We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
hi
My 3 servers at Hetzner also Hacked yesterday. hacker used it DDOS to a chines IP.
its service vesta was off.
what can i do?
My 3 servers at Hetzner also Hacked yesterday. hacker used it DDOS to a chines IP.
its service vesta was off.
what can i do?
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: All VestaCP installations being attacked
Send access to your server to vesta team so we can check more
Re: All VestaCP installations being attacked
SSHD permissions were closed, but there was still an attack.
Problem finding procedure
/usr/local/vesta/nginx/sbin/vesta-nginx
Problem finding procedure
/usr/local/vesta/nginx/sbin/vesta-nginx
Re: All VestaCP installations being attacked
Keep your servers safe, use keyfile instead password for SSH, and disable login with password. You can also change default SSH port. I’ve done it and everything is ok with my server.
Re: All VestaCP installations being attacked
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | *.*.*.* | 2018-10-09 06:41:17 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> 24940 | *.*.*.* | 2018-10-09 06:56:55 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
Re: All VestaCP installations being attacked
Dude, this does not look as attack to me.pqpk2009 wrote: ↑Wed Oct 10, 2018 9:32 am> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | *.*.*.* | 2018-10-09 06:41:17 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> 24940 | *.*.*.* | 2018-10-09 06:56:55 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
If you leaved NFS ports open, Hetzner will just warn you.
It does not mean that server did any attack.
Re: All VestaCP installations being attacked
This is the email sent by the German security agency. The other two infected servers are PM.dpeca wrote: ↑Wed Oct 10, 2018 9:46 amDude, this does not look as attack to me.pqpk2009 wrote: ↑Wed Oct 10, 2018 9:32 am> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | *.*.*.* | 2018-10-09 06:41:17 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> 24940 | *.*.*.* | 2018-10-09 06:56:55 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
If you leaved NFS ports open, Hetzner will just warn you.
It does not mean that server did any attack.
Re: All VestaCP installations being attacked
pqpk2009 wrote: ↑Wed Oct 10, 2018 9:51 amThis is the email sent by the German security agency. The other two infected servers are PM to ScIT.dpeca wrote: ↑Wed Oct 10, 2018 9:46 amDude, this does not look as attack to me.pqpk2009 wrote: ↑Wed Oct 10, 2018 9:32 am
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | *.*.*.* | 2018-10-09 06:41:17 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
> 24940 | *.*.*.* | 2018-10-09 06:56:55 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
If you leaved NFS ports open, Hetzner will just warn you.
It does not mean that server did any attack.