VestaCP creators are currently working on patch that would remove this vulnerability. However for this moment, this is what has been provided by Vesta about the issue:
1. The first wave happened on April 4. Servers were infected with
2. It was an automated hack
3. The attack was platform independent.
4. VestaCP team didn’t find any traces in Vesta and system logs yet
5. On April 7 infected servers started to DDoS remote hosts using
As a solution, VestaCP has proposed to turn off vestacp service. This can be done from the SSH with following commands:
service vesta stop
systemctl stop vesta
For security measures change the default port from 8083 to another.