Thanks for the information!

The algif_aead module is not loaded on my system so I assume one of the previous updates may have disabled it.

Glad to hear it.

The site has been fine since the configuration was changed.

Basically a script (or scripts) were hammering the server with bogus file searches. Since PHP was previously handling the file not found errors, it was spiking resource usage (ie. memory + CPU). Apache now handles the error which uses very little resources, rendering that sort of attack ineffective.

Sorry that I haven't respond to this but I've been VERY busy! When I logged in today everything was OK.

Personally, I'm not sure how it worked. All I know is what I've read. cPanel has also had one or more upgrades because of hackings, etc.

I do use a different port and have for a very long time. The problem is that they can take over a local user account and turn it into an admin account...from what I've been reading. I've recently installed CloudLinux on my new server and they keep the older PHP versions up to date, but, you do have to pay for it. I got it so that I could fix the SMF versions that were running SMF 2.0x and needed PHP 7.x or other outdated PHP versions. And they do work.  After I get the older versions straightened out, I'll probably disable CloudLinux, maybe. Their support is very good and they will help you fix any problems even if they need access to your server and do it themselves.

So, I've been running around letting everyone that I know who runs a server so that they and their users will be safe. 

How did the hack work, exactly?
I read the 2 articles and it sounds like the "Copy Fail" exploit is hacking the cache to trick the host & continue a root session.
So it bypasses an encrypted SSH key pair by doing this?

Do you also use a random unused high numbered port? (you should)

I've had some attacks recently that I patched up by reconfiguring things but luckily nothing like this as far as I know.

I'm sorry that I haven't been around but I've been through server hell and back. LOL

The reasons being is that I was having servers issues with older forums and WordPress sites that weren't upgraded and still using older PHP versions. Those versions are outdated and can cause security vulnerabilities, as well as just operating issues. Those sites started having problems, although, they were warned well ahead of time.

Fast forward to the present... There eventually came a hacking that had nothing to do with their issues which compounded things even further making it harder to tell what was going on. While trying to fix some of the former issues, I started noticing some strange attempts on the server. So, I decided to move to new hosting as the one I saw with was no help at all!

After, about a week after moving to the new hosting, I slowly started receiving login emails from "unknown sources". This usually means that one or more persons have gained access who were not supposed to be there. I mean Admin access. Luckily, I had already moved everything and am HOPING all is good with the new hosting. So far, everything has been good. I even paid for CloudLinux which will give you older PHP versions which they keep updated, as well as other things. I've seen CloudLinux for a long time but have never thought that I would need them, until now! Yes, I was using Contabo Hosting and they currently are not answering any support tickets "due to high demand". It's been a few days for me now. So, I can only think that, maybe, a lot of their servers were hacked, unfortunately!

Here are the current security issues I've faced and have noticed, thus far:

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution:

https://xint.io/blog/copy-fail-linux-distributions

Dirty Frag [CVE Pending]: Mitigation and Kernel Update on CloudLinux:

https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update

I hope that this will help others to protect themselves and others.

It's great, no mistakes
Thank you very much

Yes, RC1 has a bug in the installer that is causing it to fail putting entries in the settings table.
Thanks for the report.

RC2 is available in the download section.
Please let me know if it corrects what was reported.

Thank you.

Undefined array key "sp_resize_images" Subs-Portal.php (Line 286) - incorrect version of PHP

The .....RC1.zip version still has a bug
Dzisiaj o 02:29 AM
FERROVIA
193........
edf25612297d3716d0d4bae26f8b2e53
......ferrovia/Sources/Subs-Portal.php (Linia 222)  Informacje backtrace

Typ błędu: Nieokreślone
Komunikat błędu[Zaznacz]
2: Undefined array key "ehportal_version"



General Information
Version Information:
Your Version: 0.00  no version number
Current Version: 1.40.3