当前位置:网站首页>There is a mining virus in the server
There is a mining virus in the server
2022-04-23 14:02:00 【Rookie cat meow meow】
use top Command view , These two mining viruses , Really .
The two of us have the same solution , For example .
Find out PID
ps -ef | grep kdevtmpfsi
Delete process
sudo kill -9 [PID]
Can pass sudo crontab -l See if there are any suspicious planned tasks .
The virus will restart soon , Look at its daemon
systemctl status [ Viruses PID]
[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly
Delete virus daemon
sudo kill -9 30409 30985
Delete Suspicious documents ’
It's usually in tmp Under the table of contents
You can see kdevtmpfsi, These two virus files
Decisive deletion :
sudo rm kdevtmpfsi
stay /tmp Look under the directory to see :
These are all deleted
Delete !
- adopt
find / -name "*kdevtmpfsi*"
Does the command search have kdevtmpfsi file
No, just
Now? cpu It's down .
After the fact check
- adopt
find / -name "*kdevtmpfsi*"
Does the command search have kdevtmpfsi file - see Linux ssh Log in to the audit log .
Centos
AndRedHat
The audit log path is/var/log/secure
,Ubuntu
AndDebian
The audit log path is/var/log/auth.log
. - Check crontab Is there any suspicious task in the planned task
Later protection
- Enable
ssh Public key login
, Disable password login . Virtual machine
: Perfect security strategy , Inlet flow , Generally only open 80 443 Just port , The outlet flow can be unlimited by default , If there is a need to limit according to demand .The physical machine
: Can passHardware firewall
perhapsOn the machine iptables
To open the flow rules at the entrance and exit .- This machine does not directly need to provide external services , You can reject all traffic at the entrance of the external network card , adopt
jumper
Machine intranet login service machine .
- Prohibition ip
版权声明
本文为[Rookie cat meow meow]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231342343007.html
边栏推荐
猜你喜欢
随机推荐
VsCode-Go
AtomicIntegerArray源码分析与感悟
request模块
Jenkins construction and use
Redis docker 安装
理解虚基类、虚函数与纯虚函数的概念(转)
crontab定时任务输出产生大量邮件耗尽文件系统inode问题处理
Chapter 15 new technologies of software engineering
JMeter pressure test tool
Express ② (routage)
Program compilation and debugging learning record
Function executes only the once function for the first time
Android篇:2019初中级Android开发社招面试解答(中
生成随机高质量符合高斯分布的随机数
编程旅行之函数
接口文档yaml
【报名】TF54:工程师成长地图与卓越研发组织打造
Programming travel function
微信小程序与低功耗蓝牙通信-往硬件端发送数据(三)
L2-024 tribe (25 points)