Web Hosting Software VestaCP Server Compromised With DDoS Malware

The open source hosting solutions, Vesta Control Panel, allegedly became a victim of a cyber attack recently. As disclosed, the attack made the VestaCP server compromised by infecting it with DDoS malware. In addition to launching DDoS attacks, the malware could also log passwords and open shells.

VestaCP Server Compromised With DDoS Malware

Reportedly, the web-based hosting and control panel software firm confirmed that they suffered a cyber attack recently making VestaCP server compromised with malware. One of the team members from VestaCP confirmed the hacking attack in response on a forum post. As stated in the response, the hackers exploited a bug that existed in the API of a previous software version.

“Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20.”

Regarding how it all happened, the same member stated,

“The hackers then changed all installation scripts to log admin password and IP as addition to the distro name we used to collect stats.”

In addition, the hackers also installed a /usr/bin/dhcprenew binary that could open shell or launch DDoS attacks to the server.

According to WeLiveSecurity, the VestaCP team had received warnings earlier due to abnormal bandwidth use. Now, the vendors hold a DDoS malware responsible for that. What has emerged from the investigations is that a Linux/ChachaDDoS malware had infected the system.

Presently, it remains a bit unclear that how the malware reached VestaCP servers. While it is possible for any hacker to deploy the payload just by knowing the admin credentials, the question remains unanswered that how the attackers knew the credentials.

Patched Version Released

The users began complaining about the abnormal servers since September. However, the vendors took the time to figure out the incident and revealed the details only recently. Now, for the users, the patched version 0.9.8-23 is available. The users should quickly update their software to protect themselves from the malware. Moreover, they can also check and remove the Chacha DDoS malware running on their servers by following the procedure explained by a VestaCP client.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients