Hello,
I believe my server, which is running CyberPanel on Ubuntu with OpenLiteSpeed, has been compromised. I was only hosting a WordPress website with strong passwords, but the server was recently hacked. It appears that the attacker gained access potentially through an open vulnerability in CyberPanel or OpenLiteSpeed.
Details:
- Operating System: Ubuntu 22.04
- CyberPanel Version: 2.3.6 build 7
- OpenLiteSpeed Version: 1.7.19
- What Happened: I noticed unfamiliar processes (
kdevtmpfsi
) and unauthorized cron jobs pointing to external IPs, indicating the server might have been hacked. - Steps Taken: I have removed suspicious files, updated the server and processes and blocked some IP traffic.
Although it worked for me but the question is even though I was using strong passwords and code which comes from the reputed brands still got hacked.
I think its time to conduct a vulnerability scan in CyberPanel or OpenLiteSpeed, and I’d like to confirm this to prevent future incidents.