It is known that thousands of sites were damaged due to your fault. Personally, about 10 sites were affected - 4 of which still could not be decrypted.
A decryptor for .psaux and .encryp has now been found.
But still no way to decrypt .locked has been found
Cyberpanel team - are you going to help decrypt files in any way?
1 Like
I have used Cyberpanel since 2019 and never been hacked.
without going into your applications (wordpress etc)
are you using any security products like CloudFlare?
the term hacked - is not useful unless you describe what that meant in your case
You are probably not up to date with the latest events.
ignore litespeedlover, I think he is a troll
There are multiple post about the rce root issue.
Hello,
You are receiving this message because LeakIX’s NetworkGuardian has identified a critical security vulnerability on your network. If you are a hosting provider, we would appreciate your cooperation in notifying the affected customer. This action could be instrumental in safeguarding your network from potential misuse.
CyberPanel Interface
IP
(IP Address)
Discovered
28 Oct 24 16:58 UTC
Plugin
CyberPanelPlugin
Reported to
abu…
You are receiving this email because LeakIX’s NetworkGuardian has found a critical issue on your network.
If you are an hosting company, your cooperation on contacting the affected customer would be welcome and could help protect your network from abuse.
Source
https://209.209.40.227:8090
Ip
209.209.40.227
Discovered
28 Oct 24 13:09 UTC
Plugin
CyberPanelPlugin
Reported to
[email protected]
4 of my servers were hacked using the latest cyberpanel 2.3.6 version
Thank God my most important server was using an outdated Cyberpanel version and it is still safe.
So this DreyAnd person is a malicious and nasty person who did this for fame even providing a hack for script kiddies to exploit, what a nasty person he is. You’re not an ethical hacker, don’t fool yourself. You are nasty and I hope you get payback for what you did to thousands of users.
But the blame is on Cyberpanel team as w…
everyone using cyberpanel should check your running processes by htop & check if any process is using significant cpu. process name might be network-setup or similar. for this issue my network was having ddos as well as network down issue was occuring, vps provider could terminate my vps if i didnt notice.
there was a security issue. my cyberpanel server was also compromised and a cryptominer v-irrus was installed.
my installed version was 2.3.5, immunifyav & csf was also installed. now remove…
1 Like
Wow, never been called a troll!
my point is still the same, but I should have said - I run this probably every other day:
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh )
There are plenty of problems with cyberpanel - look thru my posts
but this is a FREE service vs paying cPanel etc and in my experience it is for a webmaster not a reseller.
Ive been in DDoS attacks for weeks at a time and litespeed workers with CLoudFlare are the only solution that defeats these attacks (on a budget)
Sorry for those who have been affected. best advice is run these often:
sudo apt update && apt full-upgrade -y
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh )
Sorry, I misinterpreted your post.
opened 07:11AM - 29 Oct 24 UTC
**Describe the bug**
running preUpgrade and it fails when settingup cloudflare.…
**To Reproduce**
simply run "sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)" on an ubuntu 22.04 LTS after you have installed cyberpanel < 2.3.7
**Expected behavior**
It should run without any errors.
**Screenshots**
```
Collecting cloudflare==2.8.13 (from -r /usr/local/requirments.txt (line 5))
Using cached cloudflare-2.8.13.tar.gz (65 kB)
Preparing metadata (setup.py) ... error
error: subprocess-exited-with-error
Ă— python setup.py egg_info did not run successfully.
│ exit code: 1
╰─> [45 lines of output]
running egg_info
creating /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info
writing /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/PKG-INFO
writing dependency_links to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/dependency_links.txt
writing entry points to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/entry_points.txt
writing requirements to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/requires.txt
writing top-level names to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/top_level.txt
writing manifest file '/tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/SOURCES.txt'
reading manifest file '/tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
adding license file 'LICENSE'
Traceback (most recent call last):
File "<string>", line 2, in <module>
File "<pip-setuptools-caller>", line 34, in <module>
File "/tmp/pip-install-766g99es/cloudflare_8c9e811f7b024c1aa51ba3fdd529cf00/setup.py", line 60, in <module>
main()
File "/tmp/pip-install-766g99es/cloudflare_8c9e811f7b024c1aa51ba3fdd529cf00/setup.py", line 18, in main
setup(
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/__init__.py", line 117, in setup
return distutils.core.setup(**attrs)
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 183, in setup
return run_commands(dist)
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 199, in run_commands
dist.run_commands()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 954, in run_commands
self.run_command(cmd)
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/dist.py", line 991, in run_command
super().run_command(command)
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 973, in run_command
cmd_obj.run()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 315, in run
self.find_sources()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 323, in find_sources
mm.run()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 549, in run
self.prune_file_list()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/sdist.py", line 161, in prune_file_list
super().prune_file_list()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/command/sdist.py", line 380, in prune_file_list
base_dir = self.distribution.get_fullname()
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 267, in get_fullname
return _distribution_fullname(self.get_name(), self.get_version())
File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 285, in _distribution_fullname
canonicalize_version(version, strip_trailing_zero=False),
TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed
```
**Operating system:**
Ubuntu 22.04 LTS
**CyberPanel version:**
Current Version: 2.3
Build: 5Current Commit: 9f2c26167284149e174fec2c21311a52f410a52b
Latest Version: 2.3
Latest Build: 7Latest Commit: 4ad53e349c4e146241f6fffca13d8a15530cdabe
**Additional context**
It is simply ignored by cyberpanel and sat out.
Kais
November 3, 2024, 7:55pm
7
Running the update script daily is not a good idea. Cyberpanel team sometimes “destroys” services without notice. So I didn’t realize that CP deleted the CSF firewall and left my server idle on the internet. In hindsight, I was hacked 6 weeks before.
And: Every update reinstalls a lot of services. If you had a special configuration (from csf), it is gone with every “update” of Cyberpanel.
Something urgently needs to happen here:
On the communication of the developers with the community
An auto-update must be set up for urgent fixes
It must be ensured that user-defined configurations of services are not simply deleted and overwritten
There must be a warning + query if an important service such as the CSF firewall is to be uninstalled during an update without there being a replacement for it
5 Likes
tukann
November 3, 2024, 11:04pm
8
You have to know the Indian mentality and their bumbling. Then you wouldn’t be surprised and a lot of nerves would be saved. @usmannasir One of the main differences is that they can’t act sincerely and would rather promise something a thousand times than tell you outright that it’s a problem, by example. I deal with Indy on a daily basis and I’ve gotten used to
2 Likes
po2903
November 5, 2024, 5:02pm
11
I deal with a lot of Indians, Pakistani devs and you are partially right. The main problem isn’t the sincerity. The main problem is higher salaries and low margin of profit. They keep saying yes to every request because they are scared that they will lose the client if they say no. They are also scared of losing the client if they raise their prices.
I now deal with just 2 Indian dev companies that charge me higher than normal but give me dedicated services. Very happy with that solution now.
tukann
November 5, 2024, 7:52pm
12
I have experience in non-business, i.e. private contact. Just saying no is something of an insult in their culture, so they prefer to say yes, even if they lie, they take it differently.
But I won’t argue here, there are those who can break it and adapt to other customs.