VestaCPThe control panel suffers a 0-day exploit:
- Current reports reveal a vulnerability in the VESTA API that allows code to be executed as ROOT.
- The first wave reportedly occurred on April 2018, 4.
- Infected server discovered, active on April 2018, 4
/usr/lib/libudev.soStart the DDoS remote host.
Based on observations so far, once a server is infected, it is used to send DDoS attacks.
Vulnerability detection method
How to detect if infected with VestaCP 0-day Trojan?
- Follow the steps below to see if your server is infected?
step 1:Please log in to your server as root.
step 2:On /etc/cron.hourly Check for a file named "gcc.sh" in the folder ▼
cd /etc/cron.hourly ls -al
- If the file exists, your server is infected.
- If infected, back up your files and databases immediately, reinstall yourLinuxserver.
- Change the database password and server ROOT password.
Update/Upgrade VestaCP Panel Commands
- If there is no "gcc.sh" file, it means that it is not infected with Trojan.
- If you are not infected, please upgrade (fix) the vulnerability of the VestaCP panel immediately.
Step 1:Run the following command to see which version number the VestaCP panel is ▼
v-list-sys-vesta-updates
Step 2:Run the following command to update the VestaCP panel▼
v-update-sys-vesta-all
Step 3:Restart VestaCP ▼
service vesta restart
Step 4:Restart the server ▼
reboot
Here are more tutorials on VestaCP panels ▼
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) shared "How to detect VestaCP 0-day vulnerability?Repair/Upgrade & Update Commands" to help you.
Welcome to share the link of this article:https://www.chenweiliang.com/cwl-742.html