Skip to main content

should be "dhcpd cryptominer" or "dhpcd cryptominer"

Comments

2 comments

  • rbairwell

    According to Akamai's report on this piece of malware, you are correct it should be dhpcd .

    As per https://github.com/CpanelInc/tech-CSI "As with any anti-malware scanning system false positives may occur. If anything suspicious is found, it should be investigated by a professional security consultant. There are never any guarantees" - the getcontrolpaneluserspackages does appear to be part of CloudLinux and hence this is probably a false-positive (the code is only checking for files in */bin/* consisting of 26 characters+ in length).

    I've opened a bug report on the Github repository for you about this (and proposed a fix for the above) as I see tech-CSI as more an "unofficial/unsupported" piece of software which just happens to be provided by cPanel Inc - but it isn't part of the cPanel WHM "toolkit".

     

    0
  • chengkinhung

    Hi rbairwell, thanks very much for your information.

    0

Please sign in to leave a comment.