Evening all - apologies if this has been posted today, I did a quick search but couldn’t find anything.
If you, your customers or your company are using VestaCP (http://vestacp.com/) stop the vesta service immediately. For the past 24 - 48hours, several VestaCP installations have been compromised, allowing the attacker root (it is thought at the moment) access. The attacking IPs seem to be Chinese (as reported by users) and the attackers are launching DDoS, spamming campaigns etc from the compromised boxes.
More information available on the VestaCP forums in this thread: https://forum.vestacp.com/viewtopic.php?f=10&t=16556
The VestaCP team is looking at the problems (some users suggesting the VestaCP API password checking routine isn’t working too well and allowing the bypassing of authentication - down side is the API seems to run as root!!!)
Have a good evening!