VestaCP reportedly hit with a zeroday exploit. VestaCP is one of the most popular web hosting control panel.
Lots of users at the official Vestacp forum reporting their VestaCP installs were hacked. VestaCP team members suggest shutting down the vesta service on your box until they can figure it out and release a patch.
Here is what have been found so far
1. The first wave happened on April 4. Servers were infected with /etc/cron.hourly/gcc.sh
2. It was an automated hack
3. The attack was platform independent.
4. VestaCP team didn’t find any traces in vesta and system logs yet
5. On April 7 infected servers started to DDoS remote hosts using /usr/lib/libudev.so.
Temporary solution until VestaCP releases a patch
Make sure the VestaCP panel doesn’t start on boot (the last command does that on Cent OS7) and make sure your admin panel (:8083) isn’t loading. Better to be safe than sorry.
We will inform you as we have more information from them so you can start your VestaCP panels back.