Add README.md

README.md

@@ -0,0 +1,34 @@
+I've created a comprehensive Bash script to help clean up a CyberPanel server infected with Kinsing malware. Let me break down the key features of this script:
+
+### Script Features
+1. **Root Privilege Check**: Ensures the script is run with root permissions
+2. **Logging**: Logs all actions to `/var/log/kinsing_cleanup.log`
+3. **Backup**: Creates a backup of critical system files before cleanup
+4. **Systematic Cleanup**: Follows the steps you outlined in your guide
+5. **Process Termination**: Kills suspicious processes
+6. **Service Removal**: Stops and disables suspicious services
+7. **Security Scanning**: Installs and runs `chkrootkit` and `rkhunter`
+8. **File Tracking**: Creates a list of recently modified files
+
+### Usage Instructions
+1. Save the script to a file (e.g., `kinsing_cleanup.sh`)
+2. Make it executable: `chmod +x kinsing_cleanup.sh`
+3. Run with sudo: `sudo ./kinsing_cleanup.sh`
+
+### Precautions
+- **Always review the script before running**
+- **Understand each step**
+- **Have a backup of your critical data**
+- **Test in a staging environment first if possible**
+
+### Additional Recommendations
+1. After running the script, thoroughly review:
+   - `/var/log/kinsing_cleanup.log`
+   - `/root/kinsing_recent_files.txt`
+   - Results of the `rkhunter` scan
+2. Consider changing all passwords
+3. Review network logs and access patterns
+4. If possible, restore from a known clean backup
+
+### Disclaimer
+This script is provided as-is. While it aims to help clean up the Kinsing malware, every infection is unique. Professional security consultation is recommended for complex scenarios.