• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Take Heed! (( VestaCP ))
Quote from Devs on forum:  https://forum.vestacp.com/viewtopic.php?...180#p73907

[Image: chrome_2018-10-17_14-35-49.png]

@Falzo made the initial discovery it seems. You can see it here: https://forum.vestacp.com/viewtopic.php?...160#p73881

[Image: chrome_2018-10-17_14-36-42.png]

Long story short, VestaCPs repository got hacked and was used as a relay for passwords being sent by an altered script during the install. Make sure to double check that you aren't on the list.

Also double check to make sure that `/usr/bin/dhcprenew` doesn't exist on your server. If it does double check with `strings /usr/bin/dhcprenew`

Patches have been released. 

Vesta was using the admin password for the default password for MySQL and Postgres. This allowed an attack surface as both services were open to the internet as the default firewall ruleset allows them through.

Another prevention method was added over hash comparison. 

Another change is a prevention method of `sudo` abuse under the admin account. Now all sudo functions are limited to being run under `/usr/local/vesta/bin/`.

Forum Jump:

Users browsing this thread: 1 Guest(s)