We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
There is nothing wrong with that code, just a secured way to check entered password.
But anyway, if I must assume where is a hole, login code, reset password and api.php are most suspicious places to me...
But anyway, if I must assume where is a hole, login code, reset password and api.php are most suspicious places to me...
Re: All VestaCP installations being attacked
$ v_password value is
'; v-add-fs-file ********;
exec(VESTA_CMD。“v-check-user-password”。$ v_user。“”。$ v_password。“'”。$ v_ip_addr。“'”,$ output,$ auth_code);
It seems that you can join shell.
Re: All VestaCP installations being attacked
I will check now...
Re: All VestaCP installations being attacked
I can not find a code that you quoted in current version of that file - https://github.com/serghey-rodin/vesta/ ... /index.phppqpk2009 wrote: ↑Sun Sep 30, 2018 4:29 pmIs this a loophole? Why not fix it? This is the latest installation package code.
------------------------- 8083/api/index.php
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
unlink($v_password)
Actually, I can not find it even in other files.
From where you take it?
That could be a code from old versions of Vesta.
Re: All VestaCP installations being attacked
dpeca wrote: ↑Sun Sep 30, 2018 6:22 pmI can not find a code that you quoted in current version of that file - https://github.com/serghey-rodin/vesta/ ... /index.phppqpk2009 wrote: ↑Sun Sep 30, 2018 4:29 pmIs this a loophole? Why not fix it? This is the latest installation package code.
------------------------- 8083/api/index.php
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
unlink($v_password)
Actually, I can not find it even in other files.
From where you take it?
That could be a code from old versions of Vesta.
The latest installation package installed on my server, installed in September the 20th.
Re: All VestaCP installations being attacked
Installation is based on official website steps.
Re: All VestaCP installations being attacked
I installed Vesta before one hour, I can not find that code at all.
How it's possible that you get code that is fixed before 6 months?
How it's possible that you get code that is fixed before 6 months?
Re: All VestaCP installations being attacked
Can you install new server instance and check if you get that code in api.php ?
Re: All VestaCP installations being attacked
I can confirm that the server was installed in September.
I am in China, it is 2 in the morning, I need to go to the office about 8 hours later to confirm again.
I am in China, it is 2 in the morning, I need to go to the office about 8 hours later to confirm again.