I have multiple cyberpanel servers that got hacked. Hackers created subdirectories like /library and /apply. These subdirectories are then installed with job websites.
Some servers keep having 100% cpu usage. There is a “kthread” process that keeps using up all CPU resources.
How do I secure my servers now? So many websites have been affected.
You can try this.
I have followed the instructions to clear the malware. However, I still have one server that has a process “kthread” that uses 100% of cpu. How can this process be removed? Killing it kills all the websites.
You should backup and restore somewhere else.
This process seems to be a kernel process take senior advisise or your server admin advise.
Technical support gave reply that server has been hit with cypto malware. It is related to cyberpanel’s recent hacks. They suggest that I move my websites to a new server and destroy the current one.
Can cyberpanel fix this problem? If not I will move my websites to a new server.
The current problem is there are two /opt/.kthread/kthread that kept using up all cpu resources.
I tried this to clear the malware on another server. A few hours later, my server got hit again. I still got two servers with 100% or 300% cpu usage. One is Kthread and the other xmrig process.
I don’t think this script works anymore. The malware keeps coming back eventhough I have updated cyberpanel to latest version.
because Cyberpanel is one big flaw, get another panel and reinstall the server. The malware has already got all available, so only reinstallation.
Yes this script only works with kinsing.
There’s they are releasing updated frequently but as well you can see servers and panels are getting down everytime. The best option is changing your panel. And follow the security measures.
There are more than one malware. Some of my websites have job portal website installed. Some have cypto mining process running in server. Cyberpanel admins should have listed out all the issues.
I hope you tried the kinsing script. And is it working?
If your site is working and you are able to login your wp-admin, then it is better to take backup and create a new server with xcloud host and serveravatar like control panel.
You can use ClamAV and LMD to find and remove virus from your server but it is better to create a new server.
Also, don’t forget to check cronjob, tmp, ssh and root directory while scanning.
Lesson that everybody should learn from this incident — never blindly trust on this type of control panel. Try xcloud host or ServerAvatar type of control panel.
The kinsing script doesn’t work even though it detected malware. I solved the problem by removing the cypto mining malware. This solved the 100% CPU usage problem. Then moved all my websites to another server. Without removing the cypto mining malware, it’s not possible to do anything as the CPU is always at 100%.
Thanks for the advice. xcloud host or ServerAvatar are not freeware. Those can be compared to Cpanel and Plesk. Should compare cyberpanel to freeware panels like webmin+virtualmin or cloudpanel+mailcow, aapanel and etc. I have tried those and coming back to cyberpanel. Hopefully cyberpanel team can make their panel more secure.
You’re right. It is not good to compare a premium service to the freeware control panel.
But first thing, I am not comparing CyberPanel with any other control panel. I am just giving suggestions. Comparison and suggestions are two different thing.
Second thing, I suggested xcloud.host ServerAvatar for those who are looking for a free alternative control panel and these both has free option. You can manage 1 server with 10 websites on xcloudhost without paying anything and live support is awesome.
CyberPanel is also a good panel with good performance. If you want to use it, then you can but is somebody may get better option than what is wrong to suggest them.
Currently, CloudPanel is a good option compared to aapanel, CyberPanel, and others. CyberPanel is too buggy. My 60% clients are switched to the CloudPanel and other are switching to others web based panel.
Note: I am affiliated with any of these software/panel.
I have over 60 servers running CyberPanel/Not a single server or site has been compromised.
The recipe is simple:
Hi, there is a HestiaCP panel, it has quite a lot of benefits and it is stable and secure, try it
I am also there, its good just nginx - its missing vernish otherwise great.
It is open source and so insecure. The whole reason Cyberpanel got hacked was because it is open source so open to nasty evil people who can easily exploit it.
As soon as Hestia get popular, it will also be easily hacked. Open source by nature is insecure and really a terrible model for a control panel facing public.
Incorrect. It’s more secure - the issue with Cyberpanel was the problem was discovered but the Cyberpanel team failed to inform anyone about it before they gave permission for it to be made public - exactly the same issue can (and does) occur in proprietary software but you have the added issue that proprietary software also likely includes malware from the developer themselves which nobody can do anything about because the source code is not available.