Recently, dozens of servers running Vesta control panel were hijacked. The hijackers hacked into the admin account of Vesta Control Panel and installed some scripts which made the server unresponsive and used for a DDoS attack. This trojan is also know as Chinese Chicken Multiplatform DoS botnets Trojan, Unix – Trojan.DDoS_XOR-1, Embedded rootkit.
This was due to a loophole in the login panel of Vesta Control Panel. The Vesta team knew about this bug but still they hadn’t fixed it.
Hosting providers such as OVH and Digital Ocean blocked port 8083 to prevent other servers from getting hijacked.
To prevent this in the future, it is recommended to change the login port of Vesta Control Panel. Here we present you a tutorial on how you can change the Default login port of Vesta Control Panel and safeguard your server from getting hijacked.
Tutorial: How to Change VestaCP’s Default Login Port And Make Your Server More Secure
We will use Command line to change the port.
Step 1: SSH into your server.
SSH into your server an login as root user.
Step 2: Changing the port.
The below command can be used to change the port. For this tutorial, port 7838 has been used. But make sure that you replace port 7838 everywhere to any other random port which is not reserved by any other program on the server.
sed -i 's/8083;/7838;/' /usr/local/vesta/nginx/conf/nginx.conf /usr/local/vesta/bin/v-add-firewall-rule ACCEPT 0.0.0.0/0 7838 TCP gVestaCP
Step 3: Block Port 8083 in Firewall.
It is recommended to block port 8083 on your server as hackers might still be trying to gain access from that. The below command can be entered to do it.
sed -i -e '/8083/ s/ACCEPT/DROP/' /usr/local/vesta/data/firewall/rules.conf
Step 4: Update Firewall rules and Restart Vesta Panel.
v-update-firewall systemctl restart vesta
That’s it! The login port has now been changed.