Community Forum
https://forum.vestacp.com/
doesnt matter. do a
Code: Select all
service vesta stopHow did you got hacked if the port was closed? With the port closed, there is not access to the Web UI.kobo1d wrote: Mon Apr 09, 2018 12:22 pmdoesnt matter. do auntil the update of vestacp is working again.Code: Select all
service vesta stop
blocking the port wont help you, i got hacked with closed port.
yes thats how the hack is working. it is installed hidden and leaves no logs on the server. (via rep)wrote: How did you got hacked if the port was closed? With the port closed, there is not access to the Web UI.
If that is true, the only way iam seeing it, is that Vesta repositories were hacked and people installed an exploited version of Vesta.
When did you installed your VestaCP?
I have a different port. Was hacked
fedekrum wrote: Mon Apr 09, 2018 10:14 am I have just tried to make a new vesta server on Digital Ocean, Ubuntu 16 and got these errors during install.
Hit:1 http://apt.vestacp.com/xenial xenial InRelease
Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:3 https://repos.sonar.digitalocean.com/apt main InRelease
Hit:4 http://nginx.org/packages/mainline/ubuntu xenial InRelease
Hit:5 http://nyc2.mirrors.digitalocean.com/ubuntu xenial InRelease
Hit:6 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-updates InRelease
Hit:7 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-backports InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vesta-php
E: Unable to locate package vesta-ioncube
E: Unable to locate package vesta-softaculous
Error: apt-get install failed
Do you think it has to do with this hack or the patch released?
wait until the fixed their rep. its down casuse the virus was spread from over thereblackyangell wrote: Mon Apr 09, 2018 12:37 pmfedekrum wrote: Mon Apr 09, 2018 10:14 am I have just tried to make a new vesta server on Digital Ocean, Ubuntu 16 and got these errors during install.
Hit:1 http://apt.vestacp.com/xenial xenial InRelease
Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:3 https://repos.sonar.digitalocean.com/apt main InRelease
Hit:4 http://nginx.org/packages/mainline/ubuntu xenial InRelease
Hit:5 http://nyc2.mirrors.digitalocean.com/ubuntu xenial InRelease
Hit:6 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-updates InRelease
Hit:7 http://nyc2.mirrors.digitalocean.com/ubuntu xenial-backports InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package vesta-php
E: Unable to locate package vesta-ioncube
E: Unable to locate package vesta-softaculous
Error: apt-get install failed
Do you think it has to do with this hack or the patch released?
Does anybody know some workaround for this?
Have the same problem on DigitalOcean, Ubuntu.
how certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs?kobo1d wrote: Mon Apr 09, 2018 12:22 pm blocking the port wont help you, i got hacked with closed port.
you dont need to believe me. read my previous post: viewtopic.php?f=10&t=16556&start=320#p69046Falzo wrote: Mon Apr 09, 2018 12:37 pmhow certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs?kobo1d wrote: Mon Apr 09, 2018 12:22 pm blocking the port wont help you, i got hacked with closed port.
so far you are the only one to be hacked with claiming to have had that port closed/whitelisted. no offense meant, but a single occurance could also point to a flaw in your setup/firewall ;-)
will see about that. I have a server (debian 9) freshly installed with vesta on april 2nd, port 8083 opened, which wasn't hit nor affected at all. I haven't updated yet, feel free to give pointers for what i should look and you think the attacking vector would be.kobo1d wrote: Mon Apr 09, 2018 12:39 pmyou dont need to believe me. read my previous post: viewtopic.php?f=10&t=16556&start=320#p69046Falzo wrote: Mon Apr 09, 2018 12:37 pmhow certain of that are you? while it's true that the default policy is DROP, did you actually CHECK if the change to that rule got reflected by iptables and really blocked access from foreign IPs?kobo1d wrote: Mon Apr 09, 2018 12:22 pm blocking the port wont help you, i got hacked with closed port.
so far you are the only one to be hacked with claiming to have had that port closed/whitelisted. no offense meant, but a single occurance could also point to a flaw in your setup/firewall ;-)
you will see that i am right when vestacp posts public news about what was happening with their rep.