What is wrong with Cyberpanel? do i got hacked? wierd process and unworking phpmyadmin

As-salamu alaykum

i have been using the cyberpanel since 2 years for now and it was really the best option for me, i don’t face any big issues with it, but suddenly my server provider sent me an email to told me they notice ( outgoing ddos attack ) from my server and they may block my server during the next few hours !

i tried to resolve the problem and see the running process by ( top ) command, and i saw a weird process called ( dNYb(U! ), and when i tried to know the parent file of this process i see something more weird ( /tmp/zzx64 )

i killed the process and removed the file, and everything was okay for a few hours, but now it returned back to this location ( /var/zzx64 )

i tried to update or upgrade cyberpanel but it always failed and i see this errors

Uninstalling virtualenv-20.27.1:

  Successfully uninstalled virtualenv-20.27.1

WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

Collecting virtualenv

  Using cached virtualenv-20.27.1-py3-none-any.whl (3.1 MB)

Requirement already satisfied: filelock<4,>=3.12.2 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (3.16.1)

Requirement already satisfied: distlib<1,>=0.3.7 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (0.3.9)

Requirement already satisfied: platformdirs<5,>=3.9.1 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (4.3.6)

Installing collected packages: virtualenv

Successfully installed virtualenv-20.27.1

WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

Requirement already satisfied: virtualenv in /usr/local/lib/python3.10/dist-packages (20.27.1)

Requirement already satisfied: platformdirs<5,>=3.9.1 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (4.3.6)

Requirement already satisfied: filelock<4,>=3.12.2 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (3.16.1)

Requirement already satisfied: distlib<1,>=0.3.7 in /usr/local/lib/python3.10/dist-packages (from virtualenv) (0.3.9)

WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

i tried to apply the official fixing solution on this page

but the problem still exists

i tried to make a new vps server and reinstall a fresh cyberpanel, then transfer my website to my new vps, but i see this error message whenever i tried to open ( phpmyadmin ), it redirects me to this link

https://myserverip:8090/dataBases/fetchDetailsPHPMYAdmin

and i see this error on my browser

{"error_message": "Error: Expecting value: line 1 column 1 (char 0)", "errorMessage": "Error: Expecting value: line 1 column 1 (char 0)"}

i tried to reinstall it and fix its permissions but the problem still exists !
and i notice some people complain from the same error in the cyberpanel community, i also tried to install an old version of cyberpanel, but the python problem still exists

help me please, or at least resolve the phpmyadmin problem because i’m sure it is a cyberpanel bug, it is not my server for sure

i will attach some screenshots which may help identify my problem

1 Like

i tried to apply the fixing solution in this link

but when i upgrade or update the cyberpanel i see these errors

Let me know have your server access restored?

And it seems some package issues.

There are multiple solutions for the package problem in your last screenshot.

strip_trailing_zero

sudo pip install packaging==22

or

pip install cloudflare==2.8.13

This is the official fix by cyberpanel:

https://raw.githubusercontent.com/shbs9/CPupgradebash/refs/heads/main/ubuntufix.sh

2 Likes

i did not face any problems with server access
i suddenly saw the server provider email about ( outgoing ddos attack ) yesterday, and i did not even read about the cyberpanel security bug before my server provider email

Okay. Use some kind of security product and only use this guide if you can’t access your server.

1 Like

many thanks my bro

the problem finally got fixed and i successfully upgraded cyberpanel
i think i should run a clamAV full scan for my entire server now

Yes. You can.

And thanks to @KibbelKing for the guide shared to you.

Thank you Ariyan,

i will run a ClamAV full scan now and i will take your advice in my mind for more security in the future

Regards

1 Like

Please, tell me, how you fix problem with access to phpmyadmin? I take this bug too.

{"error_message": "Error: Expecting value: line 1 column 1 (char 0)", "errorMessage": "Error: Expecting value: line 1 column 1 (char 0)"}