VestaCP hosting panel closes leak exploited for ddos attacks
The team behind the VestaCP software has released a patch for a vulnerability that attackers used to perform ddos attacks. The leak is said to be related to the software’s authentication function.
According to the Vesta team, the patch is now available in the form of version 0.9.8-20. It’s still unclear exactly how the exploit worked, but the team claims it “completely rewritten the authentication function” and that the vulnerability was related to an insecure password check. In an earlier post, it wrote that the first wave of attacks happened on April 4 and that they were automated attacks. Subsequently, attacked servers on April 7 would have been used for DDOs attacks.
Hosting provider DigitalOcean has created a page for affected users, where the company writes that the vulnerability provided root access. As a countermeasure, the company blocked port 8083, as it is the default port for login requests on VestaCP. In addition, it disabled network connections on servers running the software. It recommends that users check their cron tasks for malicious activity and run a scan for malware using antivirus software.
In its own test, it says that installing VestaCP on Ubuntu 16.04 and 14.04 led to problems as the Vesta team withdrew the necessary packages. Therefore, affected customers would not be able to just do a reinstall, but have to do a migration.