VestaCP has a serious security flaw that causes your server to be exploited for DDoS

Chris Worner

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
Currently, VestaCP is having an extremely serious and zero-day vulnerability that could cause your server to become a tool for denial of service attacks (DDoS).
Information about this security bug appeared on the forum of VestaCP and is interested by more people because of its severity.
If you are using VestaCP, immediately stop the Vesta Control Panel service using the command below and wait for the fix (Websites on the VestaCP server are still working properly):

Code: 
systemctl stop vesta && systemctl disable vesta
And run the following command if the VestaCP information has been fixed

Code: 
systemctl enable vesta && systemctl start vesta
If the directory /etc/cron.hourly/ has a gcc.sh file then your server has been exploited for attack.

VestaCP released the latest update - 0.9.8-20 - patched and enhanced security.

If you are using VestaCP, immediately update your control panel to the latest version in one of two ways:

Method 1: Accessing VestaCP web hosting panel on your server (Updates section)

update_vestacp.png

Method 2: via SSH

Code: 
# v-update-sys-vesta-all
Recheck
Code: 
#v-list-sys-vesta-updates
PKG                VER    REL  ARCH    UPDT  DATE
---                ---    ---  ----    ----  ----
vesta              0.9.8  20   x86_64  yes   2018-04-09
vesta-php          0.9.8  19   x86_64  yes   2018-04-09
vesta-nginx        0.9.8  19   x86_64  yes   2018-04-09
vesta-ioncube      0.9.8  19   x86_64  yes   2018-04-09
vesta-softaculous  0.9.8  19   x86_64  yes   2018-04-09
Note: if you turned off VestaCP service then you need to restart and run the upgrade.

Code: 
# systemctl enable vesta && systemctl start vesta
Hope this info is useful to you.
 
You must log in or register to reply here.
Older Threads
seth_smlwd
How Do I Increase The Visibility Of My Instagram Posts With Consistent Planning?
Replies
1
Views
1,204
superman2727
R
Need advice to mitigate malware
Replies
6
Views
2,616
roboticpuppies
ahirehost
How To Find The Real IP Address Of A Website Behind CloudFlare
Replies
2
Views
1,782
AECHostingNet
D
Error 524 - a timeout occurred
Replies
2
Views
2,453
MooseLucifer
W
Which Cheap Dedicated Server should I get?
Replies
16
Views
5,208
Daniel204
Newer Threads
manoaratefy
Review for a review website
Replies
1
Views
1,366
Cheerag Nundlall
Cheerag Nundlall
How can I check if SSH is enabled?
Replies
10
Views
5,590
tuxandrew
Cheerag Nundlall
How to view directories and files on Linux with tree structure?
Replies
4
Views
3,222
24x7serverman
superman2727
Softether VPN vs OpenVPN
Replies
0
Views
1,469
superman2727
superman2727
Free Server Antivirus
Replies
2
Views
1,222
superman2727
Latest Threads
A
bad config or no config ?
Replies
0
Views
56
aLinux
K
Request for a server.
Replies
1
Views
66
AlbaHost
H
Anyone used fussionhost.com? Need honest reviews
Replies
0
Views
57
hasnainnazeer
J
Jtti April promotion, 40% off on Hong Kong cluster servers/US cluster servers, minimum monthly payment starts at $218.6
Replies
0
Views
217
jtti
DemoTiger
How plans of big giants affect web hosting providers like you.
Replies
1
Views
215
BlueLeaf
Recommended Threads
Gamerevolution
WTT I have a new game website looking for link exchanges - THE GAMEREVOLUTION
Replies
6
Views
4,143
softpk
Andre
Notification to open PDF file
Replies
0
Views
2,174
Andre
C
WTT Want to Exchange PR2 with minimum PR1
Replies
7
Views
4,902
Chandra Bhushan
Marc0
5 simple tips to speed up your WordPress website
Replies
4
Views
3,331
Craxx
E
  • Locked
WTS Best use of 500 thousand opt in mobile telephone records for SMS marketing?
Replies
5
Views
4,427
Michele D.
Similar Threads
djsmiley2k
Vestacp on Debian 8?
Replies
9
Views
4,460
proteus
AlbaHost
Vestacp got hacked/vulnerable
Replies
8
Views
2,986
EthernetServers
miken
Restore backup in Vestacp?
Replies
2
Views
2,326
qbeststar
eva2000
LEMP Stack benchmarks: CentminMod vs EasyEngine vs Webinoly vs VestaCP vs OneInStack Nginx/OpenResty
Replies
5
Views
4,663
eva2000
superman2727
VestaCP Requirements
Replies
11
Views
5,005
24x7serverman

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • domain
  • free
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top