We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Got 10 VestaCP servers exploited
Re: Got 10 VestaCP servers exploited
viewtopic.php?f=10&t=16558&p=68543
some more info about the attack
some more info about the attack
-
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: Got 10 VestaCP servers exploited
This matter needs to be looked into by core of VestaCP team immediately.
it's the matter of time when other providers and server will get hacked.
We need fix ASAP
it's the matter of time when other providers and server will get hacked.
We need fix ASAP
Re: Got 10 VestaCP servers exploited
some will even suspend the server permanentlylukapaunovic wrote: ↑Sat Apr 07, 2018 8:11 pmThis matter needs to be looked into by core of VestaCP team immediately.
it's the matter of time when other providers and server will get hacked.
We need fix ASAP
Re: Got 10 VestaCP servers exploited
While this issue is on-going, I highly urge everyone to change ports of your vestaCP-installation. This to ensure to make it harder for break-in attempts as usually the exploits only target certain ports (in this case, default port.)
Re: Got 10 VestaCP servers exploited
or :
Code: Select all
service vesta stop
Re: Got 10 VestaCP servers exploited
this time exploit is severe resulting outbound ddos attack. And 99% of hosts doesn't allow it on there network
Re: Got 10 VestaCP servers exploited
This is the best way to stay safe until we find out the reason and release the update. Thanks for positing it.
Re: Got 10 VestaCP servers exploited
If your server got hacked please send us root access to [email protected] so we can take a look and inspect it. Thanks
Re: Got 10 VestaCP servers exploited
Even better for the moment being:
Code: Select all
systemctl stop vesta && systemctl disable vesta
Code: Select all
systemctl enable vesta && systemctl start vesta
Re: Got 10 VestaCP servers exploited
Just to think: when logging in through the web interface to Vesta, a session file should be created, right? And all of them located in /usr/local/vesta/data/sessions
As I understand the web interface internals, PHP will check that we have "user" variable inside the session (https://github.com/serghey-rodin/vesta/ ... /index.php), otherwise it will redirect to the Login page.
What I mean - I looked through all the session files in notepad, and search them for variable "user", and it exist only in the sessions created by me (my IP address exists in "user_combined_ip" variable). Therefore, this exploit is either not related to the web interface, or it directly calls some public scripts that do not require authorization.
As I understand the web interface internals, PHP will check that we have "user" variable inside the session (https://github.com/serghey-rodin/vesta/ ... /index.php), otherwise it will redirect to the Login page.
What I mean - I looked through all the session files in notepad, and search them for variable "user", and it exist only in the sessions created by me (my IP address exists in "user_combined_ip" variable). Therefore, this exploit is either not related to the web interface, or it directly calls some public scripts that do not require authorization.