Cyberpanel hacked

You are receiving this email because LeakIX’s NetworkGuardian has found a critical issue on your network.
If you are an hosting company, your cooperation on contacting the affected customer would be welcome and could help protect your network from abuse.
Source
https://209.209.40.227:8090
Ip
209.209.40.227

Discovered
28 Oct 24 13:09 UTC

Plugin
CyberPanelPlugin

Reported to
admin@cloudclusters.io

Issue description

The following CyberPanel administration interface is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to achieve RCE (Remote code execution) on the firewall.
Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Make sure you are running branch 2.3.7.
Reference:

Summary:
Found vulnerable CyberPanel instance
Affected by EXT-2024-003
Need help, have questions or are we hitting the wrong email address? Contact us at support@leakix.net, we’d love to help.

Cathy
Support Department

Damn, at least I now know where the exploits came from.
Does not help the cleanup process though

What is the Solution guys? Can we still keep the Files or need to reinstall everything?

The solution is to update the cyberpanel, but the blog post says that other vulnerabilities have been detected.

Which version to use?
2.3.7 or higher?

2.3.8 the latest

my websites are hacked unknown files are showing in public_html folder these files have been uploaded from

L0CK3D I have all the files and what am I supposed to do with it? The developers were warned in advance and they didn’t say anything

Check this: cyberpanel 0day leaked attack script · GitHub

I am in the same boat

I have a month-old backup of the sites, not a huge deal, but I am very, very disappointed with how the developers handled this. They should have warned us

it’s only for the simplest kind of encryption.

I’ve suffered thousands of dollars in losses due to their actions.

I am in the same boat too. My site is down and i have backup.
But after restoring backup i can’t acces to my site. Getting 500 error. What can be wrong? Restarted CyberPanel, but nothing happend. Still 500 error. Can anybody help?

поставь fastpanel и живи счастливо

Для начала надо бы из бэкапов восстановиться.

Хорошо, когда они есть, мне пришлось заплатить за этот опыт

Видел твой пост. Сочувствую. Только не понимаю как ты заплатил 1.2к зелени если они просят 1 биток.

у меня просили 1200 долларов

там работало 3 хакерские группы

1. Check the error logs:

/home/website/logs/website.error_log
or
/usr/local/lsws/logs/error.log

2. Try and enable WP debug:

It is most probably PHP version issue.

у меня норм после обновы

я думаю, что даже больше

Thanks. I will try to see logs. I’m not using WP.

Какие расширения у тебя были ? . locked или . encryp?

.locked были