We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
All VestaCP installations being attacked Topic is solved
Re: All VestaCP installations being attacked
I have sent PM server root information.
Tell me your IP, I add it to SSHD.
Re: All VestaCP installations being attacked
Alls who servers was hacked, let us know when your servers was installed.
Re: All VestaCP installations being attacked
my server was installed in september.
Then I rebuild it changing the panel port ( I already used custom ssh port, access ssh with key, access without password). From my last change (panel port) it is working well.
I'm using hetzner with centos 7 / apache+nginx+php7.2+mariadb10.3+csf
Then I rebuild it changing the panel port ( I already used custom ssh port, access ssh with key, access without password). From my last change (panel port) it is working well.
I'm using hetzner with centos 7 / apache+nginx+php7.2+mariadb10.3+csf
Re: All VestaCP installations being attacked
/usr/bin/dhcprenew
My infected server does not have this file.
My infected server does not have this file.
Re: All VestaCP installations being attacked
so anything new on that? from what we can read so far here, is that only a few servers have been hit and the attacker somehow gained ssh access?
some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password?
to those affected: do you allow admin for ssh access (default) and/or did you change the admin password after installation?
I haven't been affected this time (yet) and now am guessing that could be just because I don't allow admin for shell access...
BUT if the scenario is right, the (my) passwords could still be compromised, right? I don't like that idea.
some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password?
to those affected: do you allow admin for ssh access (default) and/or did you change the admin password after installation?
I haven't been affected this time (yet) and now am guessing that could be just because I don't allow admin for shell access...
BUT if the scenario is right, the (my) passwords could still be compromised, right? I don't like that idea.
Re: All VestaCP installations being attacked
My server was hacked in september. The Vesta service was running and I had SSH access enabled just for the admin user. I set the password with the installation command. I don't know if the file /usr/bin/dhcprenew was in the server.
Re: All VestaCP installations being attacked
flanders,
Thank you for the information
eduzro, when your server was installed ?
Thank you for the information
eduzro, when your server was installed ?