VestaCP Installer Compromised

VestaCP Free Hosting control panel compromised again. Hackers where able to get access to VestaCP infrastcuture server, allowing them to modify installation script, so it sent root password of servers to hacker.

Here is post from VestaCP on their forum

I’m sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

The issue number one

Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20. The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

Please check if your server IP here

http://vestacp.com/test/?ip=127.0.0.1

If it’s there you should change admin passwords as soon as possible. Also please make sure there is no /usr/bin/dhcprenew binary installed on your server. This binary is some sort of trojan that is able to launch remote DDoS attack or open shell to your server

For more information, see

https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *