Hi all,
Since I can’t update the previous thread about the same issue, I’m reposting here (mods please feel free to move this post).
While doing some manual server housekeeping, I noticed some leftover ssl cert tmp files under /home/admin
root@myserver:~# ls -lR /home/admin/web/myserver.mydomain.tld/
/home/admin/web/myserver.mydomain.tld/:
total 4
drwxr-x–x 2 admin admin 2 Jul 14 2020 cgi-bin
drwxr-x–x 2 admin admin 6 Sep 30 20:26 document_errors
dr-xr-x–x 2 admin admin 4 Sep 30 20:26 logs
drwxr-x–x 3 admin admin 3 Oct 2 03:34 private
drwxr-x–x 2 admin www-data 4 Jul 14 2020 public_html
drwxr-x–x 2 admin www-data 4 Jul 14 2020 public_shtml
dr-xr-x–x 2 admin admin 2 Jul 14 2020 stats/home/admin/web/myserver.mydomain.tld/cgi-bin:
total 0/home/admin/web/myserver.mydomain.tld/document_errors:
total 11
-rw-r–r-- 1 admin admin 3044 Sep 30 20:26 403.html
-rw-r–r-- 1 admin admin 3302 Sep 30 20:26 404.html
-rw-r–r-- 1 admin admin 3086 Sep 30 20:26 410.html
-rw-r–r-- 1 admin admin 3182 Sep 30 20:26 50x.html/home/admin/web/myserver.mydomain.tld/logs:
total 1
lrwxrwxrwx 1 root root 54 Sep 30 20:26 myserver.mydomain.tld.error.log → /var/log/apache2/domains/myserver.mydomain.tld.error.log
lrwxrwxrwx 1 root root 48 Sep 30 20:26 myserver.mydomain.tld.log → /var/log/apache2/domains/myserver.mydomain.tld.log/home/admin/web/myserver.mydomain.tld/private:
total 2
drwx------ 2 admin admin 6 Oct 2 03:34 tmp.52FEMfxt8F/home/admin/web/myserver.mydomain.tld/private/tmp.52FEMfxt8F:
total 17
-rw-rw---- 1 admin admin 3750 Aug 4 03:34 myserver.mydomain.tld.ca
-rw-rw---- 1 admin admin 2199 Aug 4 03:34 myserver.mydomain.tld.crt
-rw-rw---- 1 admin admin 3243 Aug 4 03:34 myserver.mydomain.tld.key
-rw-rw---- 1 admin admin 5950 Aug 4 03:34 myserver.mydomain.tld.pem/home/admin/web/myserver.mydomain.tld/public_html:
total 3
-rw-r–r-- 1 admin admin 2906 Jul 14 2020 index.html
-rw-r–r-- 1 admin admin 66 Jul 14 2020 robots.txt/home/admin/web/myserver.mydomain.tld/public_shtml:
total 3
-rw-r–r-- 1 admin admin 2906 Jul 14 2020 index.html
-rw-r–r-- 1 admin admin 66 Jul 14 2020 robots.txt/home/admin/web/myserver.mydomain.tld/stats:
total 0
root@myserver:~#
TIA.
PS: Btw is default HestiaCP config affected by the recent Apache 2.4.49/50 bug that is being exploited recently ( critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)