April 10 Update:
Patch was released, but it’s unclear if this fixed the exploit. No confirmed details on how the hack was performed are available, no official statements from VestaCP team on the issue, just a security patch that fixed some issues.
Personal opinion: Assume VestaCP is still pwned, do not run the vesta service unless you’re a gambler.
April 8 Update:
Patch Released, please update your VestaCP installs ASAP.
https://forum.vestacp.com/viewtopic.php?f=10&t=16556&start=260#p68893
=======================
Lots of users reporting their boxes have been pwned. Vesta dev team members suggesting users disable the vesta service on your machine (admin panel) until they can figure out what’s going on and release a patch.
Full thread: Got 10 VestaCP servers exploited - Vesta Control Panel - Forum
Edit:
Look for a gcc.sh
file in your /etc/cron.hourly (and other cron.* folders). If you find it, you’ve been pwned.
Definitely disable the vesta service though ASAP. service vesta stop
// systemctl stop vesta