The purpose of this script is to automate the following blog post instructions.
https://managingwp.io/live-blog/cyberpanel-servers-v2-3-6-hacked-via-pre-auth-rce-october-28th-2024/
wget -qO- https://raw.githubusercontent.com/managingwp/cyberpanel-rce-auth-bypass/refs/heads/main/kinsing-cleanup.sh | bash
Use the kinsing-cleanup.sh script. This script will remove the kinsing malware from your server. This malware just runs a cryptominer on your server and doesn't encrypt files.
You can see the following gist https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882 it's also mirrored under psaux directory
Not much know about this ransomware yet.
All PR's should be done off the dev branch
- Fork and clone the repository.
- Checkout dev branch.
- Make your commits and create PR.
If you want to get ahold of me, see https://managingwp.io/contact/
- https://gist.github.com/ArrayIterator/ebd67a0b4862e6bfb5d021c9f9d8dcd3
- https://gist.github.com/yoyosan/5f88c1a023f006f952d7378bdc7bcf01
- https://gist.github.com/NothingCtrl/710a12db2acb01baf66e3b4572919743
- https://gist.github.com/NothingCtrl/78a7a8f0b2c35ada80bf6d52ac4cfef0
- https://gist.github.com/crosstyan/93966e4ab9c85b038e85308df1c8b420
If you like any of the scripts or tools, please consider donating to help support the development of these tools.
