Control Web Panel

WebPanel => CentOS-WebPanel Bugs => Topic started by: monuchoudhary on June 01, 2021, 12:39:51 PM

Title: Any Fix From CWP Team for FACEFISH ATTACK
Post by: monuchoudhary on June 01, 2021, 12:39:51 PM

Hey CWP Team,

I am using latest version of CWP 0.9.8.1065 . Yesterday i received a mail from Linode VPS Provider info about FACEFISH ATTACK and set network restriction on my server is this any fix for this attack
https://blog.netlab.360.com/ssh_stealer_facefish_en/ check this about server attack info how it works. and provide new update for remove this virus from server.

Thanks.

Title: Re: Any Fix From CWP Team for FACEFISH ATTACK
Post by: studio4host on June 02, 2021, 05:57:52 AM

if you have automatic updates (enabled by default) then you are secure from those kinds of attacks as cwp updates automatically fix all issues.

Title: Re: Any Fix From CWP Team for FACEFISH ATTACK
Post by: monuchoudhary on June 02, 2021, 10:37:11 AM

hey,
thanks for info . Updates for CWP enable by default then why Linode set network restriction for server.

Title: Re: Any Fix From CWP Team for FACEFISH ATTACK
Post by: ekgrad on June 02, 2021, 12:05:21 PM

Add this to the csf.deny files and restart csf

tcp/udp|in/out|s/d=0_64000|s/d=176.111.174.26 # do not delete facefish control center ip

This will prevent any communications to the facefish control center and thus reduce the chances of damage.

Title: Re: Any Fix From CWP Team for FACEFISH ATTACK
Post by: vbpal on June 03, 2021, 04:30:41 PM

This is quite concerning. Do we know what version of CWP are affected and how to properly prevent the attacks? CWP Team, can you please let us know the proper mitigation for this attack or what versions it has been resolved in?