Tutorial:

In late October 2024, security researchers uncovered multiple zero-day vulnerabilities affecting CyberPanel versions 2.3.6 and 2.3.7, leading to unauthorized root access on over 22,000 servers and widespread PSAUX ransomware attacks. These critical vulnerabilities make it essential for CyberPanel users to upgrade immediately to the latest, patched version to protect their servers. Here’s a breakdown of the vulnerabilities and a step-by-step guide to upgrade your CyberPanel installation safely.

Key Vulnerabilities Discovered:

1. Defective Authentication: CyberPanel checked user authentication on each page separately rather than centrally, exposing specific pages that remained unprotected.
2. Command Injection: Inputs on unprotected pages were not properly sanitized, allowing attackers to inject and execute arbitrary system commands.
3. Security Filter Bypass: CyberPanel’s security filter only checked POST requests, which allowed attackers to bypass protections by using other HTTP methods, like OPTIONS or PUT.

Because of these vulnerabilities, updating CyberPanel has become urgent to prevent potential unauthorized access or ransomware attacks on your server.

How to Upgrade CyberPanel Safely

Due to these recent findings, an important yet undocumented pre-step is necessary for a smooth upgrade. Here’s how you can apply the latest CyberPanel patch without encountering upgrade errors.

Step 1: Stop CyberPanel Before Running the Upgrade

One common issue during upgrades is that CyberPanel’s own processes can conflict with the update, causing it to fail. To prevent this, stop the CyberPanel service (lscpd) before running the upgrade command.

Use this command:

systemctl stop lscpd

Stopping CyberPanel allows the upgrade to proceed without interference, and your websites will remain accessible since LiteSpeed operates independently of CyberPanel.

Step 2: Run the CyberPanel Upgrade Command

With CyberPanel stopped, you can now proceed with the official upgrade command to install the latest patch:

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)

This command pulls the latest upgrade script from the official CyberPanel repository and installs the updated version.

Step 3: Restart the CyberPanel Service

After the upgrade completes, restart the CyberPanel service with:

systemctl start lscpd

Check the service status to confirm it’s active:

systemctl status lscpd

If the status shows the service as running, then your upgrade was successful, and CyberPanel is now up-to-date and secure.

Additional Step: Disabling Auto-Start for Extra Security

If you use CyberPanel sparingly, you may choose to disable it from starting automatically on boot. This setup allows you to activate CyberPanel only when you need it, reducing potential exposure and saving server resources.

To disable CyberPanel auto-start:

systemctl disable lscpd

With LiteSpeed keeping your sites online, CyberPanel only needs to run when you require its management functions.

Summary

1. Stop CyberPanel: systemctl stop lscpd
2. Run the Upgrade Command: Execute the curl or wget command to upgrade.
3. Restart CyberPanel: systemctl start lscpd once the upgrade finishes.

Given these recent vulnerabilities, updating CyberPanel is critical. Following these steps will help you secure your server while avoiding the frustration of a failed upgrade.