All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Take Heed! (( VestaCP! ))
Quote from Devs on forum: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907
@Falzo made the initial discovery it seems. You can see it here: https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=160#p73881
Long story short, VestaCPs repository got hacked and was used as a relay for passwords being sent by an altered script during the install. Make sure to double check that you aren't on the list.
Also double check to make sure that /usr/bin/dhcprenew
doesn't exist on your server. If it does double check with strings /usr/bin/dhcprenew
http://vestacp.com/test/?ip=127.0.0.1
p.s. I used images instead of copying the text because cloudflare is a butt.
Comments
Aren't the monthly vestacp issues getting tiresome for people?
Yup!
There are people in this community who vigilantly defend VestaCP...
I enjoy the lulz.
The sad thing about this whole fiasco is that nobody seems to have a clue.
It's like watching a headless chicken running into a mouth of a lion.
s/VestaCP/WordPress/
blunder from vestacp developer. Why the hell they need your password?
What did they check when you put your IP on that website? They didnt tell what to do on affected server.
stay.far.away
101 reasons to not use VestaCraP
Patch is coming out soon. Changes uploaded to github: https://github.com/serghey-rodin/vesta/commits/master
There are certain kinds of mistakes a knowledgeable developer (or team) knowing and caring about safety just doesn't make. I'm not talking about high level verification stuff, not even about not using PHP but about basic sound and solid design and craftsmanship.
If someone has had the kind of problems VestaCP had I'm not interested in patches anymore because you'll end up staying in an ugly and painful wheel.
Patches can solve fix Oops and glitches. What patches just can't fix is general incompetence, carelessness, and cluelessness.
ByeByeVestaCP
Lol @ https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77
He probably meant to write $_POST
"Professionally coded"
Hold your horses. This is a free product (for majority of users) and open source. Fork it, do it better, help development (if you have enough skill) instead of spilling your rotten anger.
VestaCP is good for what it is. Firewall the shit out of your server, turn off VestaCP when you do not manage anything with it. That's it. My VestaCP spinning 3 years already. No problems.
Damn, I miss @Nekki and his attitude towards nagging scums.
That's like saying herpes is good for what it is as long as you don't use Tinder.
So their code being manipulated for months and them not acknowledging the hack makes it good? All passwords were submitted to their servers in plain text.
When you need a firewall control panel for your Web hosting control panel....
Edit: I nominate VestaVestCP
For a start I wasn't angry. I merely said what I rationally thought and know.
As for "open source": NO, "it's free" or "it's open source" is NOT an excuse. Also it doesn't make the problems somehow magically disappear.
The question isn't opensource/free/commercial. The question is whether a reasonable minimum level of professionality and quality are met.
Just imagine all the servers that are holding more or less personal or even sensitive data. You want to tell the doxed or harmed users "It's open source/free!"?
It's about money and team. Mostly about money.
Their business model - garbage for them.
Their product - piece of shit too. Not because of lack of professionalism, but because of the amount of work what they physically can't maintain.
What do I mean?
They must (just my point of view)
How that part about helping to improve opensource software?
As you insist to ask: I don't think that any respectable and reasonably professional developer would touch that kind of sh*t. They'd rather do a fresh start.
A fresh start will just hurt more innocent people. They should simply close their door and move on .
Its a good concept with really bad code, right now it's just PESTacp.....
Open source web hosting software compromised with DDoS malware
https://www.zdnet.com/article/open-source-web-hosting-software-compromised-with-ddos-malware/
while the video seems totally unrelated, I'd say that article sums it up pretty good - BUT the timeframe given does not match my findings, though it might be OS related. I have servers installed with debian and found the infected installer on one set up on august 13th, but not on another set up july 22nd.
as the timestamp of the installer script is something mid of may I'd rather guess, the other post on their forums is messing up dates or has been misunderstood.
The main problem, for me, about VestaCP at the moment is really communication and clarification about this and other incidents.
I really love the simplicity about the control panel, is not a CP for massive use (ex reseller and shared hosting) but it's perfect to save some time (and money) when admin a little VPS or a single domain VPS.
I like the fact that, for example, i can turn off and on the CP itself, and it doesn't compromise the rest of the services, it's independent and i love about that.
The other thing is the options for minimal ou max install, for example, i never install mail, dns, etc... it's just nginx-fpm, maria/mysql and firewall.
Sincerely what other panels (even paid) can give you this kind of freedom and low resource usage?
VestaCP is a great CP made by great people, sometimes people make mistakes, and sometimes people learn from them (not necessarily tech or code mistakes, but human, communication and project management), let's hope that this is the case.
fully agree on that.
and just for reference leaving this here - https://web.archive.org/web/20181019113122/https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=200
got the feeling, I am not so welcome anymore over there
Meh, I was looking at it... and someone could easily brute force the /test/ address and find all ips that were exploited.
What else is new
VestaCP is gaining popularity.
Rack911 send this last evening. https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907
Read it, thanks.
No VestaCP, you fail to understand even that.
The "issue number one" is that you, VestaCP, are a bunch of clueless and shockingly unprofessional junk typists and make shifters who in all seriousness dare to offer something which you -obviously and proven- fail to properly understand and which you then implemented extremely poorly.