install this version of ministra panel and in 2 weeks my VPS was suspended for issuing malicious traffic, the curious thing is that I only put 1 test channel and forgot to continue testing it, it seems that it continues with leaks and backdoors. Be careful with your content.
"
We have received reports that your IP listed in the subject line above is issuing malicious traffic
. As this is possibly a violation of our
Terms of Service, we request that you address these reports immediately. Failure to respond to this notice may ultimately result in the suspension of your service(s).
Please see below for proof:
On September 5 at 23:48:33 (timezone UTC+0200 in Europe)
your host at IP-address (XX.XXX.XX.X my IP) performed a complete network scan of
our network, trying to connect to
the SSH (Secure Shell, TCP port 22) user account login service.
The following logfile lines from our servers (append our domain name
fysik.dtu.dk)
document the incident:
Sep 5 23:48:33 demon2 sshd[26538]: Connection from (XX.XXX.XX.X my IP) port
56970 on 130.225.87.3 port 22
Sep 5 23:48:33 demon2 sshd[26538]: Did not receive identification string
from (XX.XXX.XX.X my IP) port 56970
Sep 5 23:48:33 demon2 sshd[26540]: Connection from (XX.XXX.XX.X my IP) port
56978 on 130.225.87.3 port 22
Sep 5 23:48:33 demon2 sshd[26541]: Connection from (XX.XXX.XX.X my IP) port
56976 on 130.225.87.3 port 22
Sep 5 23:48:34 demon2 sshd[26540]: Invalid user user from (XX.XXX.XX.X my IP)
port 56978
Sep 5 23:48:34 demon2 sshd[26541]: Invalid user es from (XX.XXX.XX.X my IP) port
56976
Sep 5 23:48:35 demon2 sshd[26540]: Connection closed by (XX.XXX.XX.X my IP) port
56978 [preauth]
Sep 5 23:48:35 demon2 sshd[26541]: Connection closed by (XX.XXX.XX.X my IP) port
56976 [preauth]
Sep 5 23:48:35 Watching (XX.XXX.XX.X my IP) as potential attacker
Sep 5 23:48:35 Watching (XX.XXX.XX.X my IP) as potential attacker
There is no question that this constitutes a malicious hacking attempt.
It is therefore extremely likely that this host has been
taken over by intruders. Please disconnect IMMEDIATELY
this host from the Internet and investigate its security
status.
Please identify your customer operating from the above address
at the time mentioned, and terminate immediately his hacking
activities. Please prevent him from continuing his hacking
activities in the future as well.
Due to the potential severity of this incident, we have reported
it to the Computer Emergency Response Team (CERT) in Denmark."