10-12-2018, 06:26 AM
(10-11-2018, 06:58 AM)unfortunately Wrote: Heard a lot of bad news about vestacp this days.
https://forum.vestacp.com/viewtopic.php?f=10&t=17641
I guess I can't trust vestacp anymore..
Mine have NOT been attacked. I've been working on both my VPSs (HostUS and Virmach with locations in the US) quite a lot during September right through to this week. I'm almost certain there are many more servers that haven't been attacked. Possibly those who are making the above kind of noises are in a small minority. If you check the last discussions looks as though the attack was on OVH and Hetzner Servers. Through SSH. It's not global.
Also note this post towards the end of the discussion - like this thread is taken way out of proportion to the small number of servers that have been penetrated and wish they would change the heading of it:
Falzo at VestaCP Forum Wrote:so anything new on that? from what we can read so far here, is that only a few servers have been hit and the attacker somehow gained ssh access?Source: https://forum.vestacp.com/viewtopic.php?p=73742#p73742
some had the vesta service running, some not... if that's the case a potential hacker would have needed to somehow get to know the admins password?
to those affected: do you allow admin for ssh access (default) and/or did you change the admin password after installation?
I haven't been affected this time (yet) and now am guessing that could be just because I don't allow admin for shell access...
BUT if the scenario is right, the (my) passwords could still be compromised, right? I don't like that idea.
Thing I hate about this is that the above "news" - that seems to be completely exaggerated beyond its real impact - is bad for my host - like hosts now get wary of vestacp, and I find that unfair. VestaCP is free, and although not perfect, there are Admin there who have been around for many years and are still doing their best to support the script. I've seen a HUGE improvement from 2014 when I first started to use VestaCP to today. Like amazing leap. Hopefully the Admin will be able to survive this type of negative publicity that I don't think is completely fair and deserved. Others here have said it too but it is a fact. Not only VestaCP is vulnerable, even cPanel is vulnerable for hacking, particularly with their e-mail.
Moral out of the discussion at VestaCP (above link) is that to change the port 22 to a different number is not a luxury - but every one should change their ports as a necessity. To a very good random number - and possibly like with their passwords keep changing it. I've tried the keyless entry, but got myself locked out that way. But who knows, maybe one of these days one won't have a choice in that either as these hackers seem to be getting better and better at it. Making VPS management from a security angle more and more uncomfortable.
Here is a random tutorial of how to change the port number of your VPS:
https://www.hostinger.com/tutorials/vps/...h-port-vps