frame

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

VestaCP zeroday exploit

WilliamWilliam Moderator
edited April 9 in General Discussions
VestaCP creators are currently working on patch that would remove this vulnerability. However for this moment, this is what has been provided by Vesta about the issue:

1. The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh
2. It was an automated hack
3. The attack was platform independent.
4. VestaCP team didn’t find any traces in Vesta and system logs yet
5. On April 7 infected servers started to DDoS remote hosts using /usr/lib/libudev.so.

As a solution, VestaCP has proposed to turn off vestacp service. This can be done from the SSH with following commands:

service vesta stop

systemctl stop vesta

For security measures change the default port from 8083 to another.


Tagged:

Comments

  • tothinotothino Member
    edited April 9
    VestaCP team released  a patch (0.9.8 Release 20, they found a vulnerability on password management; changelog: hardening password checks, auth fix);
    however i changed default port, i need to control SSH access on port 22 by IP, and my IP is not static, it may change every few day.

    An OT question: is your web console on port 22?

  • WilliamWilliam Moderator
    edited April 10
    For the IP restriction, in general, this is good practice, but in your case when you have dynamic IP - recommendation would be remove the IP restriction and only change the SSH port.

    In this case what is related to VestaCP vulnerability, you should also change the default 8083 port of the Vesta log-in page to another. For the patch that was released, and possible ways of loading it on your server, few possible ways of doing so is provided on VestaCP forum:

    https://forum.vestacp.com/viewtopic.php?f=10&t=16556&start=260#p68893

    Our web console is generated not via specific ports, but from the inside of the node. So restrictions on your server ports does not affect the connection through it. However take notice that web console should be used only in emergencies.



  • tothinotothino Member
    Thanks for your answer William.
    VestaCP on my VPS, autoupdated yesterday at 1:00 am, and I changed default 8083 port for VestaCP,  following some guide on vestacp forum (same thread); btw i'm a little scared to change SSH port, in case somthing goes wrong and i lost access. I put restrition on IP because of many tries from chinese IPs on ssh; and i set my IP through VestaCP; however good to know that web console may be used in emergency.

  • tothino said:
    Thanks for your answer William.
    VestaCP on my VPS, autoupdated yesterday at 1:00 am, and I changed default 8083 port for VestaCP,  following some guide on vestacp forum (same thread); btw i'm a little scared to change SSH port, in case somthing goes wrong and i lost access. I put restrition on IP because of many tries from chinese IPs on ssh; and i set my IP through VestaCP; however good to know that web console may be used in emergency.

    Hello tothino,

    Maybe you can use CSF https://configserver.com/cp/csf.html, its a firewall that have two important things for you, 
    1. Restriction by IP using services like No-IP or another Dynamic DNS Service, so you put you Dynamic DNS in allowed IP's.
    2. You can add blacklists to block IP Address that are recognized like SPAM, Attacks, Brute-Force, etc..

    Also, you can use Keys instead of password to allow SSH access, this will add more security to your setup and you dont need to change port. Only remember, keep you SO updated,
  • vinahostvinahost Member
    edited July 2
    thanks for sharing. Maybe i should backup data and transfer to another hosting controller (cPanel).
  • GiedriusGiedrius Moderator
    Update.

    It seems that very recently the VestaCP panel was compromised once again. Time4VPS would like to recommend every VestaCP user to update their panel as soon as possible to avoid any further issues. You can do that by executing the following command via SSH:
    v-update-sys-vesta-all
Sign In or Register to comment.

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2018 Time4VPS. All rights reserved.

Get In Touch