iam runing aapanel on 3 servers i never had any attacks from china but still jose is going to give solution on this..

    We have installed it on VPS for our customers well over 100 installations, until a few days everything was fine, for a few days we have been attacked continuously and the customers are freaking out. Now we are gradually changing everything over to a different panel, but we are leaving our test server running and installed a different test server 3 days ago but with a different IP range, so we took completely separate data centers and did it again same problem. There are only domains active, but also no content on the websites, so that no Wordpress or the like is installed, so it can not come, server itself is absolutely clean, a CENTOS 7 and 8, but we can all attacks up to China and trace 2% of Russia.

    JAY I hope so, because Plesk is worse and costs too much money in licenses. We don't want to save on security, but open source is better.

      10 days later

      <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="blank">www.bt.cn</a>) All Rights Reserved</div>

      If the question arises as to why the data logger must be present in the copyrights, all data can be recorded.
      From then on, passwords username and other data are recorded.

      Yes just stupid that this is already in Install.html and records everything before Fail2ban

      default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
      (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

        KrzysztofMaciejewski <div class = "copyright"> Copyright © 2014-2099 <a href=" http://www.bt.cn "target=" blank"> {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} (<a href=" http://www.bt.cn "target=" blank"> www.bt.cn </a>) Alle Rechte vorbehalten </ div>

        ( {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} ) =Keylogger

        And this line creates a user in the DB, like 287962566@qq.com, which is not deleted. Thus, the user has constant access to aaPanel

        default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

            CQT

            Now I was extremely worried!

            Are you saying that aaPanel developers can access all content on installed servers?

              I can't say yet and I won't, but the lines make me think! First I want to have a statement from aaPanel_Jose, it can also be corpses, but why should one leave such corpses. In addition, we have not yet examined the entire script

                due to code is open on github we can invite pentesters to check vulnerabilities and tracking info i know few blackhat hackers i will invite them to do a pentest the web application

                CQT
                emmm, this is the file used when the database is initialized or the database is damaged. It will not be automatically called and needs to be executed manually.

                In addition, It is impossible for us to collect user login information. We take the privacy of each user very seriously

                The development of the shielding country function of the system firewall is nearing completion. Will be released soon~

                    aaPanel_Jose

                    thank you Jose for the answer.

                    What about this line?

                    <div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="_blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="_blank">www.bt.cn</a>) All Rights Reserved</div>

                    {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}}

                        CQT
                        This is a front-end template for python, is there any problem?

                          7 days later

                          On some level, we need to find out why these servers are being attacked like this. I have one that I fired up today's ago, not shut down my OVH because of the non-stop attacks.

                          So what are the footprints that are being targeted? Why are they going so hard after this panel. I had Virtualmin on this before this, no problem for years. Now with aapanel, in two days it gets shut down by my provider. I can't even get to it to move the websites. :-(
                          https://www.screencast.com/t/RJKx0s31