Letter about CyberPanel Breach 2024

Table of Contents

Get up to 50% off now

Become a partner with CyberPanel and gain access to an incredible offer of up to 50% off on CyberPanel add-ons. Plus, as a partner, you’ll also benefit from comprehensive marketing support and a whole lot more. Join us on this journey today!

On October 23, 2024 a security researcher disclosed a security flaw in CyberPanel. Which allow UN-authenticated users to get access to your server. On the same day within 30 minutes we’ve released patch and pushed it to Github.

Now some people believe that we’ve pushed the commit to Github, but we did not made a release. However, CyberPanel updates and installs are made directly from Github, so once the commits are pushed they were available for everyone to install (which is with-in 30 minutes).

That specific commit can be seen here: https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515

Once the commits were pushed, all our users get a notice on their CyberPanel version management page that they need to upgrade CyberPanel to get to latest commit.

We informed the security researcher that we would wait a few days before sending out an email blast and making social media announcements to give users time to upgrade, minimizing the chance for bad actors to learn about the hack and start exploiting our users’ servers.

On October 29, 2024 we sent an email blast along with social media announcements.

Tech Delivered to Your Inbox!

Get exclusive access to all things tech-savvy, and be the first to receive 

the latest updates directly in your inbox.

Our Apology

We understand that incidents like these can lead to a loss of trust in a product. However, we assure you that, as an open-source platform, CyberPanel has undergone extensive scrutiny by numerous researchers, making it highly secure and reliable.

Many of our users have offered to pay us to fix their servers, but since this issue was our mistake, we’ve been restoring countless servers free of charge. We’re still working around the clock to assist anyone in need, at no cost.

We sincerely apologize for any inconvenience this may have caused. We’re here to help—feel free to reach out anytime by emailing us at: [email protected]

Code Review – After Math

After the incident, we thoroughly reviewed the entire codebase and identified a few security issues that, while requiring user access to exploit, have also been addressed with a fix.

Please note that these issues are not pre-authentication vulnerabilities; they require authenticated access to exploit. Nevertheless, we strongly recommend upgrading your servers as soon as possible.

Some helpful tips and resources from the community and our team to help you recover your servers

For encrypted servers: https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882?fbclid=IwY2xjawGUGDNleHRuA2FlbQIxMAABHYDLjcufif4mubn-SaIhkv-JglRE-bIHaC0UIfA6wYQTyXxMMcyAbrroAw_aem_EN97GLassluhQYT3UCLXtg#file-0-decrypt-sh

Manually applying patch: https://community.cyberpanel.net/t/manually-applying-the-patch-via-rescue-mode/56126

If you are facing issues with updates here is a guide as well.

We will continue reviewing the code while assisting users to help everyone through this challenging time. Since CyberPanel is open-source, our team is small, but we’re doing our best to support as many users as possible. We apologize if our response time is slow and appreciate your patience.

Enhance Your CyerPanel Experience Today!
Discover a world of enhanced features and show your support for our ongoing development with CyberPanel add-ons. Elevate your experience today!
Usman
Founder of CyberPanel
Unlock Benefits

Become a Community Member

SIMPLIFY SETUP, MAXIMIZE EFFICIENCY!
Setting up CyberPanel is a breeze. We’ll handle the installation so you can concentrate on your website. Start now for a secure, stable, and blazing-fast performance!