It seems that VestaCP has been hit by a 0-day exploit through its API, which allows code to be executed as Root(!!!). Many users reported on VestaCP forums that their hosting accounts were suspended and their servers were compromised. Exploit makes the hacked server to attack a chinese IP. It looks like a DDoS trojan where a .sh file(gcc.sh) is loaded in cron.hourly triggering DDoS attacks to other servers. Deleting the cron or the file loaded through the cron won't help much dealing with issue since the vulnerability is found inside VestaCP. VestaCP recommends to shut down its service with the following commands: service vesta … [Read more...] about VestaCP hit by 0-day exploit