Can not Connect to Vesta - LOGIN anymore
Posted: Mon Oct 03, 2016 12:04 pm
Can not Connect to Vesta - LOGIN anymore
https://78.47.157.226:8083/login/
it worked 2 days ago.
is me 94.176.251.185
is server 78.47.157.226
am i hacked?
it has nothing to do with fail2ban! i checked that. service fail2ban stop -> does not work either.
... keeps repeating.
the debian system:
is up to date:
i did a
2016-10-03 12:29:07 v-change-user-password 'MYPASSWORDINCLEARTEXT' [Error 1]
and it shows my password in cleartext in: /var/log/vesta/error.log
is that supposed to be? :-D (a bug or a feature?)
====================== cannot connect to login site anymore
the harddisk is NOT full.
====================== searching for the problem
====================== more details:
====================== it is funny and interesting to watch realtime what your webserver is doing
but it does not help this problem :-D
how can i debug the problem?
plz help, thanks.
https://78.47.157.226:8083/login/
it worked 2 days ago.
is me 94.176.251.185
is server 78.47.157.226
am i hacked?
it has nothing to do with fail2ban! i checked that. service fail2ban stop -> does not work either.
Code: Select all
wget https://78.47.157.226:8083/login/
--2016-10-03 13:00:30-- (try:14) https://78.47.157.226:8083/login/
Connecting to 78.47.157.226:8083... failed: Connection timed out.
Retrying.the debian system:
Code: Select all
uname -a
Linux DOMAIN.COM 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux
Code: Select all
apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2016-10-03 12:29:07 v-change-user-password 'MYPASSWORDINCLEARTEXT' [Error 1]
and it shows my password in cleartext in: /var/log/vesta/error.log
is that supposed to be? :-D (a bug or a feature?)
====================== cannot connect to login site anymore
Code: Select all
cat /var/log/vesta/nginx-error.log; # is empty
cat /var/log/vesta/error.log; # shows
2016-09-23 05:10:02 v-backup-user 'admin' [Error 11]
2016-09-24 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-25 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-26 05:10:02 v-backup-user 'admin' [Error 11]
2016-09-27 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-28 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-29 05:10:01 v-backup-user 'admin' [Error 11]
2016-09-30 05:10:01 v-backup-user 'admin' [Error 11]
2016-10-01 05:10:02 v-backup-user 'admin' [Error 11]
2016-10-02 05:10:01 v-backup-user 'admin' [Error 11]
2016-10-03 05:10:02 v-backup-user 'admin' [Error 11]
cat /var/log/vesta/system.log; # shows
2016-10-02 03:28:33 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-02 04:14:40 v-add-firewall-chain 'SSH'
2016-10-02 04:14:40 v-add-firewall-ban '54.70.180.66' 'SSH'
2016-10-02 14:03:16 v-delete-firewall-chain 'MAIL'
2016-10-02 14:03:17 v-delete-firewall-ban '54.70.180.66' 'SSH'
2016-10-02 14:03:17 v-delete-firewall-chain 'SSH'
2016-10-02 14:03:19 v-delete-firewall-chain 'MAIL'
2016-10-02 14:03:22 v-delete-firewall-chain 'VESTA'
2016-10-02 14:03:25 v-add-firewall-chain 'MAIL'
2016-10-02 14:03:25 v-add-firewall-chain 'MAIL'
2016-10-02 14:03:25 v-add-firewall-chain 'VESTA'
2016-10-02 14:03:26 v-add-firewall-chain 'SSH'
2016-10-02 15:38:41 v-add-firewall-chain 'MAIL'
2016-10-02 15:38:41 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-03 00:20:04 v-update-user-stats
2016-10-03 01:40:30 v-delete-firewall-chain 'MAIL'
2016-10-03 01:40:32 v-delete-firewall-chain 'SSH'
2016-10-03 01:40:35 v-delete-firewall-chain 'MAIL'
2016-10-03 01:40:39 v-delete-firewall-chain 'VESTA'
2016-10-03 01:41:32 v-add-firewall-chain 'SSH'
2016-10-03 01:41:32 v-add-firewall-chain 'MAIL'
2016-10-03 01:41:32 v-add-firewall-chain 'MAIL'
2016-10-03 01:41:32 v-add-firewall-chain 'VESTA'
2016-10-03 02:20:51 v-update-user-disk 'admin'
2016-10-03 02:21:16 v-update-web-domains-disk 'admin'
2016-10-03 02:21:34 v-update-mail-domains-disk 'admin'
2016-10-03 03:32:40 v-add-firewall-chain 'SSH'
2016-10-03 03:32:40 v-add-firewall-ban '91.224.161.103' 'SSH'
2016-10-03 04:46:10 v-add-firewall-chain 'MAIL'
2016-10-03 04:46:10 v-add-firewall-ban '80.87.205.6' 'MAIL'
2016-10-03 08:11:18 v-add-firewall-chain 'SSH'
2016-10-03 08:11:18 v-add-firewall-ban '185.110.132.92' 'SSH'
2016-10-03 08:21:15 v-add-firewall-chain 'SSH'
2016-10-03 08:21:15 v-add-firewall-ban '91.224.160.184' 'SSH'
2016-10-03 12:29:13 v-change-user-password 'admin' '******'
2016-10-03 12:30:16 v-delete-firewall-chain 'MAIL'
2016-10-03 12:30:17 v-delete-firewall-ban '91.224.161.103' 'SSH'
2016-10-03 12:30:17 v-delete-firewall-ban '185.110.132.92' 'SSH'
2016-10-03 12:30:17 v-delete-firewall-ban '91.224.160.184' 'SSH'
2016-10-03 12:30:18 v-delete-firewall-chain 'SSH'
2016-10-03 12:30:20 v-delete-firewall-chain 'MAIL'
2016-10-03 12:30:22 v-delete-firewall-chain 'VESTA'
2016-10-03 12:31:41 v-add-firewall-chain 'SSH'
2016-10-03 12:31:41 v-add-firewall-chain 'MAIL'
2016-10-03 12:31:41 v-add-firewall-chain 'MAIL'
2016-10-03 12:31:41 v-add-firewall-chain 'VESTA'
2016-10-03 12:35:01 v-update-user-quota 'admin'
2016-10-03 12:36:05 v-delete-firewall-chain 'MAIL'
2016-10-03 12:36:06 v-delete-firewall-chain 'SSH'
2016-10-03 12:36:08 v-delete-firewall-chain 'MAIL'
2016-10-03 12:36:10 v-delete-firewall-chain 'VESTA'
2016-10-03 12:37:25 v-add-firewall-chain 'SSH'
2016-10-03 12:37:25 v-add-firewall-chain 'MAIL'
2016-10-03 12:37:25 v-add-firewall-chain 'MAIL'
2016-10-03 12:37:26 v-add-firewall-chain 'VESTA'
2016-10-03 12:44:36 v-delete-firewall-chain 'MAIL'
2016-10-03 12:44:37 v-delete-firewall-chain 'SSH'
2016-10-03 12:44:39 v-delete-firewall-chain 'MAIL'
2016-10-03 12:44:41 v-delete-firewall-chain 'VESTA'
2016-10-03 12:45:34 v-add-firewall-chain 'SSH'
2016-10-03 12:45:35 v-add-firewall-chain 'MAIL'
2016-10-03 12:45:35 v-add-firewall-chain 'MAIL'
2016-10-03 12:45:35 v-add-firewall-chain 'VESTA'
2016-10-03 13:35:16 v-add-firewall-chain 'MAIL'
2016-10-03 13:35:16 v-add-firewall-ban '80.87.205.6' 'MAIL'
tail -n10 /var/log/vesta/auth.log
-rw-rw---- 1 root root 3.3K Sep 30 10:49 auth.log <- has not been modified since 30.09.2016 so nobody else logged in since then.
admin 178.217.187.39 failed to login
admin 178.217.187.39 failed to login
admin 178.217.187.39 successfully logged in
admin 85.248.227.163 successfully logged in
admin 178.217.187.39 failed to login
admin 178.217.187.39 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.15.179 successfully logged in
admin 93.118.1.138 successfully logged in
Code: Select all
df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 24G 17G 6.1G 73% /
udev 10M 0 10M 0% /dev
tmpfs 201M 4.7M 196M 3% /run
tmpfs 501M 0 501M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 501M 0 501M 0% /sys/fs/cgroup
tmpfs 101M 0 101M 0% /run/user/0
Code: Select all
cat /var/log/vesta/*.log|grep "94.176.251.185"; -> no result
cat /var/log/nginx/*.log|grep "94.176.251.185"; -> no result
Code: Select all
iptables -L -n|grep 8083
fail2ban-VESTA tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8083
/usr/local/vesta/bin/v-list-sys-config json
{
"config": {
"WEB_SYSTEM": "apache2",
"WEB_RGROUPS": "www-data",
"WEB_PORT": "8080",
"WEB_SSL": "mod_ssl",
"WEB_SSL_PORT": "8443",
"WEB_BACKEND": "",
"PROXY_SYSTEM": "nginx",
"PROXY_PORT": "80",
"PROXY_SSL_PORT": "443",
"FTP_SYSTEM": "vsftpd",
"MAIL_SYSTEM": "exim4",
"IMAP_SYSTEM": "dovecot",
"ANTIVIRUS_SYSTEM": "",
"ANTISPAM_SYSTEM": "",
"DB_SYSTEM": "mysql",
"DNS_SYSTEM": "bind9",
"DNS_CLUSTER": "",
"STATS_SYSTEM": "webalizer,awstats",
"BACKUP_SYSTEM": "local",
"CRON_SYSTEM": "cron",
"DISK_QUOTA": "",
"FIREWALL_SYSTEM": "iptables",
"FIREWALL_EXTENSION": "fail2ban",
"FILEMANAGER_KEY": "",
"SFTPJAIL_KEY": "",
"REPOSITORY": "",
"VERSION": "0.9.8",
"LANGUAGE": "en",
"BACKUP_GZIP": "",
"BACKUP": "",
"MAIL_URL": "",
"DB_PMA_URL": "",
"DB_PGA_URL": ""
}
}
but it does not help this problem :-D
Code: Select all
tail -f /var/log/vesta/*.log &
tail -f /var/log/nginx/*.log &plz help, thanks.