Hack Mining - Monero - 100 CPU usage - CyberPanel - xmrig - c3pool

Just installed Cyberpanel and nothing else, I see this miner using 100% cpu power and as showing as this command in Htop

/root/c3pool/xmrig–config=/root/c3pool/config. json

To stop this, I just deleted the folder /root/c3pool and restarted but how did it get in root?
Will it come back? Is it in the Cyberpanel build?

Your server is probably hacked.
When you installed server did you use default password?

Looks like there is bots scanning VPS providers IP ranges, for hosting panels default ports and passwords. When find vulnerable panel they add ssh keys to get access to your server.

To avoid this always set password your self, change default port and disable root login.

Also upgrade CyberPanel too.

1 Like

100% correct, I didn’t change the password 1234567 - that bot found it so quickly.
Only was running for 12 hours so it must have found the IP running CyberPanel within max 24 hours.

Lesson learned - change admin password immediately.

Thanks for help again!

Change all ssh keys too so they can’t use those for acces or if fresh server maybe just reinstall

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.