Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRITICAL - Vesta is no longer supported - Suggested easy migration #2254

Closed
industrial64 opened this issue Jun 23, 2022 · 9 comments
Closed

CRITICAL - Vesta is no longer supported - Suggested easy migration #2254

industrial64 opened this issue Jun 23, 2022 · 9 comments

Comments

@industrial64
Copy link

To any users of VestaCP. It is with sadness that I state a no well-known fact:
Vesta is no longer receiving security support, and several massive vulnerabilities have been exposed and well documented.

HestiaCP is a properly-supported evolution of VestaCP. Migrating from Vesta to Hestia is super easy, just backup your user, and restore your user on HestiaCP. (One important change from Vesta is that the Admin user should not be user/package that has domains/DB's/mail/etc.

Feel free to conduct your own investigation, and see why moving away from VestaCP is now CRITICAL.

HestiaCP is a shoe-fit for most because of the simplistic migration:

  1. VestaCP: v-backup-users
  2. SCP the .tar files to your new HestiaCP server
  3. HestiaCP: v-restore-user $USER $BACKUPFILE.tar
@ninjao
Copy link

ninjao commented Jun 23, 2022
edited

Is it best to install on a fresh system and restore thr backup?

Or ok to install on current system?
(Hestia i mean(

@industrial64
Copy link
Author

Fresh install STRONGLY and urgently recommended :)
Did a few Vesta>Hestia migrations, always do things clean. Leave behind outstanding vulnerabilities and anything which security holes left exposed for prolonged time on the open net. There could always be an attack laying in wait on an old Vesta system.

@jaapmarcus
Copy link
Contributor

Is it best to install on a fresh system and restore thr backup?

Or ok to install on current system? (Hestia i mean(

Update from VestaCP to Hesita without reinstalling OS is not supported.

If you have Debain 9 installed you can consider switching to MyVesta as they still support updating.

Also Debian Strech is EOL end of next month

@Devoleksiy
Copy link

@industrial64 Why are you making such a big statement here, are you a development participant?
@serghey-rodin Can you confirm this statement?

@jaapmarcus
Copy link
Contributor

jaapmarcus commented Jul 2, 2022
edited

Last commit was 6 months ago...

New security vulnerabilities:
#2246
#2252

  • I have reported 3 more...

Forum is dead:
https://forum.vestacp.com

It is up to you what you want to decide but I would move on...

@macedd
Copy link

macedd commented Jul 2, 2022 via email

@jaapmarcus
Copy link
Contributor

jaapmarcus commented Jul 2, 2022
edited

Hestia started after a group of developers have felt being ignored and a lot of good pull request where not merged with VestaCP. That why they have started HestiaCP.

What is different between VestaCP and HestiaCP

  • HestiaCP has regular releases https://github.com/hestiacp/hestiacp/releases/ are not afraid to acknowledge that they accidentally made mistakes with updates
  • Hestia runs test automated test builds on a regular inverted (Each merge into main, PR)
  • Build scripts are available as Open source and everybody can run them Even if the current maintainers vanish any fork can take over the job if they want.... And the are running the lastest PHP 8.1 version and Nginx 1.23 instead of Nginx 1.21 and php5.6.40
  • 3 users are able to publish the packages instead for VestaCP only one.
  • Has an active community behind it.
  • A lot of users have already switched and Hesita already have over 27k active servers

See also

#2006

@ScIT-Raphael
Copy link

Who are the maintainers and why they didn’t help here?

Because we can't. The only one who can publish new builds to the vesta repository is @serghey-rodin. We could have send PRs to the fix the issues, @jaapmarcus also did, for myself, I gave that up.

But I think the issue #2006 describes the situation properly.

@jaapmarcus
Copy link
Contributor

Also:
https://huntr.dev/repos/hestiacp/hestiacp
vs
https://huntr.dev/repos/serghey-rodin/vesta/

@jaapmarcus jaapmarcus mentioned this issue Jul 9, 2022
Closed
@divinity76 divinity76 mentioned this issue Jul 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@macedd @anton-reutov @jaapmarcus @ninjao @ScIT-Raphael @industrial64 @Devoleksiy