Got 10 VestaCP servers exploited
Re: Got 10 VestaCP servers exploited
Same bug :( Updated to latest, all services working, except WEB UIAnimusAstralis wrote: ↑Mon Apr 09, 2018 11:58 amIt seems that my CP autoupdated and now I can't access web UI. All services are active. What should I do?
-
RevengeFNF
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Got 10 VestaCP servers exploited
Never forget to block the port with a whitelist to certain ip's you use.
I have port 8083 blocked in iptables and i was not a victim of this exploit.
I have port 8083 blocked in iptables and i was not a victim of this exploit.
Re: Got 10 VestaCP servers exploited
DigitalOcean (and perhaps Vultr and others) have recently blocked the default Vesta port (8083). Follow these steps to change the port (and optionally add IP firewall) and then see if you can access Vesta GUI at the new port: viewtopic.php?f=10&t=16556&start=280#p68935AnimusAstralis wrote: ↑Mon Apr 09, 2018 11:58 amIt seems that my CP autoupdated and now I can't access web UI. All services are active. What should I do?
Re: Got 10 VestaCP servers exploited
That's easier said than done if you're selling access to your server as a web host would...RevengeFNF wrote: ↑Mon Apr 09, 2018 12:08 pmNever forget to block the port with a whitelist to certain ip's you use.
Re: Got 10 VestaCP servers exploited
no thats not working. i got infected while this port was only available to my ip !!or limit access to port 8083 using firewall
Last edited by kobo1d on Mon Apr 09, 2018 12:19 pm, edited 2 times in total.
Re: Got 10 VestaCP servers exploited
have problem on debian 9 with update. News about?
Re: Got 10 VestaCP servers exploited
i did the same and i got hacked anyway. the port was only available to my ip !!RevengeFNF wrote: ↑Mon Apr 09, 2018 12:08 pmNever forget to block the port with a whitelist to certain ip's you use.
I have port 8083 blocked in iptables and i was not a victim of this exploit.
ACCEPT TCP/ VESTA 8083 xxx.xxx.xxx.xxx (myip)
default policy is drop
Last edited by kobo1d on Mon Apr 09, 2018 12:19 pm, edited 2 times in total.
Re: Got 10 VestaCP servers exploited
I can confirm that vultr did not block port 8083.vesta_mtl wrote: ↑Mon Apr 09, 2018 12:09 pmDigitalOcean (and perhaps Vultr and others) have recently blocked the default Vesta port (8083). Follow these steps to change the port (and optionally add IP firewall) and then see if you can access Vesta GUI at the new port: viewtopic.php?f=10&t=16556&start=280#p68935AnimusAstralis wrote: ↑Mon Apr 09, 2018 11:58 amIt seems that my CP autoupdated and now I can't access web UI. All services are active. What should I do?
-
RevengeFNF
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Got 10 VestaCP servers exploited
In those cases, password protect the access to it in nginx or apache configuration, and give the pass to your customer.bruce7890 wrote: ↑Mon Apr 09, 2018 12:11 pmThat's easier said than done if you're selling access to your server as a web host would...RevengeFNF wrote: ↑Mon Apr 09, 2018 12:08 pmNever forget to block the port with a whitelist to certain ip's you use.
Last edited by RevengeFNF on Mon Apr 09, 2018 12:23 pm, edited 1 time in total.