VestaCP has a serious security flaw that causes your server to be exploited for DDoS

Chris Worner

Well-known member
Joined
Apr 15, 2016
Messages
366
Best answers
0
Ratings
35
Points
28
#1
Currently, VestaCP is having an extremely serious and zero-day vulnerability that could cause your server to become a tool for denial of service attacks (DDoS).
Information about this security bug appeared on the forum of VestaCP and is interested by more people because of its severity.
If you are using VestaCP, immediately stop the Vesta Control Panel service using the command below and wait for the fix (Websites on the VestaCP server are still working properly):

Code:
systemctl stop vesta && systemctl disable vesta
And run the following command if the VestaCP information has been fixed

Code:
systemctl enable vesta && systemctl start vesta
If the directory /etc/cron.hourly/ has a gcc.sh file then your server has been exploited for attack.

VestaCP released the latest update - 0.9.8-20 - patched and enhanced security.

If you are using VestaCP, immediately update your control panel to the latest version in one of two ways:

Method 1: Accessing VestaCP web hosting panel on your server (Updates section)

update_vestacp.png

Method 2: via SSH

Code:
# v-update-sys-vesta-all
Recheck
Code:
#v-list-sys-vesta-updates
PKG                VER    REL  ARCH    UPDT  DATE
---                ---    ---  ----    ----  ----
vesta              0.9.8  20   x86_64  yes   2018-04-09
vesta-php          0.9.8  19   x86_64  yes   2018-04-09
vesta-nginx        0.9.8  19   x86_64  yes   2018-04-09
vesta-ioncube      0.9.8  19   x86_64  yes   2018-04-09
vesta-softaculous  0.9.8  19   x86_64  yes   2018-04-09
Note: if you turned off VestaCP service then you need to restart and run the upgrade.

Code:
# systemctl enable vesta && systemctl start vesta
Hope this info is useful to you.
 
Newer Threads
Recommended Threads
Replies
0
Views
202
Replies
3
Views
1,136
Replies
3
Views
1,941

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top