Cyberpanel cryptojacking

hi everyone,

Have you ever experienced cryptojacking through cyberpanel. My instance in GCP was suspended because of cryptojacking. I am still trying to investigate what happened, could you guys please help if anyone has experience of how to investigate this?


From what I’ve heard, it’s only people who are hosting an old CyberPanel without fixes, that have been affected. But then again, it was WordPress plugins exploited also.

There was a big update today, that resolved a lot of things.

Oh I see, I have just updated to the latest version, do u know how to detect if there is really mining done in the background or its just a false alarm for Google.

Use top command on terminal if there is miner it will show there.
Most likely if you have miner, those comes most likely nulled themes and plugins. If you have miner on root user then you been hacked in that case maybe better re install cyberpanel.

perhaps can use combination netstat htop/top atop iptraf

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.