CQT Hey man, I am assuming that the reason you are getting all of these attacks from China is because that's where the CP is from, and it looks to be very popular there. They probably scan the internet for certain footprints of the server and just try to get in any way they can. It doesn't look/sound like it's an issue of security of the software, just that it's targeted. Are you not using Cloudflare?

  • CQT likes this.

    This is exactly my concern that CP comes from China and is misused to attack servers. Not all of our customers use Cloudflare. It is still possible to stretch the IPs of the servers on which the CP is installed and that is exactly what I consider to be very dangerous.

    iam runing aapanel on 3 servers i never had any attacks from china but still jose is going to give solution on this..

      We have installed it on VPS for our customers well over 100 installations, until a few days everything was fine, for a few days we have been attacked continuously and the customers are freaking out. Now we are gradually changing everything over to a different panel, but we are leaving our test server running and installed a different test server 3 days ago but with a different IP range, so we took completely separate data centers and did it again same problem. There are only domains active, but also no content on the websites, so that no Wordpress or the like is installed, so it can not come, server itself is absolutely clean, a CENTOS 7 and 8, but we can all attacks up to China and trace 2% of Russia.

      JAY I hope so, because Plesk is worse and costs too much money in licenses. We don't want to save on security, but open source is better.

        10 days later

        <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="blank">www.bt.cn</a>) All Rights Reserved</div>

        If the question arises as to why the data logger must be present in the copyrights, all data can be recorded.
        From then on, passwords username and other data are recorded.

        Yes just stupid that this is already in Install.html and records everything before Fail2ban

        default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
        (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

          KrzysztofMaciejewski <div class = "copyright"> Copyright © 2014-2099 <a href=" http://www.bt.cn "target=" blank"> {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} (<a href=" http://www.bt.cn "target=" blank"> www.bt.cn </a>) Alle Rechte vorbehalten </ div>

          ( {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} ) =Keylogger

          And this line creates a user in the DB, like 287962566@qq.com, which is not deleted. Thus, the user has constant access to aaPanel

          default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

              CQT

              Now I was extremely worried!

              Are you saying that aaPanel developers can access all content on installed servers?

                I can't say yet and I won't, but the lines make me think! First I want to have a statement from aaPanel_Jose, it can also be corpses, but why should one leave such corpses. In addition, we have not yet examined the entire script

                  due to code is open on github we can invite pentesters to check vulnerabilities and tracking info i know few blackhat hackers i will invite them to do a pentest the web application

                  CQT
                  emmm, this is the file used when the database is initialized or the database is damaged. It will not be automatically called and needs to be executed manually.

                  In addition, It is impossible for us to collect user login information. We take the privacy of each user very seriously

                  The development of the shielding country function of the system firewall is nearing completion. Will be released soon~

                      aaPanel_Jose

                      thank you Jose for the answer.

                      What about this line?

                      <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="_blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="_blank">www.bt.cn</a>) All Rights Reserved</div>

                      {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}}

                          CQT
                          This is a front-end template for python, is there any problem?