• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Take Heed! (( VestaCP ))
#1
Quote from Devs on forum:  https://forum.vestacp.com/viewtopic.php?...180#p73907

[Image: chrome_2018-10-17_14-35-49.png]


@Falzo made the initial discovery it seems. You can see it here: https://forum.vestacp.com/viewtopic.php?...160#p73881


[Image: chrome_2018-10-17_14-36-42.png]



Long story short, VestaCPs repository got hacked and was used as a relay for passwords being sent by an altered script during the install. Make sure to double check that you aren't on the list.

Also double check to make sure that `/usr/bin/dhcprenew` doesn't exist on your server. If it does double check with `strings /usr/bin/dhcprenew`

http://vestacp.com/test/?ip=127.0.0.1
  Reply
#2
Patches have been released. 
https://github.com/serghey-rodin/vesta/commits/master

Vesta was using the admin password for the default password for MySQL and Postgres. This allowed an attack surface as both services were open to the internet as the default firewall ruleset allows them through.
https://github.com/serghey-rodin/vesta/c...17b36cf5cd

Another prevention method was added over hash comparison. 
https://github.com/serghey-rodin/vesta/c...3d3a792f77

Another change is a prevention method of `sudo` abuse under the admin account. Now all sudo functions are limited to being run under `/usr/local/vesta/bin/`.
https://github.com/serghey-rodin/vesta/c...9e8e0579a7
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)