DigitalOcean promptly blocked access to the default Vesta panel port:
https://www.digitalocean.com/community/ ... l-8th-2018
More info about the vulnerability:
skid » Sun Apr 08, 2018 7:05 am wrote:
Here is what we know so far:
- The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh
- It was an automated hack
- CentOS, Debian, Ubuntu all distros are affected it’s platform independent
- We didn’t find any traces in vesta and system logs yet
- On April 7 infected servers started to DDoS remote hosts using /usr/lib/libudev.so.
What you can do:
The best way to stay safe is to temporary disable vesta web serviceCode: Select all
service vesta stopCode: Select all
systemctl disable vesta
or limit access to port 8083 using firewall
What we are doing:
Few users provided us with root access to their servers. We are investigating what happened. We also launched a couple honeypots in order to get full picture of the hack.
All clients having issues with this should get in contact via email/PM to work out the fixes needed.
- Deploy an NVMe server in 30 seconds. Sign up with my link and get $50 in credit.
- Get a custom professional email (@yourcompany.com), 24/7 support, 30GB of storage, and more. Google Apps For Business
- Follow me on ThemeForest to get the latest updates ThemeSplat
- Follow me on GitHub SiteSplat