Cyberpanel is is getting data mining crypto mining without any server owner permission I got strick from Google and my account is getting suspended because cyberpanel is doing illegal background crypto mining in our server I am doing legal case against this cyberpanel community is doing illegal background mining without any server owner permission.
Do you have a snapshot of this server or you need the info you have on it?
Seems you are running nulled or infected files in your document root like drupal/joomla!/wordpress nulled themes, plugins, extensions etc. You will need to use htop or top to understand where this process is running from and what its called. Post a screenshot here
With such infections you will find a network of processes running together in tandem from ‘xmrig’ (PUP - with some sort of malware or just some sort of crypto mining trojan masquerading as xmrig) or the actual xmrig CPU/GPU miner, somesort of p2p client, alot of kworker processes (with this you are doomed) if you have several kworkers they might hog your server until hell freezes over. However you can setup cpu backtraces to identify what is causing the cpu hogging issue. Ofcourse you will find out that its some executable which is part of the mining trojan.
There is no automatic removal of this malware becuase we cannot know to what extent your server is infected. The manual option of removing and disinfecting would take longer and still would leave traces of the malware and backdoors.
Best option is to install an earlier snapshot ot the server or do a clean install.