amuck-landowner

ksoftirqdx

Hxxx

Hxxx

Active Member
Dang, you guys ahead of anything ^ ^ .

Any other sign as of why is suspicious other than the tmp stuff.
 
MartinD

MartinD

Retired Staff
Verified Provider
Retired Staff
Nick_A said:
Anyone seeing a ton of ksoftirdqx processes lately? Might be linked to hacked zpanel instances, though we haven't confirmed yet. We are shutting down/suspending people left and right for this process running over 8 CPU load consistently. It always seems to run out of /tmp:

http://gyazo.com/06f3e063251830336afc7b8c3791fbd6
Click to expand...
Yes and it must be due to zpanel. I haven't seen it anywhere else other than VM's with zpanel running.
 
Nick_A

Nick_A

Provider of the year (2014)
hrr1963 said:
Dang, you guys ahead of anything ^ ^ .

Any other sign as of why is suspicious other than the tmp stuff.
Click to expand...
It's always the same pattern of abuse. 8 core load, runs out of that subdirectory in /tmp, etc. Seeing it on all three networks, and really only recently.

Thanks @MartinD.
 
P

perennate

New Member
Verified Provider
Looks like my VM with End of Reality got hacked, was running latest zpanel, I'm switching to vestacp and reformatting :/

Luckily nothing important running on it.
 
Last edited by a moderator:
Magiobiwan

Magiobiwan

Insert Witty Statement Here
Verified Provider
I've been seeing this but hadn't made the connection. Oh fun. Time to add some entries to my personal abuse-check scripts...
 
Wintereise

Wintereise

New Member
Just nuke it and move on, imo -- people who outlawed it in the ToS the first time around took the best decision.
 
A

alexmocanu

New Member
Did one of you find a solution other then moving to another panel ? 

 

In my case, moving is not an option..:( 

 

Same thing, server loads at max, ksoftirqdx running from apache, i am killing the process but the problem is that ksoftirqdx   was back running again, after 4-5 hours.

 

The odd thing is that i have 2 vm's running zpanel, but the both got the same problem, running ksoftirqdx, at the same hour, minute. 

 

Any idea ?
 
Me.B

Me.B

New Member
wlanboy said:
In my personal view the OpenSSL team handled security issues in a quite different way than the zpanel team.

Hours vs months...
Click to expand...

Sir,

I'm a member of Zpanel team, your claim is totally out of the context. you talk about zpanel taking month's to fix any flaw.


1. The project is totally open source so any one could fix flaws reported.


2. Could you check the announcements in our forum? You will see we issue quick security fix before implementing it in the release. Zpanel even display now a security news.


Most of the trashing here is over Zpanel 10.0.2 and even that we issued fixes within 2 days far from all the bashing it took month's.


I'm new to the team since 3 month's and what I saw, we rush for checking flaws and see again the announcement we had some security fixes most of them were related to third party code we used ( roundcube/pchart!).


So if you have any issue over zpanel you are welcome to report it and happy to try to figure out this.

Any project will have issues and we are eager to fix any if reported. 


M B
 
Last edited by a moderator:
Me.B

Me.B

New Member
alexmocanu said:
Did one of you find a solution other then moving to another panel ? 

 

In my case, moving is not an option.. :(

 

Same thing, server loads at max, ksoftirqdx running from apache, i am killing the process but the problem is that ksoftirqdx   was back running again, after 4-5 hours.

 

The odd thing is that i have 2 vm's running zpanel, but the both got the same problem, running ksoftirqdx, at the same hour, minute. 

 

Any idea ?
Click to expand...
I already replied in zpanel forum

http://forums.zpanelcp.com/Thread-ksoftirqdx-apache-service-loads-server-for-no-reason

And offered you to check my self your server. So send me server access and I will check if you had any issues in zpanel.

We are always taking seriously security reports and will do our best to fix any flaw in zpanel. IF it's the case. I still see you have more odds to get problems from WP or any other CMS here.

Notice your zpanel is not updated AS advices and we released the latest fixes over a moth ago.


M B
 
HalfEatenPie

HalfEatenPie

The Irrational One
Retired Staff
Me.B said:
Sir,

I'm a member of Zpanel team, your claim is totally out of the context. you talk about zpanel taking month's to fix any flaw.


1. The project is totally open source so any one could fix flaws reported.


2. Could you check the announcements in our forum? You will see we issue quick security fix before implementing it in the release. Zpanel even display now a security news.


Most of the trashing here is over Zpanel 10.0.2 and even that we issued fixes within 2 days far from all the bashing it took month's.


I'm new to the team since 3 month's and what I saw, we rush for checking flaws and see again the announcement we had some security fixes most of them were related to third party code we used ( roundcube/pchart!).


So if you have any issue over zpanel you are welcome to report it and happy to try to figure out this.

Any project will have issues and we are eager to fix any if reported. 


M B
Click to expand...

You do realize it took them more than two days right?  If I recall correctly joepie contacted the project head-individual a week or so in advance (maybe more?) about the issue.  Was basically told that there was no issue with it.  

Then a week later the entire site was compromised.  

Anyways welcome to the forum :)
 
Last edited by a moderator:
jarland

jarland

The ocean is digital
Yep. It's definitely zpanel no question about it. Whether it's specific to their code or software versions they install I don't know but I have only seen this with zpanel installed.
 
Me.B

Me.B

New Member
jarland said:
Yep. It's definitely zpanel no question about it. Whether it's specific to their code or software versions they install I don't know but I have only seen this with zpanel installed.
Click to expand...
Again no argument... It's just zpanel.... Did you check the bug fixes since then?
 
Me.B

Me.B

New Member
HalfEatenPie said:
You do realize it took them more than two days right?  If I recall correctly joepie contacted the project head-individual a week or so in advance (maybe more?) about the issue.  Was basically told that there was no issue with it.  


Then a week later the entire site was compromised.  


Anyways welcome to the forum :)
Click to expand...

Do you realize that you keep rolling an old story that since then we did 2 releases? And I'm in the team since only 3 month's, using it on my own servers and won't EVER accept that security is taken not seriously.


Now you talk about zpanel servers taken down. Are you aware that the severs were taken down when the admin saw that some account got compromised? It was precaution. And that the mighty joepie took over another server not running zpanel but using brute force? That helped him later gain control over the forum?

This is not the first issue an open source project face. Who remember kloxo? Or even check Plesk CVE? Phpmyadmin! Roundcube.


All I can say if you have any security issues I will do my best to escalate or fix it. And latest we got I saw the fix rolling in 24h! Just check the announcement sections.


Zpanel is open source for the community and everybody is welcome to improve or fork it and it's on github now.

M B
 
You must log in or register to reply here.
Top
amuck-landowner