It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In RegisterIt looks like you're new here. If you want to get involved, click one of these buttons!
Howdy, Stranger!
It looks like you've been lurking for a while.
If you register, we also will remember what you have read and notify you about new comments. You will also be able to participate in discussions.
So if you'd like to get involved, register for an account, it'll only take you a minute!
/etc/cron.hourly/gcc.sh
/usr/lib/libudev.so
.service vesta stop
systemctl stop vesta
Comments
however i changed default port, i need to control SSH access on port 22 by IP, and my IP is not static, it may change every few day.
An OT question: is your web console on port 22?
In this case what is related to VestaCP vulnerability, you should also change the default 8083 port of the Vesta log-in page to another. For the patch that was released, and possible ways of loading it on your server, few possible ways of doing so is provided on VestaCP forum:
https://forum.vestacp.com/viewtopic.php?f=10&t=16556&start=260#p68893
Our web console is generated not via specific ports, but from the inside of the node. So restrictions on your server ports does not affect the connection through it. However take notice that web console should be used only in emergencies.
VestaCP on my VPS, autoupdated yesterday at 1:00 am, and I changed default 8083 port for VestaCP, following some guide on vestacp forum (same thread); btw i'm a little scared to change SSH port, in case somthing goes wrong and i lost access. I put restrition on IP because of many tries from chinese IPs on ssh; and i set my IP through VestaCP; however good to know that web console may be used in emergency.
Maybe you can use CSF https://configserver.com/cp/csf.html, its a firewall that have two important things for you,
1. Restriction by IP using services like No-IP or another Dynamic DNS Service, so you put you Dynamic DNS in allowed IP's.
2. You can add blacklists to block IP Address that are recognized like SPAM, Attacks, Brute-Force, etc..
Also, you can use Keys instead of password to allow SSH access, this will add more security to your setup and you dont need to change port. Only remember, keep you SO updated,
It seems that very recently the VestaCP panel was compromised once again. Time4VPS would like to recommend every VestaCP user to update their panel as soon as possible to avoid any further issues. You can do that by executing the following command via SSH: