.100.226 # lfd: (PERMBLOCK) 83.238.100.226 (PL/Poland/venom.medical-tribune.pl) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:13:42 2018
118.193.26.18 # lfd: (PERMBLOCK) 118.193.26.18 (HK/Hong Kong/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:15:58 2018
54.36.162.123 # lfd: (PERMBLOCK) 54.36.162.123 (GB/United Kingdom/hsbconlinesupport.info) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:17:48 2018
185.93.3.123 # lfd: (PERMBLOCK) 185.93.3.123 (ES/Spain/unn-185-93-3-123.datapacket.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:18:24 2018
167.99.224.142 # lfd: (PERMBLOCK) 167.99.224.142 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:18:44 2018
67.205.148.246 # lfd: (PERMBLOCK) 67.205.148.246 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:19:05 2018
78.140.134.135 # lfd: (PERMBLOCK) 78.140.134.135 (NL/Netherlands/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:23:05 2018
209.97.129.32 # lfd: (PERMBLOCK) 209.97.129.32 (GB/United Kingdom/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:25:40 2018
46.165.228.78 # lfd: (PERMBLOCK) 46.165.228.78 (DE/Germany/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:26:21 2018
74.209.243.116 # lfd: (PERMBLOCK) 74.209.243.116 (US/United States/74-209-243-116.ash01.latisys.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:28:31 2018
79.117.147.84 # lfd: (PERMBLOCK) 79.117.147.84 (RO/Romania/d-79-117-147-84.craiova.rdsnet.ro) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:28:47 2018
177.92.4.70 # lfd: (PERMBLOCK) 177.92.4.70 (BR/Brazil/70.4.92.177.static.copel.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:28:52 2018
51.15.86.88 # lfd: (PERMBLOCK) 51.15.86.88 (FR/France/88-86-15-51.rev.cloud.scaleway.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:29:02 2018
66.70.190.244 # lfd: (PERMBLOCK) 66.70.190.244 (CA/Canada/244.ip-66-70-190.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:29:33 2018
94.23.56.95 # lfd: (PERMBLOCK) 94.23.56.95 (FR/France/ns301875.ip-94-23-56.eu) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:29:43 2018
40.114.121.235 # lfd: (PERMBLOCK) 40.114.121.235 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:30:33 2018
191.252.194.156 # lfd: (PERMBLOCK) 191.252.194.156 (BR/Brazil/vps7895.publiccloud.com.br) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:30:58 2018
129.213.94.215 # lfd: (PERMBLOCK) 129.213.94.215 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:31:14 2018
47.91.158.137 # lfd: (PERMBLOCK) 47.91.158.137 (HK/Hong Kong/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:31:19 2018
71.13.112.152 # lfd: (PERMBLOCK) 71.13.112.152 (US/United States/71-13-112-152.static.eucl.wi.charter.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:31:29 2018
118.69.34.21 # lfd: (PERMBLOCK) 118.69.34.21 (VN/Vietnam/www.searefico.com.vn) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:32:04 2018
178.162.216.0/24 # lfd: (NETBLOCK) 178.162.216.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 14:33:19 2018
14.139.156.110 # lfd: (PERMBLOCK) 14.139.156.110 (IN/India/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:33:25 2018
149.56.45.68 # lfd: (PERMBLOCK) 149.56.45.68 (CA/Canada/scotia-info-center.top) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:34:40 2018
89.236.17.106 # lfd: (PERMBLOCK) 89.236.17.106 (SE/Sweden/89-236-17-106.customer.t3.se) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:35:15 2018
66.82.144.29 # lfd: (PERMBLOCK) 66.82.144.29 (US/United States/host-66-82-144-29.hnremote.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 14:37:31 2018
94.230.228.0/24 # lfd: (NETBLOCK) 94.230.228.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 14:48:50 2018
13.92.196.150 # lfd: (PERMBLOCK) 13.92.196.150 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:03 2018
84.95.87.84 # lfd: (PERMBLOCK) 84.95.87.84 (IL/Israel/84.95.87.84.static.012.net.il) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:08 2018
147.135.210.114 # lfd: (PERMBLOCK) 147.135.210.114 (PL/Poland/114.ip-147-135-210.eu) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:14 2018
222.124.168.146 # lfd: (PERMBLOCK) 222.124.168.146 (ID/Indonesia/146.subnet222-124-168.astinet.telkom.net.id) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:25 2018
129.213.116.184 # lfd: (PERMBLOCK) 129.213.116.184 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:35 2018
104.45.31.193 # lfd: (PERMBLOCK) 104.45.31.193 (NL/Netherlands/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:40 2018
142.58.29.1 # lfd: (PERMBLOCK) 142.58.29.1 (CA/Canada/bby-wtb115-f3700d-1-bby-wtb115-core-1.net.sfu.ca) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:42 2018
36.75.243.76 # lfd: (PERMBLOCK) 36.75.243.76 (ID/Indonesia/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:44 2018
66.119.180.107 # lfd: (PERMBLOCK) 66.119.180.107 (CA/Canada/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:46 2018
133.18.205.136 # lfd: (PERMBLOCK) 133.18.205.136 (JP/Japan/v133-18-205-136.vir.kagoya.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:47 2018
125.162.208.229 # lfd: (PERMBLOCK) 125.162.208.229 (ID/Indonesia/229.subnet125-162-208.speedy.telkom.net.id) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:49 2018
47.252.1.152 # lfd: (PERMBLOCK) 47.252.1.152 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:52 2018
188.164.203.26 # lfd: (PERMBLOCK) 188.164.203.26 (GR/Greece/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:53 2018
125.162.250.6 # lfd: (PERMBLOCK) 125.162.250.6 (ID/Indonesia/6.subnet125-162-250.speedy.telkom.net.id) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:55 2018
80.211.181.37 # lfd: (PERMBLOCK) 80.211.181.37 (IT/Italy/host37-181-211-80.serverdedicati.aruba.it) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:56 2018
139.255.57.4 # lfd: (PERMBLOCK) 139.255.57.4 (ID/Indonesia/ln-static-139-255-57-4.link.net.id) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:14:59 2018
180.249.4.177 # lfd: (PERMBLOCK) 180.249.4.177 (ID/Indonesia/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:00 2018
103.75.101.242 # lfd: (PERMBLOCK) 103.75.101.242 (ID/Indonesia/isbi.ac.id) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:02 2018
45.77.25.235 # lfd: (PERMBLOCK) 45.77.25.235 (JP/Japan/45.77.25.235.vultr.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:05 2018
177.204.85.203 # lfd: (PERMBLOCK) 177.204.85.203 (BR/Brazil/177.204.85.203.static.gvt.net.br) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:07 2018
13.114.206.152 # lfd: (PERMBLOCK) 13.114.206.152 (JP/Japan/ec2-13-114-206-152.ap-northeast-1.compute.amazonaws.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:08 2018
211.41.237.52 # lfd: (PERMBLOCK) 211.41.237.52 (KR/Republic of Korea/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:11 2018
118.69.77.217 # lfd: (PERMBLOCK) 118.69.77.217 (VN/Vietnam/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:12 2018
118.27.30.203 # lfd: (PERMBLOCK) 118.27.30.203 (JP/Japan/v118-27-30-203.1qlq.static.cnode.io) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:14 2018
47.89.241.103 # lfd: (PERMBLOCK) 47.89.241.103 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:15 2018
60.250.79.187 # lfd: (PERMBLOCK) 60.250.79.187 (TW/Taiwan/60-250-79-187.HINET-IP.hinet.net) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:18 2018
116.93.97.243 # lfd: (PERMBLOCK) 116.93.97.243 (PH/Philippines/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:20 2018
103.87.16.254 # lfd: (PERMBLOCK) 103.87.16.254 (ID/Indonesia/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:22 2018
41.190.33.162 # lfd: (PERMBLOCK) 41.190.33.162 (ZW/Zimbabwe/162-33sxx.broadband.yoafrica.com) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:24 2018
163.44.165.165 # lfd: (PERMBLOCK) 163.44.165.165 (JP/Japan/v163-44-165-165.a062.g.tyo1.static.cnode.io) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:25 2018
36.83.108.148 # lfd: (PERMBLOCK) 36.83.108.148 (ID/Indonesia/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:49 2018
5.57.6.20 # lfd: (PERMBLOCK) 5.57.6.20 (LB/Lebanon/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:15:59 2018
180.251.165.20 # lfd: (PERMBLOCK) 180.251.165.20 (ID/Indonesia/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:18:40 2018
121.254.214.219 # lfd: (PERMBLOCK) 121.254.214.219 (KR/Republic of Korea/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:31:27 2018
45.113.71.52 # lfd: (PERMBLOCK) 45.113.71.52 (CA/Canada/-) has had more than 4 temp blocks in the last 86400 secs - Fri Jun 22 15:33:27 2018
185.229.234.0/24 # lfd: (NETBLOCK) 185.229.234.0/24 has had more than 4 blocks in the last 86400 secs - Fri Jun 22 15:54:13 2018