VestaCP has serious security bugs. You need to update now.

VestaCP is having a zero-day bug, which has never been seen before and is very dangerous, causing the server to suffer automatic attacks. If you are using VestaCP, please update immediately.


Information about this bug appeared on 07/04 at VestaCP forum and many other technology forums and attracted many people interested because of its danger level. In addition, many vendors had to shut down a series of VPS attacked by this security flaw.

Today, VestaCP released the latest update – 0.9.8-20 – patched and enhanced security.

If you are using VestaCP, immediately update the manager to the latest version in one of two ways:

– Option 1: Accessing VestaCP administration on the website, Updates and core updates

vestacp update

– Method 2: Through SSH# v-update-sys-vesta-all


PKG                VER    REL  ARCH    UPDT  DATE
---                ---    ---  ----    ----  ----
vesta              0.9.8  20   x86_64  yes   2018-04-09
vesta-php          0.9.8  19   x86_64  yes   2018-04-09
vesta-nginx        0.9.8  19   x86_64  yes   2018-04-09
vesta-ioncube      0.9.8  19   x86_64  yes   2018-04-09
vesta-softaculous  0.9.8  19   x86_64  yes   2018-04-09

Note: If you have disabled the previous VestaCP management service then you need to enable it again and run the update:

# systemctl enable vesta && systemctl start vesta

Good luck to you protection of your system!