aaP-aris
Hello, according to the script node problem you mentioned, do the following
- Delete nodes other than node.aapanel.com
- Delete the time synchronization script connected to bt.cn
Hacking attacks with and through aaPanel
- Edited
Clearly you did not read my previous post (#111-#112 & #114) on this thread, as I not only did what you say, but I wrote instructions to the other users on how to do that! The problem is not that I need to modify the installer script, but that you have not already done that for a year now (after so many discussions) to protect your users!!! We should not have to discuss the basics of security.
Today authorities stepped in to collect data about the attacks, they've already been informed about the cause of the attacks and we'll see what will come of it! My customer will formally open a complaint and lawsuit to those responsible.
As I can see now on installer script for Debian. now all bt.cn links are in comments and use only node.aapanel.com, so maybe now in each subsequent installation it may be safer (?)
Okay, try explain that to your customer who's been attacked and lost a lot of profit, because of disappointed customers who could not even browse the e-shop website!
You are right, it is a big problem. I watch logs in CloudFlare and I see unwanted and unexpected traffic from bots mainly from China, Singapore, Russia and other countries searching for phpmyadmin url, for searching files, etc. With some rules I try to avoid them (to reduce) but of course spam not stopping here because spam is going also direct to IP (unbound domainds, etc, I have set a default site setted and I see all traffic and IPs...). Fail2Ban is fully of IPs and I have all ports disabled (and enabled to my proxy IP for restricted-safe access) except 443.
- Edited
Maybe we should find an alternative panel for better security or wait a big update...
Oh yes. I finally found one! I also use FastPanel, I agree that is a perfect alternanative with quick ticket support and more stability. Some specs lacks but is very good on speed, uses different accounts for sites, very low use of memory and mainly Apache + Nginx is perfect (backend go very fast). General FastPanel has logic but needs a better deploy, some parts are a litle mysterious.
I AGREE 100% 
!!!
heh FastPanel didn't know that one, going to test it!
CQT Suggestion! Connect the sys firewall and geoip under one tab. Write Config in such a way that both get the DB from one source (folder) and can access it at the same time. Furthermore, the IP and the entire IP range are queried, which can then be blocked using a button, but which the user can decide for himself whether only the individual IP (Geoip is blocked or the entire network of the IP operator). Then integrate the NGINX firewall into the whole. Because on the one hand it is very confusing, and I also think that everything does not work together so harmoniously.
Which is the full procedure to integrate them all?
Thank you very much
Make a unified response, our panel is open source, github address: https://github.com/aaPanel/BaoTa
In addition I read most of the responses, is some targeted scanning, such as phpmyadmin use of port 888, redis use of port 6379, if you do not use phpmyadmin or redis, you can remove these ports in the panel security, if you use phpmyadmin, redis, I also do not recommend that you use the default If you use phpmyadmin and redis, I don't recommend you to use the default ports, you can modify them to other ports that are not used by other services. In addition, the service permissions on the panel are accessed by localhost|127.0.0.1 by default, except for the ports that are needed on the panel such as 8888 80 443.
We attach great importance to user feedback on security-related issues, because we ourselves are a company that does security operations and maintenance, and if our products are questioned, all our employees will feel bad about it!
Also if you encounter security related information during use, you can email our team directly to anyone! My email address is: power@aapanel.com
- Edited
Jimmy Maybe we should find an alternative panel for better security or wait a big update...
Cyberpanel is much better. They hired Rack911 to help tighten the security. Keep in mind, they were not badly off in terms of security. https://rack911labs.ca/research/security-analysis-of-alternative-control-panels/
aaPanel should follow suit.
aapanel_power We attach great importance to user feedback on security-related issues, because we ourselves are a company that does security operations and maintenance, and if our products are questioned, all our employees will feel bad about it!
You need an independent third-party company to conduct a security audit of aaPanel. There will always be smart asses out there and that's why an independent audit is important.
- Edited
I personally am sorry for speaking harshly, but I do that (I mean to say sorry) because I am human and also a developer and I know how hard it is to maintain something, especially opensource, but I am a perfectionist, and you should do to, because your software is serving a big share of people. Also, you have to understand that your words should follow your actions if you want them to have actual meaning. After a year of comments in this thread I did not see any actions in terms of this matter. There is a vulnerability here. Once your users install the panel using the bt.cn node, instantly their cover is blown and they are suddenly exposed to the world and easy exploitable with automated payloads, this is serious stuff. Thank you!
aaP-aris Once your users install the panel using the bt.cn node, instantly their cover is blown and they are suddenly exposed to the world and easy exploitable with automated payloads, this is serious stuff. Thank you!
Unfortunately, aaPanel is rebrand of BT Panel and I think aaPanel developers have to wait for BT Panel developers to do stuff. So in this case, they have to request BT Panel developers to work on it.
- Edited
Nope. You are 100% wrong here (my opinion). I don't agree with you for 2 reasons. First reason: it's open source, so they can do whatever they want and second reason: all they had to do is change the installation script and remove bt.cn nodes. The installation script is not even a part of the main repository, it's a separate file downloaded from their official rebranded website, not the bt.cn version!
@aaP-aris and @Jimmy guys thanks a mil for the fastpanel hint. Haven't had much time to try it, but so far what I have tested I am really enjoying it!
Pros:
- Super fast performance;
- Uses the systems packages instead of cumbersome install scripts that break everything;
- Well achieved user interface, haven't found any bugs;
Cons:
- No chance of changing the default user or create a new "super user" and remove the current;
- No ability to choose what software to install in the beginning;
However, I have used dnf to remove ... exim, dovecot and a couple of other services it installs by default, it removes the services and appears to be working perfectly.
Again, the performance of the panel itself is brilliant, I'm very much enjoying it. Cheers