Why were not we warned through every possible means?

4 of my servers were hacked using the latest cyberpanel 2.3.6 version

Thank God my most important server was using an outdated Cyberpanel version and it is still safe.

So this DreyAnd person is a malicious and nasty person who did this for fame even providing a hack for script kiddies to exploit, what a nasty person he is. You’re not an ethical hacker, don’t fool yourself. You are nasty and I hope you get payback for what you did to thousands of users.

But the blame is on Cyberpanel team as well

WHY WAS NOT THIS MEGA NEWS AND WE WERE ALERTED???

THIS WAS NOT A BS update, this was a major root exploit

Sorry but exploits and security issues happen with every software

but the difference with good developers and bad developers is good developers immediately warn its users and protect them even auto-updating them.

I have installed the latest cyberpanel version but it’s the end of road for me with cyberpanel.

What a joke

Even still, this isn’t front page news on cyberpanel you know?

HELP YOUR USERS!!!

Cyberpanel is dead.

My,
Hundreds of sites no loading. 400GB+ data blocked.
All files locked and encrypted.
What I can do now? Any Idea.

Thank You.

I feel deeply disappointed with the development team behind CyberPanel. They were unprofessional in handling security vulnerability reports from experts, which allowed hackers to easily exploit those vulnerabilities to gain control of the servers. Although I made efforts to restore my system after more than 22 minutes of server downtime due to the coin miner malware, many websites are still not back online because the ransomware.

There are two solutions: the first is to wait for security experts to find a way to decrypt your files affected by ransomware, and the second is that you may have to pay the hacker to obtain the key to recover your data.

The files marked with locked or encryp are not possible to decrypt.
The attackers used an asymmetric encryption, which is not recoverable.
Leakix checked this already with samples from the users.

Quote:

• One of the group .locked properly used asymetric encryption to ensure recovery is impossible
• The other group .encryp seem to use a binary that is still under analysis, but it seems they do asymetric encryption as well and recompile the binary for each target

How can I upgrade to non effective version?

I paid 1200 dollars to recover my data((( I think the developers should reimburse me for all costs incurred

it’s possible to decipher if you pay

Hello

I have paid 2300USD recovered 3 servers & the files, then hired a professional to scan and check each file properly and I recommend you to also check all your file using any good virus scanner, because they might have injected some suspected files all around which might infect your system once again.

And then I have said GoodBye to Cyberpanel.

Thank You Cyberpanel, for all of this.
I understand it is an accident but if you should take better steps before this.

Time to say goodbye to this shitty panel.

no accident, we were duped into not being notified of a critical error.

Yes, You are right also.

But my question why they don’t have auto update option? For security issues they should use auto update type system?

This is totally worst sceneria. 3 days no sleep I don’t know how I am typing. All thanks to cyberpanel.

Likewise, my friend, likewise.

I suggest cyberpanel start writing a decryptor. At least try to do it.

Please write to me. Your experience with decoding is interesting. telegram: @cloverstas

hello aleksandr, can you recommend an expert that can fix this issue , im still facing this problem

I don’t suggest giving money to these sc*mbags!! For several reason

1. There is no guarantee that they will give you the files back without a backdoor in it.
2. Also as long as you have an unsecure cyberpanel, they or another group can continue to hack
3. As long as people pay these sc*mbags they will get encouraged and try to do even worse
4. YOU ARE GOING TO BE PAYING SC*mBAGS!!! You never pay the bad guys

Start fresh or use an old backup is far better than paying these lowlifes. Seriously.

Hello

You are correct. I have paid because I have data worth 5XX,XXX$ and these are very important for me. I have paid and got them back then hired someone from my location and took 2 days to check all files, sanitize them then using some antivirus tools we have scanned them and then copied the file in multiple times then also scanned all the copies multiple times and then now I am using them in another panel.

If something like this happens again, then nothing to do, it might be my luck.

Not right. Numer 3 solution: recover from your Backup

Let’s say I had no backups, because they were also stored on the server and encrypted, and you’re suggesting I rebuild code written over a couple of years, funny.

If the panel developers were a little smarter they would have warned, I had backups but how was I supposed to know their product was shit hole.

I found a solution to protect myself from future exploits and threats due to Cyberpanel.

systemctl stop lscpd

Simple as that^. I will only run cyberpanel when I need it and shut it down. The website still runs fine since it is powered by LiteSpeed and Cyberpanel is only for management.

So i will continue to use Cyberpanel but at least now I would be secure.

Thank You for your suggestion. But your case scenario is not like us.

You can’t imagine the loss of 5XX,XXX$ such an amount so leave this topic, why I have paid.

And the best thing if you can do, do legal work in federals, so we can be proud of you.

I have 500Gb+ data and then If I do auto backup or something I need a server minimum 1Tb or 2Tb of data and with NvME it will take around 300 or 400USD for a Good VPS. And storing in Edge store or Objects is like a complicated and much expensive way.

There are cheaper solutions, but with some requirements.
If you have your servers in a hetzner centers, you are able to combine them internal and directly store to the backup server with a higher bandwidth instead of the default 1gbit.
4x 22tb only costs 123 €/m.
We are using this combination and servers since 2012.

Edit: If you then use a restic backup strategy, the size of the transferred data is reduced by a very large amount, if most of the 500gb of data is not changed “static, for example documents”.

Hello

Thank You for your support but Hetzner is not good in terms of support. And I need like 24Cores 64Gb and also some other options like USA Locations and better OS Support also. But hetzner generally provide only network or hardware support and for OS Support they don’t even try. I have my team they can fix issues but some time if the admin works with us it makes the best result.

Also I have incremental backup system but this is not that much for me. Because it is not accurate as well and also takes too much cpu and ram to complete.

Did you have the .encryp or .locked extensions? And how did the decryption happen, were you given a decryptor file or did the hackers decrypt the code themselves?

Paid through an email in BTC then asked for IP. And after 2 hours replied that your server is released!

The Instantly downloaded the data and did my next work.

If you know that your data is important than why you dont apply DRP (Disaster Recovery Plan).
I think with this incident we can take a lesson to be able to implement the disaster recovery plan process. both when there is a hardware failure, panel failure, or failure of the system that we created.
Keep up the spirit friends. we are currently taking the class promotion exam. Cyberpanel is stil the best panel… (not a single panel is free from the threat of cyber attacks)

Thank You for your message

Will acme SSL update and backups continue to work if you shutdown lscpd and only start as needed?

PS it looks like backup and acme are handled by cron service not lscpd.

Disappointing that there is no post about this on their X feed where I might have picked it up in time to update.

Hey everyone, just a friendly reminder to take some extra precautions to protect your server. Make sure to lock it down, IP restrict your SSH, cyberpanel, and FTP ports, and don’t rely on any free software expecting it to be bulletproof. Remember, even big companies like Apple and Microsoft get hacked. So, if you’re running and managing production servers without proper security measures, you’re also responsible for the security of your data. Take some time each night to back up your data outside of the server or automate it, and stay vigilant!
FYI - cyberpanel is a free software!

Some fair points subzero06. I would add make SSH port non standard. As it just me accessing the webserver I completely disable FTP and only sftp file transfer on non standard port.

I used to ip restrict 8090 and 7080, but got lazy… Put ip restriction back in 2 days ago.

Nightly website backups to local folder then rclone backup to 3 offsite world locations.

This is not true, i got all my files with .locked and 2 guys from data recovery ask me 5000usd and another 7000 usd i send some lock files that i know i have it unlock and in one hour they send me that files unlock… so there are people who have the key but want to make money…

Why do you use cyberpanel if you have thousands of dollars worth of information? And why did you pay thousands of dollars to hackers instead of paying small costs for backups? It’s really strange how people like you make money