General Questions and chit chat NOT related to support. Please Use the "Buyers" section for any support related needs.
Forum rules ONLY CHIT CHAT :-) Specific theme, MODs/Extensions support only in the "Buyers section". Thank-you!
#26585 by ThemeSplat
April 9th, 2018, 2:07 pm
Vulnerability discovered within the VestaCP software. The exploit is being used to gain root access to server running Vesta Panel. Exploited servers are then being used to perform a DoS attack to remote servers by sending large amounts of traffic.

DigitalOcean promptly blocked access to the default Vesta panel port:
https://www.digitalocean.com/community/ ... l-8th-2018

More info about the vulnerability:
https://forum.vestacp.com/viewtopic.php?p=68594#p68594



skid » Sun Apr 08, 2018 7:05 am wrote:Here is what we know so far:
1. The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh
2. It was an automated hack
3. CentOS, Debian, Ubuntu all distros are affected it's platform independent
4. We didn't find any traces in vesta and system logs yet
5. On April 7 infected servers started to DDoS remote hosts using /usr/lib/libudev.so.

What you can do:
The best way to stay safe is to temporary disable vesta web service
Code: Select allservice vesta stop

Code: Select allsystemctl disable vesta

or limit access to port 8083 using firewall

What we are doing:
Few users provided us with root access to their servers. We are investigating what happened. We also launched a couple honeypots in order to get full picture of the hack.



All clients having issues with this should get in contact via email/PM to work out the fixes needed.

Who is online

Users browsing this forum: No registered users and 6 guests