VestaCP Free Hosting Control Panel

VestaCP SSL for mail server

VestaCP install self signed SSL for mail server by default. To install valid SSL, login to VestCP, go to sites. You will see a site with your sites hostname. If you don’t see it, create a site with your server hostname. Make sure DNS edited so hostname resolve to server IP. Now you should be able to get free LetsEncrypt SSL for this site.

if you check Apache Virtual Host for the site, you will see someting like

In VeataCP the config files for exim and dovecot located at

These configs use SSL located at /usr/local/vesta/ssl/certificate.crt and /usr/local/vesta/ssl/certificate.key.

To use the FREE SSL, create a bash script.

Add

make the file executable

Run the script

Now SSL will work for mail server and VestaCP. To access VestaCP, use

Verify Mail Server SSL

You can view mail server SSL with command

Replace HOSTNAME with actual hostname of your server.

Auto Renew SSL

LetsEncrypt SSL expire every 90 days. So we will create a cronjob to auto renew SSL. Ff you have a paid SSL, you don’t need this cronjob

Create a cronjob with

Add

Related Posts

VestaCP Free Hosting Control Panel

VestaCP Free Hosting Control Panel

VestaCP Installer Compromised

VestaCP Free Hosting control panel compromised again. Hackers where able to get access to VestaCP infrastcuture server, allowing them to modify installation script, so it sent root password of servers to hacker.

Here is post from VestaCP on their forum

I’m sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one

Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20. The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here

http://vestacp.com/test/?ip=127.0.0.1

If it’s there you should change admin passwords as soon as possible. Also please make sure there is no /usr/bin/dhcprenew binary installed on your server. This binary is some sort of trojan that is able to launch remote DDoS attack or open shell to your server

For more information, see

https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907

VestaCP Free Hosting Control Panel

VestaCP Zero-day exploit

On 07 April 2018, many servers using VestaCP got hacked. Hacker was able to get root acceess on these servers.

VestaCP Free Hosting Control Panel

Hacker installed some trojan software known as Chinese Chicken that is used to DDoS other servers.

To see if your server is hacked, check if file /etc/cron.hourly/gcc.sh is present in your server.

You can read more about this DDoS Trojan at

https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/

If you are running VestaCP, stop it until a solution for this exploit is released.

You can find discussion on this exploit on VestaCP form

https://forum.vestacp.com/viewtopic.php?f=10&t=16556

Once server is rooted, it is better to take backup of all your data and restore OS.

VestaCP Free Hosting Control Panel

VestaCP Free Hosting Control Panel

Reset VestaCP admin password
Change Server Hostname in VestaCP
VestaCP SSL for mail server

VestaCP Free Hosting Control Panel

You can login to VestaCP at

phpMyAdmin available at

http://YOUR-IP-ADDR/phpmyadmin/

You can see phpMyAdmin Nginx config at /etc/nginx/conf.d/phpmyadmin.inc

Web Site DocumentRoot

Web sites are stored in folder

Log Files

/var/log/nginx/domains/ => stores Nginx Access and error logs for hosted web sites.

Configuration Files

php-fpm configurations for each web sites are stored in /etc/php-fpm.d/DOMAIN.conf, each web sites runs php-fpm in its own pool. Here is sample config

Apache/Nginx configuration in folder : /home/admin/conf/web (admin is user, if you have other users, check folder for the user)

VestaCP Installer Compromised

See Hosting Control Panel