Let’s say I had no backups, because they were also stored on the server and encrypted, and you’re suggesting I rebuild code written over a couple of years, funny.
If the panel developers were a little smarter they would have warned, I had backups but how was I supposed to know their product was shit hole.
I found a solution to protect myself from future exploits and threats due to Cyberpanel.
systemctl stop lscpd
Simple as that^. I will only run cyberpanel when I need it and shut it down. The website still runs fine since it is powered by LiteSpeed and Cyberpanel is only for management.
So i will continue to use Cyberpanel but at least now I would be secure.
2 Likes
Thank You for your suggestion. But your case scenario is not like us.
You can’t imagine the loss of 5XX,XXX$ such an amount so leave this topic, why I have paid.
And the best thing if you can do, do legal work in federals, so we can be proud of you.
I have 500Gb+ data and then If I do auto backup or something I need a server minimum 1Tb or 2Tb of data and with NvME it will take around 300 or 400USD for a Good VPS. And storing in Edge store or Objects is like a complicated and much expensive way.
There are cheaper solutions, but with some requirements.
If you have your servers in a hetzner centers, you are able to combine them internal and directly store to the backup server with a higher bandwidth instead of the default 1gbit.
4x 22tb only costs 123 €/m.
We are using this combination and servers since 2012.
Edit: If you then use a restic backup strategy, the size of the transferred data is reduced by a very large amount, if most of the 500gb of data is not changed “static, for example documents”.
Hello
Thank You for your support but Hetzner is not good in terms of support. And I need like 24Cores 64Gb and also some other options like USA Locations and better OS Support also. But hetzner generally provide only network or hardware support and for OS Support they don’t even try. I have my team they can fix issues but some time if the admin works with us it makes the best result.
Also I have incremental backup system but this is not that much for me. Because it is not accurate as well and also takes too much cpu and ram to complete.
Did you have the .encryp or .locked extensions? And how did the decryption happen, were you given a decryptor file or did the hackers decrypt the code themselves?
Paid through an email in BTC then asked for IP. And after 2 hours replied that your server is released!
The Instantly downloaded the data and did my next work.
If you know that your data is important than why you dont apply DRP (Disaster Recovery Plan).
I think with this incident we can take a lesson to be able to implement the disaster recovery plan process. both when there is a hardware failure, panel failure, or failure of the system that we created.
Keep up the spirit friends. we are currently taking the class promotion exam. Cyberpanel is stil the best panel… (not a single panel is free from the threat of cyber attacks)
2 Likes
Thank You for your message
Will acme SSL update and backups continue to work if you shutdown lscpd and only start as needed?
PS it looks like backup and acme are handled by cron service not lscpd.
Disappointing that there is no post about this on their X feed where I might have picked it up in time to update.
Hey everyone, just a friendly reminder to take some extra precautions to protect your server. Make sure to lock it down, IP restrict your SSH, cyberpanel, and FTP ports, and don’t rely on any free software expecting it to be bulletproof. Remember, even big companies like Apple and Microsoft get hacked. So, if you’re running and managing production servers without proper security measures, you’re also responsible for the security of your data. Take some time each night to back up your data outside of the server or automate it, and stay vigilant!
FYI - cyberpanel is a free software!
Some fair points subzero06. I would add make SSH port non standard. As it just me accessing the webserver I completely disable FTP and only sftp file transfer on non standard port.
I used to ip restrict 8090 and 7080, but got lazy… Put ip restriction back in 2 days ago.
Nightly website backups to local folder then rclone backup to 3 offsite world locations.
1 Like
This is not true, i got all my files with .locked and 2 guys from data recovery ask me 5000usd and another 7000 usd i send some lock files that i know i have it unlock and in one hour they send me that files unlock… so there are people who have the key but want to make money…
Why do you use cyberpanel if you have thousands of dollars worth of information? And why did you pay thousands of dollars to hackers instead of paying small costs for backups? It’s really strange how people like you make money