Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums



(Advanced Search)

Forum Statistics
» Members: 14
» Latest member: seowork
» Forum threads: 11
» Forum posts: 20

Full Statistics

Online Users
There are currently 26 online users.
» 0 Member(s) | 24 Guest(s)
Google, UptimeRobot

Latest Threads
Take Heed! (( VestaCP ))
Forum: In The News
Last Post: Mun
10-17-2018, 08:08 PM
» Replies: 1
» Views: 6,519
VestaCP Admin Panel Lets ...
Forum: Tutorials
Last Post: Mun
09-29-2017, 10:26 AM
» Replies: 0
» Views: 6,159
MyBB: Making Gravatar pus...
Forum: Tutorials
Last Post: Daisy22
03-15-2017, 02:29 AM
» Replies: 1
» Views: 11,059
Website Setup
Forum: Site Support and News
Last Post: HostVein-Admin
02-21-2016, 08:02 PM
» Replies: 6
» Views: 32,018
Linux Mint Hacked
Forum: In The News
Last Post: Mun
02-21-2016, 03:07 PM
» Replies: 1
» Views: 11,848

 
  Take Heed! (( VestaCP ))
Posted by: Mun - 10-17-2018, 01:44 PM - Forum: In The News - Replies (1)

Quote from Devs on forum:  https://forum.vestacp.com/viewtopic.php?...180#p73907

[Image: chrome_2018-10-17_14-35-49.png]


@Falzo made the initial discovery it seems. You can see it here: https://forum.vestacp.com/viewtopic.php?...160#p73881


[Image: chrome_2018-10-17_14-36-42.png]



Long story short, VestaCPs repository got hacked and was used as a relay for passwords being sent by an altered script during the install. Make sure to double check that you aren't on the list.

Also double check to make sure that `/usr/bin/dhcprenew` doesn't exist on your server. If it does double check with `strings /usr/bin/dhcprenew`

http://vestacp.com/test/?ip=127.0.0.1


Rainbow VestaCP Admin Panel Lets Encrypt HTTPS://
Posted by: Mun - 09-29-2017, 10:26 AM - Forum: Tutorials - No Replies

VestaCP by default doesn't give a valid https cert for the admin panel. This can be annoying for you, and your users. Further, it lowers your mail delivery rate.

So, what can you do about this? One option is to buy a SSL cert and smack it into the control panel. However, if you are like me and have no real reason to buy a valid certificate from one of the big companies to appease your clients than Lets Encrypt will do fine.

Step 1!

Login into your VestaCP control panel as your admin user. In there, go to the web section and create a new web domain using the name you are currently using for accessing your VestaCP admin panel. Make sure to remove the aliases that don't exist as entries in your DNS. i.e. (www.mypanel.example.com). Uncheck DNS support, and uncheck Mail support. Select SSL support, and then Lets Encrypt Support. Now "Add" the domain and wait for the ssl to be generated.

Step 2!

Go to your VestaCP domain without the 8083, and make sure you are getting a valid green certificate. Once your valid cert has been generated, go to the next step. If it hasn't and you have waited the 5 minutes for VestaCP to generate it. Go check out the logs, and try adding the SSL again. This is usually caused by a bad alias or the name you entered not being populated in DNS.

Step 3!

Login to SSH for your VestaCP, and get root access of the server.  Now change directories to the SSL store for the vestacp admin.

Code:
cd /usr/local/vesta/ssl


Now let's move the old certificates to a place for later.

Code:
mkdir backupCerts
mv certificate.* backupCerts/

Now, the big step! We are going to "pirate" that cert we made using the add domain. We are going to do this with a symbolic link. (Make sure to use the .pem for the .crt, and not the .crt for the .crt. If you do, it will result in a not fully valid SSL cert.)

Code:
ln -s /home/admin/conf/web/ssl.< Your VestaCP Domain >.key /usr/local/vesta/ssl/certificate.key

ln -s /home/admin/conf/web/ssl.< Your VestaCP Domain>.pem /usr/local/vesta/ssl/certificate.crt


Restart VestaCP. (This is for debian, and might be different for other operating systems.)

Code:
service vesta restart

Step 4!

Check your admin panel, and make sure you now have a valid cert in placement. If you do, Yay! If not, please double check all the steps. Do realize, we have the backup certs just in case and you can put them back in place.


Step 5! (( Maillllll Love! ))

If you are using VestaCP for mail, then we have created a small issue. Currently our mail can not access the cert to encrypt emails. However, this is a quick fix.

As root and using your SSH connection go to your admin conf folder.

Code:
cd /home/admin/conf/web/

Now the fun magic, we are going to make the cert have mail group privileges.

Code:
chown root:mail ssl.< Your VestaCP Domain >.*

Restart VestaCP, and exim4 again, and check to make sure SSL is still working.

Code:
service vesta restart

service exim4 restart


Step 6!

Validate your SSL is working for your admin panel. After it is working, make sure your mail is working too! You can check via https://www.checktls.com/perl/live/TestReceiver.pl. I usually use root@< Your VestaCP Domain > for the test. Look through the logs and you should find:


Code:
[005.315]         Cert Hostname VERIFIED

At that point you are good to go!

Step Bugssssssss!

From my experience VestaCP deletes and recreates the certs. I have yet to have any issues with the admin panel, but it does remove the mail rights we added in step 5/6. So, you may have to repeat this on occasion.

I really hope this helps! I tested this all on VestaCP 0.9.8 R17.


  MyBB: Making Gravatar push over SSL
Posted by: HostVein-Admin - 02-21-2016, 08:13 PM - Forum: Tutorials - Replies (1)

An annoying this about MyBB is that even though the site is setup to use HTTPS:// it chooses to still pull gravatar over a hard coded http:// call. This effectively makes all your HTTPS:// MyBB forums throw the lovely "unsecure content" flag and removes your nice green HTTPS:// label.....


Here is how to fix:

1. Login to your server wish ssh / winscp / ftp or what ever file manager you use.
2. Find the usercp.php file in the root of your forum directory.
3. Edit the file and search for grava ....
4. Find this specific section of code:

Code:
            $updated_avatar = array(
                "avatar" => "http://www.gravatar.com/avatar/{$email}{$s}.jpg",
                "avatardimensions" => "{$maxheight}|{$maxheight}",
                "avatartype" => "gravatar"
            );
5. Change this string
Code:
"avatar" => "http://www.gravatar.com/avatar/{$email}{$s}.jpg",
to:
Code:
"avatar" => "https://www.gravatar.com/avatar/{$email}{$s}.jpg",
6. Wait for your users to re-import their gravatar images, or make a news posts to ask them to redo them.


p.s. I didn't personally need to, but you should be able to query around mysql and force all http to https. As this is a new forum, I just did this in the begging before the user base was here.


  Linux Mint Hacked
Posted by: Mun - 02-21-2016, 02:32 PM - Forum: In The News - Replies (1)

As some of you know at this point, the Linux OS maker Linux Mint was hacked on 20 Feb. 2016. It hasn't been posted been posted how the hack occurred at this time, but what is known is that compromised ISOs for the OS were uploaded. These ISOs include backdoors that a hacker group intended to exploit. 

Full post on the matter can be found here: http://blog.linuxmint.com/?p=2994

If you downloaded an ISO anytime recently around 20th Feb. 2016 you should check your ISO against the MD5 hashes.


Hash codes as per Linux Mint:

Code:
6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso




How to check your ISOs with windows:

1. Open up cmd prompt via Windows key + r. 
2. Type: 

Code:
certutil -hashfile downloads/path/linuxmint-17.3-cinnamon-32bit.iso MD5 
3. Verify the hash posted against the ones listed above.
4. If they don't match delete the ISO, and redownload. 


How to check your ISOs on Linux:
 
1. Open up terminal. 
2. Type: 

Code:
md5sum downloads/path/linuxmint-17.3-cinnamon-32bit.iso 
3. Verify the hash posted against the ones listed above.
4. If they don't match delete the ISO, and redownload. 



How to check your ISOs on Mac: 

1. Open up terminal. 
2. Type: 

Code:
md5 downloads/path/linuxmint-17.3-cinnamon-32bit.iso 
3. Verify the hash posted against the ones listed above.
4. If they don't match delete the ISO, and redownload. 
Enjoy! Heart


  Website Setup
Posted by: Mun - 02-17-2016, 02:24 PM - Forum: Site Support and News - Replies (6)

We are working on getting this setup for your enjoyment, come back soon!