Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
CyberPanel = SPAM ?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

CyberPanel = SPAM ?

Hello,

For years I have had a VPS at time4vps, where Centos Web Panel and an account with NextCloud were installed.

On Saturday, I deleted my VPS, and I installed CyberPanel and I also installed NextCloud.

24 hours later, here is the message I received from support :

Hello,

Your service has been suspended due to suspicious activity. We have received a complaint that your server is used to send SPAM emails. Please discontinue this practice immediately and explain the circumstances surrounding these allegations to avoid termination._

--- Evidence ---

https://www.spamhaus.org/query/ip/XXX.XX.XXX.XXX

--- Evidence ---

What do you think about it?

Because I find it hard to understand.

Comments

  • Your account pwned?

    A simple uptime dashboard using UptimeRobot API https://upy.baubus.uk
    Currently using VPS from BuyVM, HostHatch, HostSailor, HostSolutions, InceptionHosting, LiteServer, MaxKVM, MrVM, ServaRICA, VirMach.

  • @chocolateshirt said:
    Your account pwned?

    as time4vps wanted to cancel my VPS, I immediately reinstalled a CentOS 7.

    For the moment there is nothing left on my VPS.

    But I would like to install CyberPanel, but I wouldn't want it to happen again.

  • SvenSven Member

    Do you know when it happened? Just because you IP is listed @ spamhaus does not mean it happened after you reinstalled your server with CyberPanel .

  • dfroedfroe Member, Provider

    https://www.spamhaus.org/lookup/ will show you the timestamp of the incident in the details of the SBL record. This should probably give you a hint whether there is a correlation.

    IT Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

  • jarjar Provider

    You need a spam sample, especially if you have no logs now. If you can't get either, best not to waste any more thought on it as there's nothing to draw an educated theory from.

  • Some time back, CyberPanel dev here mentioned that they are using a dedicated security reviewer for the panel and is secure now.

    Probably, you could try hestiacp or ispconfig as an alternative.

    My list of reliable providers :
    Ramnode : HostHatch : Dediserve : Serverica : CloudCone : OnePoundWebHosting : AlphaVps : Lunanode : Few more under testing!

  • before making any steps like re-install the server you had to look into evidence from Spamhaus. Usually, they indicating all necessary information to start an investigation(with the timestamp of issue). For such an investigation, you need to check mail server logs. In the first place make sure that your Mail server is closed for relays and for sending all emails out it requires SMTP authentication. If that all in place, you need to find the source of that spam message(s), again through Mail server logs.

  • When using CyberPanel, always install CSF (it's installer is built into the panel) which replaces the CyberPanel's own firewall and remove the ports you don't need.

    We've been using CyberPanel for 9+ months without any issues.

  • and for the love of god dont use the default ports

    "They said it's RAID 5" - geekypixal

  • Cyberpanel does not change the default rainloop (webmail) admin login.
    If you forget to change it, hackers can access it via default rainloop admin logins

    127.0.0:8090/rainloop/?admin

    Thanked by 2DreamCaster kkrajk
  • @Websec said:
    Cyberpanel does not change the default rainloop (webmail) admin login.
    If you forget to change it, hackers can access it via default rainloop admin logins

    127.0.0:8090/rainloop/?admin

    This would be the most matching cause..

    A simple uptime dashboard using UptimeRobot API https://upy.baubus.uk
    Currently using VPS from BuyVM, HostHatch, HostSailor, HostSolutions, InceptionHosting, LiteServer, MaxKVM, MrVM, ServaRICA, VirMach.

  • seenuseenu Member
    edited November 9

    @Websec said:
    Cyberpanel does not change the default rainloop (webmail) admin login.
    If you forget to change it, hackers can access it via default rainloop admin logins

    127.0.0:8090/rainloop/?admin

    no, in recent versions they are setting a random password instead of default

  • Thank you all for your answers.

    I'm going to reinstall and see what's going on.

  • my cyberpanel install only send me a git report once a day. so I guess your server got hacked.

    I came, I saw, I record the world burn.

  • @comeback = human or another ?

    don't forget to click Thanks

  • desperanddesperand Member
    edited November 10

    @comeback said: Your service has been suspended due to suspicious activity. We have received a complaint that your server is used to send SPAM emails. Please discontinue this practice immediately and explain the circumstances surrounding these allegations to avoid termination._

    I don't know about your case and the reason for the spam problem. There is not too much info given by you, and impossible to judge how secure or insecure cyberpanel.

    But I know for sure that cyberpanel has many different bugs that I saw many times because of years of using (2018, 2019, 2020) on many different VPS's and for many different websites.

    The most annoying bug -> upgrade bug.
    Info about the problem: Time to time, upgrade procedure will crash under different unknown circumstances. It will not work due to different reasons inside cyberpanel upgrade mechanism, which results in broken website completely, and you forced urgently move your website to a new server due to issues on cyberpanel side, or do snapshots of VPS before doing any upgrade with cyberpanel, which is not an okay thing.

    What provokes the bug? I do not know.
    I do absolutely nothing after installation. Only adding a website, upload files to public_html, that's it. No configs touched, nothing touched at all. Then I want to upgrade cyberpanel. I'm going to their docs page about upgrade, copy-paste upgrade one-line command -> and voila cyberpanel procedure crashed.

    I wouldn't say I like such things for dozens of reasons.
    There are no wise planned upgrades or forced upgrades of the cyberpanel itself. There are dozens of different problems with such basic things.

    I can continue to write different bugs to cache on OLS, about headers bugs, and so on and so on. But I'm lazy for now to do that, and all of these problems earlier reported to their forum or slack(?)

    So the summary that I want to say: cyberpanel not so good as it can be. And I will not be surprised if you got hacked exactly because of bugs in cyberpanel. They have good entry point thought gates to OLS world, which is cool and nice. But how things work - in my opinion - not acceptable for production sites at all. Why? Because you do not understand what is going on under the hood, and everything not agile at all, not structured, not documented, just like some hobby project. And the most annoying thing - there are no good free competitors in this market at all.

Sign In or Register to comment.