WARNING! central VestaCP software vendor was hacked in 2018

not sure if they fixed the problem and continue VestaCP development (a shame, it was really a very very nice web based gui to admin web and mailsevers)

**ARGH**! worst-case!

this is what happens if servers that distribute software are hacked… this could happen to ANY software repository.

first docker started to piss me off… now vestacp.

time to minimalize software usage and config things manually and run everything in lighttpd AGAIN! X-D

https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/

Re: All VestaCP installations being attacked

Unread post by skid » Wed Oct 17, 2018 8:25 pm

I’m sorry about inactivity in this post from our side.

It was a complex issue and we were not sure we understand the whole picture.

Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one:
Our infrastructure server was hacked.

Presumably using API bug in the release 0.9.8-20.

The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here
>>>>> http://vestacp.com/test/?ip=127.0.0.1 <<<<<

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin