We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Got 10 VestaCP servers exploited
-
- Posts: 11
- Joined: Sun Apr 08, 2018 12:08 pm
- Os: Ubuntu 15x
- Web: nginx + php-fpm
Re: Got 10 VestaCP servers exploited
@StudioMaX, could you delete the quote?
I have rebooted my VPS to rescue mode for inspection.
I have rebooted my VPS to rescue mode for inspection.
Re: Got 10 VestaCP servers exploited
I don't think issue is there since it cannot be executed if session is not validated. I am more concerned with password field escaping since it will be executed on each login attempt so there is no need to have valid password or hash to execute itlukapaunovic wrote: ↑Sun Apr 08, 2018 2:13 pm@dpeca brother found out this
https://github.com/serghey-rodin/vesta/ ... ex.php#L71
Unescaped
Re: Got 10 VestaCP servers exploited
I think we found a vulnerability. Fix will be today
Re: Got 10 VestaCP servers exploited
Can we get more info, a hint to what module issue is related ? Can we be sure that is absolutely not related to RoundCube since I have servers on VestaCp which are sill operational. Vesta service is of course disabled.
-
- Posts: 11
- Joined: Sun Apr 08, 2018 12:08 pm
- Os: Ubuntu 15x
- Web: nginx + php-fpm
Re: Got 10 VestaCP servers exploited
I'm glad to hear. Can't wait to see the commit.
Re: Got 10 VestaCP servers exploited
Just to remove some water on the fire
This same hack append to me almost a year ago
on a server where I use ISPConfig.
With a Terabytes connection the ISP (exoscale) charge me 2000$ for a almost 48h of DDOS
they never showed me the log ;)
So All that to say it's not specific to VestaCP
If I may, make a recommendation; I personally block the port 8083 and only use the VestaCP via a ssh redirection
something like
ssh user@server -L8083:localhost:8083
This same hack append to me almost a year ago
on a server where I use ISPConfig.
With a Terabytes connection the ISP (exoscale) charge me 2000$ for a almost 48h of DDOS
they never showed me the log ;)
So All that to say it's not specific to VestaCP
If I may, make a recommendation; I personally block the port 8083 and only use the VestaCP via a ssh redirection
something like
ssh user@server -L8083:localhost:8083
Re: Got 10 VestaCP servers exploited
I may be also good idea to set up VPN and allow vesta connection only via VPNjodumont wrote: ↑Sun Apr 08, 2018 2:39 pmJust to remove some water on the fire
This same hack append to me almost a year ago
on a server where I use ISPConfig.
With a Terabytes connection the ISP (exoscale) charge me 2000$ for a almost 48h of DDOS
they never showed me the log ;)
So All that to say it's not specific to VestaCP
If I may, make a recommendation; I personally block the port 8083 and only use the VestaCP via a ssh redirection
something like
ssh user@server -L8083:localhost:8083
Re: Got 10 VestaCP servers exploited
I think the main issue here is the fact that the API runs as root... that is a major security hole alone.
Re: Got 10 VestaCP servers exploited
I'm not a server expert but my two customers VPS is Down who running Vestacp.
Please help me anyone, I need help badly.
Please help me anyone, I need help badly.
Re: Got 10 VestaCP servers exploited
this is true
but you could also make a bastion than only authorize it
use TINC or only authorize the port 8083 through TOR
authorise only your VPN provider or pay for a static IP at home and authorise only this one
and so on ...
I was mentioning the SSH solution because it take 2sec to put in place and don't add any charge/service/process on the server.