Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section General Discussion
  • Search
Reminder: On the servers affected by ChachaDDoS passwords for admin and root need to be changed necessarily

HOW TO: How to clear the server from ChachaDDoS

General questions about VestaCP
Locked
  • Print view
Advanced search
1 post • Page 1 of 1
imperio
VestaCP Team
Posts: 6571
Joined: Sat Dec 01, 2012 12:37 pm
Contact:
Contact imperio
Website

HOW TO: How to clear the server from ChachaDDoS

Post by imperio » Fri Oct 19, 2018 4:01 pm

Here is what's needed to be done
1. Find and remove dhcprenew binary from the system

Code: Select all

find /etc -name "*dhcprenew*"
find /usr/bin -name "*dhcprenew*"
2. Stop running process named as kworker and launched between 24-28 Sept

Code: Select all

ps auxf
3. Run rkhunter script to make sure there is no other affected binary files

Code: Select all

apt-get install rkhuner
yum install rkhuner
http://rkhunter.sourceforge.net/
rkhunter -k
4. Change current password for admin and root user

Or you can spin up another server and migrate your users using following doc
http://vestacp.com/docs/#how-to-migrate ... her-server

For more information about this trojan please read
https://www.welivesecurity.com/2018/10/ ... installed/

5. That's all
Top
Locked
  • Print view
1 post • Page 1 of 1

Return to “General Discussion”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password