Infected with xmRIG virus

It is quite obvious to not use 123456 as password

Agreed - so why is it not just an option, but the default option in the CyberPanel install? That should change immediately such that a long random password is the default.

Any thoughts about my other concerns regarding whether cyberpanel user should be able to manage the root user’s SSH keys?

To make the installation process simplified. Users are given 3 choice regarding selecting the password for the admin user:

  1. default
  2. random
  3. set

If selected default, it will be 123456 (its also mentioned while selecting the password option in the installer section)
If selected random, it will generate a long random password (which you will need to note down)
If selected set, you can set your own password (although the characters wont be visible while typing the password in the ssh screen)

So, I dont think there is anything more to be done here as all options are already provided. Even though a user select default 123456 as password for convenience after installation and getting through the login, they do are aware of this weak password and should be changing it quite naturally.

Regarding SSH key, every panel stores the key to get it connected to the server. But this should be accessible only from admin level user at cyberpanel and not the user and reseller level users. I havent checked if normal users too are allowed to change the ssh keys (will check that too)

I’m well aware of the installation password options - I described them a few times above. What I’m saying is that the default option should be random or set your own, not 1234567. In fact, that shouldn’t even be an option. There is no reason for it. If you want a weak password, you should set it yourself. It shouldn’t be weak by default and publicly known.

For the ssh key, I’m curious how it works because as far as I can tell, cyberpanel user doesn’t have sudo privileges.

What else can I do besides change the default installation password for CyberPane

It seems to me that you should not be using Cyberpanel. One of the cloud panels that I mentioned previously would be a better fit for you.

Always use a secured password. You can change the default 8090 port to something else.
Install CSF firewall from cyberpanel
You can also use two factor authentication method for login to cyberpanel. That is enough to secure it.

The server that I set up and left to be hacked has been hacked now. They did it exactly as expected - they went into the panel and added their public SSH key.

Obviously the first and most important thing to do is use a good password when setting up CyberPanel.

So, was it because CyberPanel was hacked without changing its default password after installation

Not really hacking… I thought first rule every device/program or what ever need password DO NOT use default password. People who run their own and customers webservers, ignoring that should not run any server.

@wang this is the most obvious reason. But there’s plenty of other ways that someone could actually hack your server. Turning off root login and replacing password authentication with an ssh public/private key would go a long way to securing your server.

Anyway, I started a process on the cyberpanel Github repo to replace the default password with a randomly generated password, so that this can be avoided in the future. If someone wants a weak password for whatever reason (e.g. quick testing purposes), they can set it manually. Even that would be more secure than using the publicly available default password. I hope it gets merged soon.

1 Like

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.