Vesta: I got hacked and the they told me it was VestaCP

Created on 27 Sep 2018  路  15Comments  路  Source: serghey-rodin/vesta

Operating System (OS/VERSION):

Ubuntu 16.04

VestaCP Version:

Latest

I got hacked and the support already asked me from the start if I had VestaCP installed. They put me on recovery mode I did a quick backup. Now I have to redo my server from scratch. Their ticket answer was

A reinstallation will be required to reactivate the server, then we suggest you to install latest vestacp version as the one you installed had a bug that was used to make attacks.

Most helpful comment

first things first.

@ioannidesalex everyone here got lives, serghey, dpeca, the rest of the admins, and also i that, when i can, make commits to the main vesta repo.

everyone is trying to make this project come foward, for example, i've corrected some things, others, need an review, and finally, others i cannot do.

make a issue if you have information that is relevant.

by issuing an pr, or an issue, you are helping, IF

  • the issue is an pertinent question and you have insights of the question;
    or you know who has it.
  • the issue is an bug report and you have details about the problem;
    you have the details that cause the problem or you know who has it.
  • the issue is an feature that will make the panel greater;
  • the pr is solving some problem;
  • the pr is an complete feature that serves all OS's that Vesta CP supports.

etc...~

be patient

you guys have to be patient, about the development. we are not paid, we, developers, make this on our free time.

is there really a bug on this version?

if there is, please add an issue and in the title say something like this [URGENT][BUG] - 芦small desc of the bug禄 because guessing games are hard.

So

if you want to help to make this even greater, try to learn bash, php, and the other languages that this panel use, try to fix an issue, and when you can, send an PR referring one of the admins, cause it is hard to develop something like this.
If you cannot program or think that is boring, at least submit bugs to the issues with the necessary details for us, DEVELOPERS, can start correcting the problem.

Finally

That's why, wherever i can, i help the admins to develop some features, or to correct bugs.
this is an great panel, but it cannot be developed by it's own.

All 15 comments

If I am not mistaking there was a version with a big breach some time ago (a couple of months). If even the hosting provider told you it, you should keep vestaCP up to date. (like most of the software)

The problem is that I actually kept the latest version up-to-date 馃挴 %. I always do that!
I keep my systems up-to-date more then I should since newer patchers can have 0Day Exploits. Netherless. I was using the latest 0.9.8-22

Do you have a backup of the VPS? If there really is a breach in vestaCP it can't be found without this kind of information.

Security is a concern.

VestaCP roadmap document mentions that end-of-Sept-2018 there will be Version 0.9.8-23.
Its 02-Oct-2018. There has been no updates.

Any news?
I can' t even register on VestaCp forum site.

VestaCP should tell us of status, progress and milestones either on their website or on Git.

Everything seems to be falling apart. Unfortunately.

@ioannidesalex these type of months are always slow. Most of the people are on vacation and etc. I'm sure that the project isn't abandoned.

@MrGKanev Come on, it's October already :)

At least a message saying "We are on it - check back in October".

first things first.

@ioannidesalex everyone here got lives, serghey, dpeca, the rest of the admins, and also i that, when i can, make commits to the main vesta repo.

everyone is trying to make this project come foward, for example, i've corrected some things, others, need an review, and finally, others i cannot do.

make a issue if you have information that is relevant.

by issuing an pr, or an issue, you are helping, IF

  • the issue is an pertinent question and you have insights of the question;
    or you know who has it.
  • the issue is an bug report and you have details about the problem;
    you have the details that cause the problem or you know who has it.
  • the issue is an feature that will make the panel greater;
  • the pr is solving some problem;
  • the pr is an complete feature that serves all OS's that Vesta CP supports.

etc...~

be patient

you guys have to be patient, about the development. we are not paid, we, developers, make this on our free time.

is there really a bug on this version?

if there is, please add an issue and in the title say something like this [URGENT][BUG] - 芦small desc of the bug禄 because guessing games are hard.

So

if you want to help to make this even greater, try to learn bash, php, and the other languages that this panel use, try to fix an issue, and when you can, send an PR referring one of the admins, cause it is hard to develop something like this.
If you cannot program or think that is boring, at least submit bugs to the issues with the necessary details for us, DEVELOPERS, can start correcting the problem.

Finally

That's why, wherever i can, i help the admins to develop some features, or to correct bugs.
this is an great panel, but it cannot be developed by it's own.

Many control panels have suffered from attacks. I myself remember couple cases when entire servers were breached due to flaw in cPanel as well as Plesk, so Vesta is no exception. Those type of issues get patched quickly, but you have to be fast enough to update your servers.

The most you can do is limit access to panel (deny all, allow listed). If can't use that approach, at least have fail2ban and check for updates frequently.

As per an analysis by a forum member on the official forums, the issue with hacked servers has to do with a "backdoored" installer that was served before that did upload the admin credentials to Vestas server in base64.

Look at these commits and judge by yourself:

Ubuntu

Introduced here:
https://github.com/serghey-rodin/vesta/commit/a3f0fa1501d424477786e3e7150bb05c0b99518f

Omitted here:
https://github.com/serghey-rodin/vesta/commit/ee03eff016e03cb76fac7ae3a0f9d1ef0f8ee35b

This issue may also be persistent in other installer-files for other operatingsystems and this explains why servers got hacked with no evidence of actual applications being exploited.

Vesta team, we as a community would like an answer regarding your fuck-up and how the passwords were breached.

I understand people have lives, but this team is responsible for the security of the package. To say, be patient, while servers are comprised, is reckless at minimium, and the fact Vesta team added the commit to send our passwords to vestacp.com is, IMHO, criminal.

This needs to be addressed NOW.

Apparently this is very serious. Team says their infrastructure servers were hacked.

There is reply from the team in forum: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&hilit=passwords+sent+to+vestacp&start=180#p73907

My god this is serious. I'm changing admin password on my handful servers right now. I hope the best for vesta team.
IMHO, open source projects benefit the best from community interaction on platform like github. May this incident pushs vesta team toward retiring vestacp.com server during installation process. Aparently github less likely to get compromised and the community can help spot issues earlier.

Update is live, more details available in forum: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73920

Apparently there was a flaw in password reset mechanism. According to post, calling back to vestacp.com after installation was also removed.

I have been hacked recently again. Seems like he gained access to user "admin" , changed the password, deleted my backups and then asked money for my backups. And I had 0.9.8-23!

Thanks @serghey-rodin for the updates yet, your software is getting us total victims to Morocans and Russian hackers 馃憥 .

I think VestaCP is far from being safe on any system anymore. It is a total loss of time and resources.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

BukinPK picture BukinPK  路  5Comments

TKaluza picture TKaluza  路  8Comments

rinkuyadav999 picture rinkuyadav999  路  5Comments

patricmutwiri picture patricmutwiri  路  8Comments

ssd-disclosure picture ssd-disclosure  路  5Comments