VestaCP Zero-day exploit

On 07 April 2018, many servers using VestaCP got hacked. Hacker was able to get root acceess on these servers.

VestaCP Free Hosting Control Panel

Hacker installed some trojan software known as Chinese Chicken that is used to DDoS other servers.

To see if your server is hacked, check if file /etc/cron.hourly/gcc.sh is present in your server.

ls -l  /etc/cron.hourly/gcc.sh

You can read more about this DDoS Trojan at

https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/

If you are running VestaCP, stop it until a solution for this exploit is released.

service vesta stop
systemctl stop vesta

You can find discussion on this exploit on VestaCP form

https://forum.vestacp.com/viewtopic.php?f=10&t=16556

Once server is rooted, it is better to take backup of all your data and restore OS.

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *