Cyberpanel crypto mining

Cyberpanel is is getting data mining crypto mining without any server owner permission I got strick from Google and my account is getting suspended because cyberpanel is doing illegal background crypto mining in our server I am doing legal case against this cyberpanel community is doing illegal background mining without any server owner permission.

1 Like

:open_mouth: Oh really ? buddy

Welcome @lazybut Happy you are here

Do you have a snapshot of this server or you need the info you have on it?

Seems you are running nulled or infected files in your document root like drupal/joomla!/wordpress nulled themes, plugins, extensions etc. You will need to use htop or top to understand where this process is running from and what its called. Post a screenshot here

To install htop

apt install -y htop || yum install -y htop || dnf install -y htop

With such infections you will find a network of processes running together in tandem from ‘xmrig’ (PUP - with some sort of malware or just some sort of crypto mining trojan masquerading as xmrig) or the actual xmrig CPU/GPU miner, somesort of p2p client, alot of kworker processes (with this you are doomed) if you have several kworkers they might hog your server until hell freezes over. However you can setup cpu backtraces to identify what is causing the cpu hogging issue. Ofcourse you will find out that its some executable which is part of the mining trojan.

There is no automatic removal of this malware becuase we cannot know to what extent your server is infected. The manual option of removing and disinfecting would take longer and still would leave traces of the malware and backdoors.

Best option is to install an earlier snapshot ot the server or do a clean install.

Protect yourself today

i am using 1 website and see how much ram is using and i am using paid source code which is 56$ .

its not nulled script

Do this first and post screenshot so that we can help you