Got 10 VestaCP servers exploited

[Prime]

My two VestaCp installed server is suspended due to attack of the other networks.
I checked one of them and I found gcc.sh in /etc/cron.hourly. It is created on 4 April 2018.
Info: After installation I changed VestaCp port to another port.

I would recommend changing URL of roundcube as well. It may be the actual problem and it's better to be safe than sorry.

[Prime]

you meant not to use the freewares ?

I'm more or less referring to that one shouldn't use software without an SLA for business critical applications as it can cause serious problems. But let's not further dwelve into this as it's unrelated to what this thread is actually about.

[MAN5]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

Hi, we should be patience with Vesta team, even we got calls from our frustrated clients.
The affected servers are running with vesta > doesnt meant vesta had this bug. Let them to find the issue 1st.

[sandy]

sure, im writing this words for vesta team actually if they are opensource and free they should consider security on first place. Security whole will harm them and people will stop using vesta.

And i'm a great fan of vesta from years, and got 3-4 times server suspended due to exploits and hacked servers. I've prove if you want let me know

[talha]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

Hi, we should be patience with Vesta team, even we got calls from our frustrated clients.
The affected servers are running with vesta > doesnt meant vesta had this bug. Let them to find the issue 1st.

I agree with MAN5, please be patient and let VestaCP team to find that bug.

[AKr0nizz]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

Hi, we should be patience with Vesta team, even we got calls from our frustrated clients.
The affected servers are running with vesta > doesnt meant vesta had this bug. Let them to find the issue 1st.

More likely its problem with RoundCube. 23 hours ago critical exploit for it was published. I realize that VastaCP is the awesome product as for freeware.

@sandy
Even WordPress has more security breaches, if we compare it to Vesta.

You can find bugs and exploits in every software btw. Just bugs in Control Panels are more critical in comparison to MS Word for example.

[sandy]

[AKr0nizz]

Next time i will just install Vesta into Docker container and host there only several sites.

If similar situation occurs i can just stop Docker container and decrease the loss.

[sandy]

i didn't understand if vestacp team already gotten SOME BUNCH OF HACKED SERVER FOR TESTING why they are still resting ?

Hi, we should be patience with Vesta team, even we got calls from our frustrated clients.
The affected servers are running with vesta > doesnt meant vesta had this bug. Let them to find the issue 1st.

More likely its problem with RoundCube. 23 hours ago critical exploit for it was published. I realize that VastaCP is the awesome product as for freeware.

@sandy
Even WordPress has more security breaches, if we compare it to Vesta.

You can find bugs and exploits in every software btw. Just bugs in Control Panels are more critical in comparison to MS Word for example.

only if you use vulnerable plugins/theme under wp and vesta doesn't use plugins/module though

[lukapaunovic]

I convinced provider to put one of the hacked servers to rescue and I mounted disk.
Info is sent to vestacp info email
please hurry up with investigation as I must reinstall this and get ti up with different panel soon.