VestaCP has a serious security flaw that causes your server to be exploited for DDoS

Chris Worner

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
Currently, VestaCP is having an extremely serious and zero-day vulnerability that could cause your server to become a tool for denial of service attacks (DDoS).
Information about this security bug appeared on the forum of VestaCP and is interested by more people because of its severity.
If you are using VestaCP, immediately stop the Vesta Control Panel service using the command below and wait for the fix (Websites on the VestaCP server are still working properly):

Code: 
systemctl stop vesta && systemctl disable vesta
And run the following command if the VestaCP information has been fixed

Code: 
systemctl enable vesta && systemctl start vesta
If the directory /etc/cron.hourly/ has a gcc.sh file then your server has been exploited for attack.

VestaCP released the latest update - 0.9.8-20 - patched and enhanced security.

If you are using VestaCP, immediately update your control panel to the latest version in one of two ways:

Method 1: Accessing VestaCP web hosting panel on your server (Updates section)

update_vestacp.png

Method 2: via SSH

Code: 
# v-update-sys-vesta-all
Recheck
Code: 
#v-list-sys-vesta-updates
PKG                VER    REL  ARCH    UPDT  DATE
---                ---    ---  ----    ----  ----
vesta              0.9.8  20   x86_64  yes   2018-04-09
vesta-php          0.9.8  19   x86_64  yes   2018-04-09
vesta-nginx        0.9.8  19   x86_64  yes   2018-04-09
vesta-ioncube      0.9.8  19   x86_64  yes   2018-04-09
vesta-softaculous  0.9.8  19   x86_64  yes   2018-04-09
Note: if you turned off VestaCP service then you need to restart and run the upgrade.

Code: 
# systemctl enable vesta && systemctl start vesta
Hope this info is useful to you.
 
You must log in or register to reply here.
Older Threads
seth_smlwd
How Do I Increase The Visibility Of My Instagram Posts With Consistent Planning?
Replies
1
Views
1,478
superman2727
R
Need advice to mitigate malware
Replies
6
Views
3,150
roboticpuppies
ahirehost
How To Find The Real IP Address Of A Website Behind CloudFlare
Replies
2
Views
2,085
AECHostingNet
D
Error 524 - a timeout occurred
Replies
2
Views
2,914
MooseLucifer
W
Which Cheap Dedicated Server should I get?
Replies
16
Views
6,047
Daniel204
Newer Threads
manoaratefy
Review for a review website
Replies
1
Views
1,555
Cheerag Nundlall
Cheerag Nundlall
How can I check if SSH is enabled?
Replies
10
Views
7,104
tuxandrew
Cheerag Nundlall
How to view directories and files on Linux with tree structure?
Replies
4
Views
4,267
24x7serverman
superman2727
Softether VPN vs OpenVPN
Replies
0
Views
1,759
superman2727
superman2727
Free Server Antivirus
Replies
2
Views
1,393
superman2727
Latest Threads
R
How much bandwidth is enough for a growing website?
Replies
1
Views
24
FerdieQO
J
How does Jtti Server Defend against DDoS attacks?
Replies
0
Views
176
jtti
J
What are the performance differences between DNS load Balancing and reverse proxy?
Replies
1
Views
154
FerdieQO
hostiko
What Features Do You Value Most in a Hosting Provider?
Replies
1
Views
37
FerdieQO
GreenhostCloud
Free vs. Paid Hosting: Is It Worth It?
Replies
2
Views
81
FerdieQO
Recommended Threads
R
WTS I Am Selling 300 Word High Quality Articles About Anything For $5
Replies
2
Views
3,708
kamleshnishad
JoeTaxpayer
How many percentages of free RAM should I have on a VPS?
Replies
5
Views
3,889
LJSHost
thedoc412
  • Locked
WTA - About selling PLR-MRR-RR products?
Replies
2
Views
3,609
thedoc412
irichard
Please review my first website!
2
Replies
23
Views
8,266
fjk23
DaRecordon
How to remove cgi-sys/suspendedpage.cgi?
Replies
11
Views
77,418
MooseLucifer
Similar Threads
djsmiley2k
Vestacp on Debian 8?
Replies
9
Views
5,178
proteus
AlbaHost
Vestacp got hacked/vulnerable
Replies
8
Views
3,516
EthernetServers
miken
Restore backup in Vestacp?
Replies
2
Views
2,764
qbeststar
eva2000
LEMP Stack benchmarks: CentminMod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack Nginx/OpenResty
Replies
5
Views
5,153
eva2000
superman2727
VestaCP Requirements
Replies
11
Views
6,040
24x7serverman

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top