Cyberpanel hacked

hostbdfree · October 29, 2024, 7:28am

You are receiving this email because LeakIX’s NetworkGuardian has found a critical issue on your network.
If you are an hosting company, your cooperation on contacting the affected customer would be welcome and could help protect your network from abuse.
Source
https://209.209.40.227:8090
Ip
209.209.40.227

Discovered
28 Oct 24 13:09 UTC

Plugin
CyberPanelPlugin

Reported to
[email protected]

Issue description

The following CyberPanel administration interface is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to achieve RCE (Remote code execution) on the firewall.
Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Make sure you are running branch 2.3.7.
Reference:

Summary:
Found vulnerable CyberPanel instance
Affected by EXT-2024-003
Need help, have questions or are we hitting the wrong email address? Contact us at [email protected], we’d love to help.

Cathy
Support Department

sajetek_developer · October 29, 2024, 3:58pm

Damn, at least I now know where the exploits came from.
Does not help the cleanup process though

Rabia · October 29, 2024, 4:33pm

What is the Solution guys? Can we still keep the Files or need to reinstall everything?

maxwell · October 29, 2024, 4:59pm

The solution is to update the cyberpanel, but the blog post says that other vulnerabilities have been detected.

Rabia · October 29, 2024, 9:52pm

Which version to use?
2.3.7 or higher?

giannis78 · October 29, 2024, 10:04pm

2.3.8 the latest

dipanshi · October 30, 2024, 8:55am

my websites are hacked unknown files are showing in public_html folder these files have been uploaded from

aleksandr · October 31, 2024, 1:17am

L0CK3D I have all the files and what am I supposed to do with it? The developers were warned in advance and they didn’t say anything

leminhthanh · October 31, 2024, 4:05am

Check this: cyberpanel 0day leaked attack script · GitHub

trifo13 · October 31, 2024, 11:48am

I am in the same boat

I have a month-old backup of the sites, not a huge deal, but I am very, very disappointed with how the developers handled this. They should have warned us

aleksandr · October 31, 2024, 11:52am

it’s only for the simplest kind of encryption.

aleksandr · October 31, 2024, 11:53am

I’ve suffered thousands of dollars in losses due to their actions.

psevdokounian · October 31, 2024, 11:58am

I am in the same boat too. My site is down and i have backup.
But after restoring backup i can’t acces to my site. Getting 500 error. What can be wrong? Restarted CyberPanel, but nothing happend. Still 500 error. Can anybody help?

aleksandr · October 31, 2024, 12:10pm

поставь fastpanel и живи счастливо

psevdokounian · October 31, 2024, 12:11pm

Для начала надо бы из бэкапов восстановиться.

aleksandr · October 31, 2024, 12:11pm

Хорошо, когда они есть, мне пришлось заплатить за этот опыт

psevdokounian · October 31, 2024, 12:12pm

Видел твой пост. Сочувствую. Только не понимаю как ты заплатил 1.2к зелени если они просят 1 биток.

aleksandr · October 31, 2024, 12:14pm

у меня просили 1200 долларов

aleksandr · October 31, 2024, 12:14pm

там работало 3 хакерские группы

trifo13 · October 31, 2024, 1:08pm

Check the error logs:

/home/website/logs/website.error_log
or
/usr/local/lsws/logs/error.log

Try and enable WP debug:

It is most probably PHP version issue.