fuck! shit! worst-case!

this is what happens if servers that distribute software are hacked… this could happen to ANY software repository.

first docker started to piss me off… now vestacp.

time to minimalize software usage and config things manually and run everything in lighttpd AGAIN! X-D

https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/

Re: All VestaCP installations being attacked

Unread post by skid » Wed Oct 17, 2018 8:25 pm

I’m sorry about inactivity in this post from our side.

It was a complex issue and we were not sure we understand the whole picture.

Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one:
Our infrastructure server was hacked.

Presumably using API bug in the release 0.9.8-20.

The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here
>>>>> http://vestacp.com/test/?ip=127.0.0.1 <<<<<

admin