Vesta 2.0 is coming soon! See our progress update: https://vestacp.com/docs/vesta-2-update
All VestaCP installations being attacked
Re: All VestaCP installations being attacked
100% not true, because, if something ''inside'' is ''calling'', then all datacenters will be hacked - in Europe you have very big datacenters that is completly UNTOUCHED by this hack.albertus wrote: Wed Sep 26, 2018 2:22 amThere are things called "callback" that connect from the inside to the outside giving a shell.
Why?
Because only OVH is scanned - keyword is SCANNED - because hacker is scanning IP rangs.
Otherwise, in case that something is ''calling from inside'', then all datacenters in Europe will be also 'burned' - which is not happening.
Re: All VestaCP installations being attacked
Do you think that disabling vesta service + disabling the access to the default vesta port can prevent the hacking?
Re: All VestaCP installations being attacked
So the vulnerability is in the web interface?
I protected vesta, roundcube and phpmyadmin with HTTP Basic Auth... that should be enough.
I protected vesta, roundcube and phpmyadmin with HTTP Basic Auth... that should be enough.
Re: All VestaCP installations being attacked
Not sure at all.eduzro wrote: Wed Sep 26, 2018 10:46 am Do you think that disabling vesta service + disabling the access to the default vesta port can prevent the hacking?
At this moment, at least I don't have any clue what is entry point.
Re: All VestaCP installations being attacked
Not even sure it's related to Vesta.
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
Re: All VestaCP installations being attacked
I don't think it's because of this issue, as it first needs the access data of an unprivileged user (One of my servers which was hacked had only the admin user).dpeca wrote: Wed Sep 26, 2018 11:04 am Not even sure it's related to Vesta.
For example, serious issue in kernel, published yesterday - https://access.redhat.com/security/cve/cve-2018-14634
Re: All VestaCP installations being attacked
I'm not saying it's related to kernel issue, just that I'm not 100% sure it's related to Vesta...
-
lukapaunovic
- Posts: 73
- Joined: Sun Dec 03, 2017 6:30 pm
Re: All VestaCP installations being attacked
I think he is talking about the reverse shell.dpeca wrote: Wed Sep 26, 2018 10:21 am100% not true, because, if something ''inside'' is ''calling'', then all datacenters will be hacked - in Europe you have very big datacenters that is completly UNTOUCHED by this hack.albertus wrote: Wed Sep 26, 2018 2:22 amThere are things called "callback" that connect from the inside to the outside giving a shell.
Why?
Because only OVH is scanned - keyword is SCANNED - because hacker is scanning IP rangs.
Otherwise, in case that something is ''calling from inside'', then all datacenters in Europe will be also 'burned' - which is not happening.
http://pentestmonkey.net/cheat-sheet/sh ... heat-sheet
Re: All VestaCP installations being attacked
The same arguments are still here - why EU datracenters is untouched then....
-
itismejoey
- Posts: 1
- Joined: Wed Sep 26, 2018 12:35 pm
- Os: CentOS 5x
- Web: apache + nginx
Re: All VestaCP installations being attacked
I've been on and off the phone with OVH for the last 24 hours. I was able to get into a rescue ssh mode of my server, but they will not restore the server back to normal (even with removing everything to do with Vesta. Does anyone know if this is anything to do with the same thing last April? I am being told not to reinstall Vesta at all until I know for sure that everything is fixed. Doesn't seem like anyone from Vesta has mentioned anything yet? I guess i'll follow this thread for more.