Server affected by crypto mining · CyberPanel Community

HM

Himanshu Meena May 02, 2023 #1

Hello Team

I had used 3 times in 3 different servers but from each Server I got notice for crypto mining. What is this can someone tell me

jo

josephgodwinke May 02, 2023 #2

Hello @lazybut

Removing the cyrptominer malware is more tedious than reinstalling your server os. Rollback to an earlier snapshot or reinstall in a clean os

HM

Himanshu Meena May 02, 2023 #3

jo

josephgodwinke May 02, 2023 #4

I thought you arleady identified the culprit and looking for mitigation ?

HM

Himanshu Meena May 02, 2023 #5

what are you saying i was using cyberpanel and i got notice now website hosted on that
how could this possible

jo

josephgodwinke May 02, 2023 #6

Look for posts like yours here. If its mitigation then the only solution is to do a fresh installation on a clean os. If its trying to identify the use htop and look for suspicious activity or processes

HM

Himanshu Meena May 02, 2023 #7

i had shared htop snap above please check

jo

josephgodwinke May 02, 2023 #8

You installed but didnt run it . In ssh run htop wait until you see anything like p2pclient, some form of peer to peer client, docker containers you did not create, raven etc

Dr

Dreamer May 03, 2023 #9

Re-install fresh cyperpanel DO NOT use default password. Also after install change panel default port and create new ssh user with sudo priviliges, then disable root login and ssh password login use only ssh keys.