We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Got 10 VestaCP servers exploited
-
- Posts: 10
- Joined: Wed Mar 29, 2017 7:15 pm
Re: Got 10 VestaCP servers exploited
It has been about a month since the 1st post regarding the exploited servers.
At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6).
I know that many users are running with the panel down until there is a general consensus that everything that can be reasonable done is complete.
Can we get a status regarding the dev teams findings and if there are other patches soon to be released?
As always, appreciate your work on the project and security hardening.
At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6).
I know that many users are running with the panel down until there is a general consensus that everything that can be reasonable done is complete.
Can we get a status regarding the dev teams findings and if there are other patches soon to be released?
As always, appreciate your work on the project and security hardening.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Got 10 VestaCP servers exploited
I would also like to have news about this.Mark O Polo wrote: ↑Tue May 08, 2018 4:15 pmIt has been about a month since the 1st post regarding the exploited servers.
At a result of the exploits, one patch was issued. We also know some of the code was reviewed by Rack911labs (Patrick) and he noticed several root compromise vulnerabilities (6).
I know that many users are running with the panel down until there is a general consensus that everything that can be reasonable done is complete.
Can we get a status regarding the dev teams findings and if there are other patches soon to be released?
As always, appreciate your work on the project and security hardening.
Re: Got 10 VestaCP servers exploited
I haven't used it since and won't until I'm sure it's been patched fully, It worries me that no one knows for sure how the panel became exploited in the first place. We have had little information on the progress of fixing the vulnerabilities that have been reported which I feel is very important. Vesta was a good little panel but the list of vulnerabilities makes it unusable for me.
Re: Got 10 VestaCP servers exploited
yea. i have kept my panel shutted down too.
news are very welcome!
news are very welcome!
Re: Got 10 VestaCP servers exploited
New release with mass security fixes will in Monday or Tuesday
Now we are thinking about the roundcube
Now we are thinking about the roundcube
-
- Posts: 1
- Joined: Mon Apr 09, 2018 2:08 am
- Os: Ubuntu 15x
- Web: apache
Re: Got 10 VestaCP servers exploited
Yes. The server has just gone down. Nobody was able to login to my website and when I tried to log into vestacp dashboard, it also failed. After I SSH into the server, I found that there was no space left on the server. And after a couple of minutes, Digitalocean deactivated networking.albertus wrote: ↑Sat Apr 07, 2018 2:56 pmHello!
Today I was surprised to discover that 10 of our customers servers were being exploited (attacking a chinese IP). All these servers have nothing in common but the fact they all run VestaCP. None of my non-VestaCP servers were affected.
I would like to ask if anyone was also affected. Any chance there's a VestaCP vulnerability being exploited in the wild?
Thank you in advance
Kindly, Albertus
Right now my website is down.
Re: Got 10 VestaCP servers exploited
I found this entrys in negix error log:
Seems calls from my domain url.
It's related to exploited ?
Code: Select all
2018/05/11 16:24:21 [error] 3422#0: *50 open() "/usr/local/vesta/web/sdk" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "POST /sdk HTTP/1.1", host: "my_domain_name.XXX:8$
2018/05/11 16:24:31 [error] 3422#0: *53 "/usr/local/vesta/web/profilemanager/index.php" is not found (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /profilemanager/ HTTP/1$
2018/05/11 16:25:16 [error] 3422#0: *135 open() "/usr/local/vesta/web/sdk" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "POST /sdk HTTP/1.1", host: "my_domain_name.XXX:$
2018/05/11 16:36:49 [error] 3422#0: *1918 open() "/usr/local/vesta/web/Portal/Portal.mwsl" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /Portal/Portal.mwsl?PriNav$
2018/05/11 16:50:30 [error] 3422#0: *6691 open() "/usr/local/vesta/web/db" failed (2: No such file or directory), client: 159.203.250.164, server: _, request: "GET /db HTTP/1.1", host: "my_domain_name.XXX:80$
It's related to exploited ?
Re: Got 10 VestaCP servers exploited
Not related