+- Post4VPS Forum | Free VPS Provider (https://post4vps.com)
+-- Forum: General Chat (https://post4vps.com/Forum-General-Chat)
+--- Forum: General (https://post4vps.com/Forum-General)
+--- Thread: New VestaCP Vulnerability ? (/Thread-New-VestaCP-Vulnerability)
Pages:
1
2
New VestaCP Vulnerability ? - xdude - 09-26-2018
I don't use VastaCP but I used to testing it till last month. It seems members of several other forums talking about some sort of new vulnerability and many Centos / VestaCP servers are attacked. But sure if it's only happened in CentOS servers or all VestaCP servers. Anyway If you use VestaCP better check your sever. Test everything including ports.
RE: New VestaCP Vulnerability ? - perry - 09-26-2018
the Vulnerability is quite old now. there is a "fix" brought in.
as for my prediction, it was caused by a plugin can't say much.
as long as you keep a strong password on root and different port with latest updates there is no reason to be afraid.
for the others: I'm not saying that this is a 100% fix.
new one introduced.
idk how this will affect in future.
RE: New VestaCP Vulnerability ? - humanpuff69 - 09-26-2018
that is another reason why i just use terminal to manage my server instead of using those panel . some people says that because vestacp is open source (with some pay 2 win element like sftp chroot ) the exploiter can find a vuln easily but the problem is that if the software open source the community should patch it like other open source software does
RE: New VestaCP Vulnerability ? - xdude - 09-26-2018
I don't think it has nothing to do with a software been open source. When it's an open source software it's easier to find this sort of problems and also get patched faster. In most cases commercial software providers wouldn't say anything about loop holes even when the find one unless it's a really big security threat. Even then they tell their clients only when they find a solution for. We just have to stay upto date about these things and make sure to take all security measures.
RE: New VestaCP Vulnerability ? - Lampard - 09-26-2018
One of the recent exploit is very critical. Few months ago i have also heard about more issues which makes me stay FAR away from this control panel. Their developers say that it will take like one month to fix them and release new update.
RE: New VestaCP Vulnerability ? - Kururin - 09-27-2018
Yea stay really far away from this panel, it's constantly bombarded by bugs and security vulnerabilities. I don't know why people still use it.
RE: New VestaCP Vulnerability ? - xdude - 09-27-2018
But several years ago it used to be quite solid panel. I moved from there to Virtualmin because those days VestaCP didn't have some features I wanted and couldn't get support from there forum for several problems I had with the panel. Last year I found they had added so many more features and even GUI has become lot better.
I don't know how bad this vulnerability is but in many cases if you have your server hardened properly you can stay safe. @deanhills has been using VestaCP for a long time. I wonder if his servers are also effected.
RE: New VestaCP Vulnerability ? - sagher - 09-27-2018
VestaCP is one of the best Control Panel. other then provider's CP. or visualizer.
RE: New VestaCP Vulnerability ? - tryp4vps - 09-27-2018
(09-26-2018, 08:45 PM)Lampard Wrote: ...... Their developers say that it will take like one month to fix them and release new update.
You mean the fix for the most recent exploit?
Would be interested to know where you could see that their developers saying it will take one month to fix.
Because I can only see someone opened an issue here:
https://github.com/serghey-rodin/vesta/issues/1715
But there is no reply yet.
RE: New VestaCP Vulnerability ? - deanhills - 09-29-2018
(09-27-2018, 04:41 AM)xdude Wrote: I don't know how bad this vulnerability is but in many cases if you have your server hardened properly you can stay safe. @deanhills has been using VestaCP for a long time. I wonder if his servers are also effected.Actually I haven't been affected yet, that doesn't make me invulnerable though. It's a reality that can happen at any time. When it does, you'll probably hear about it, as I'd imagine it will hurt enough to want to write plenty of posts about it.
I've got a theory though for the reason I've been OK until now. I don't use all of the features of the VestaCP installer. Like I don't use the FTP or Mail features. For me those two in particular are the areas where hacking occurs most. The e-mail clients that are offered are leaky at best. Other reason could be that people don't have their VestaCP on automatic updates. Although maybe when it gets to updates, those updates seem to be lagging behind the hacking events taking place. It's almost too late for an update by the time the event has happened. Not that I'm critical, like this is a free panel with guys putting in voluntary service. I'm just very grateful to be able to use it for free.
I've just checked cPanel cost for VPS again. 14US$ per month. Wow! That is more than for a VPS!