Cyberpanel delete all files and directors public_html

CyberPanel has been audited by rack911 (they are pioneer in these sorts of audits), our work with them is almost complete now.

However, if you can still penetrate using any function do let me know.

We’ve fixed and addressed many security issues.

Because to make it easy to understand where problem happened (but it was our mistake), it was kind of you to point it out. I will again go through code to make sure things are OK.

thanks.

1 Like

It is fixed.

I will release v2.1.3 first and then take care of it.

2 Likes

this 2.1.2 too ?

thank you…

Can’t even see how to upgrade from 2.1.1 to 2.1.2. Certainly not in Cyberpanel Cloud

@dazburn That’s odd. Perhaps open a ticket within cyberpanel cloud, or a separate topic in the forum here.

For now, you could run the single automatic upgrade command via your ssh root user. Just wait or press enter when prompted and the most recent version will be installed in a minute or two.

https://community.cyberpanel.net/docs?topic=81

2 Likes

@MyIDKaTePe

Confirm box added while converting to LiteSpeed Enterprise:

1 Like

i will try
right now no warning/confirmation box. because im not update cyberpanel yet :smiley:



what is this ?

i used to upgrade cyberpanel under screen lol
never see the progress :smiley:

oo:


hoooraaaayyy
thankyou

Once again, our WHOLE SITE has been deleted. And we don’t have a recent backup because of the problem last time.
To say I’m angry is an understatement. I’m fuming that even though we’ve upgraded to your “stable” product your system has DELETED EVERY FILE AGAIN.
We will revert with more logs shortly.

I would recommend set Amazon s3 backups and not trust local backup solution. Use local backup just for store 3 day and AWS atleast couple weeks.
I have s3 for my and wife computer, websites family pictures etc… cost under 3usd month.

1 Like

Thankfully, we found a snapshot backup on AWS.

Having said that, we have no idea WHY or HOW all the files got deleted again and there was nothing in the logs. It’s super concerning that this can even happen. Exactly the same behaviour as last time, all files deleted from /public_html.

Something far more sinister going on in Cyberpanel’s setup and it would be amiss of me to not flag this publicly.

All of CyberPanel code is available open-source that gets downloaded to your server.

I am not sure if you have the latest code. give me output of

cat /usr/local/CyberCP/plogical/backupUtilities.py

1 Like

This has also been added, will come in v2.1.3

2 Likes

Looks great. Could there also be a small notification in the header when there is a new version? Perhaps it is a link that sends you to the version management page for more details?

Could it even show a count of how many commits you are out of date, and also a number of days that you’re out of date? And a link to the Github commit log to check the comments on them?

Finally, perhaps there could be a button there that runs the upgrade command for you, so that you don’t need to go to SSH?

1 Like

I had the same problem today! lscache folder went too big and when trying to do a Backup it deleted public_html.
Current version 2.1 build 2 ! with litespeed ! :open_mouth:

Your panel is probably not latest version, devs said they fixed that problem…
Biggest problem with cyberpanel is your panel show version 2.1 build 2, but that don’t mean you are latest version. After initial relase of 2.1 build 2 there been multiple bug fixes on same relase but version stay same… Only way stay updated is keep running update script every week.

We’ve released v2.3.1 and the problem that you don’t know if you are on latest version is also resolved now. CyberPanel v2.3.1 Released - Security Release

2 Likes