Welcome to Centmin Mod Community
Become a Member

Security Ouch VestaCP servers hacked !

Discussion in 'System Administration' started by eva2000, Apr 8, 2018.

Tags:
  1. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:20 PM
    1.9.x
    10.1.x
    It seems that only the Ubuntu VestaCP Repo was compromised. So, anyone using another distro was not affected.
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,477
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,726
    Local Time:
    7:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    but that thread did report CentOS users with ddos reports ?
     
  3. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:20 PM
    1.9.x
    10.1.x
    Those ones were probably directly hacked using the exploit. Someone knew they were using Vesta, and hacked them. But this one, a simple .htaccess would solve the exploit, since they would not be able to enter Vesta without the pass protection from Nginx.

    The other one where they compromised the Vesta Ubuntu Repo was a far bigger problem.
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,477
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,726
    Local Time:
    7:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah the compromised infrastructure is a big one as you have no idea what type of/other sensitive information was compromised because of this.
     
  5. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:20 PM
    1.9.x
    10.1.x
    Imagine me, i normally install VestaCP just for their Backup Script that i like. With that in mind, Vesta in my server is turned off and disabled, only the backup script is running. My server was not exploitable because of that.

    But the thing is, for luck, Centos Repo was not compromised, because if it was i would have updated from a modified repo that would have infect my server... This is really a big problem.

    What i think i will do now is completely uninstall vesta and somehow copy or replicate their backup script or go look for another script out there.
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,477
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,726
    Local Time:
    7:20 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    probably best All VestaCP installations being attacked | Web Hosting Talk