Potential Vulnerability in CyberPanel / OpenLiteSpeed Exploited by Unauthorized Access

Hello,
I believe my server, which is running CyberPanel on Ubuntu with OpenLiteSpeed, has been compromised. I was only hosting a WordPress website with strong passwords, but the server was recently hacked. It appears that the attacker gained access potentially through an open vulnerability in CyberPanel or OpenLiteSpeed.

Details:

  • Operating System: Ubuntu 22.04
  • CyberPanel Version: 2.3.6 build 7
  • OpenLiteSpeed Version: 1.7.19
  • What Happened: I noticed unfamiliar processes (kdevtmpfsi) and unauthorized cron jobs pointing to external IPs, indicating the server might have been hacked.
  • Steps Taken: I have removed suspicious files, updated the server and processes and blocked some IP traffic.
    Although it worked for me but the question is even though I was using strong passwords and code which comes from the reputed brands still got hacked.

I think its time to conduct a vulnerability scan in CyberPanel or OpenLiteSpeed, and I’d like to confirm this to prevent future incidents.

what file should i remove sir ?

Take a look into the main thread regarding the Issue, there are the files mentioned and what todo.