Server mining program record - Code World

Server mining program record

Others 2021-01-24 15:59:40 views: null

The server's external network opened the remote 2375 port of docker. The
result was that an inexplicable number of ubuntu and centos containers were received at the same time as an Alibaba Cloud server mining warning. The management side saw that the cpu usage rate has been stable at 50% during this period test machine cpu usage was normal
troubleshooting steps

Delete mining container
Through the top view, it is found that a process named sshd -n takes up too much resources
View sshd -n named location

whereis 'sshd -n'

The step of deleting the sshd -n file reports an error Operation not permitted, basically chattr can't be used, you can copy chattr from other servers and then operate or recompile the chattr source code

cd /usr/sbin && chattr -ia 'sshd -n' && rm 'sshd -n'

5. After restarting the server, I found that the CPU usage directly occupied 100%. The
top command could not see it, and vmstat could see the value of us 100.
Insert picture description here
According to Alibaba Cloud monitoring, the process systemd-host was found.

根据名称找到相关文件,
find / -name systemd-host
#去掉执行权限
chmod -x
#增加不可修改属性
chattr +i systemd-host
#重启
reboot

So far the problem is solved

other

The timed task has also been added a thing that you don't know what it is, just change it and comment it out
Insert picture description here

#查看文件隐藏属性
lsattr filename
#去除隐藏属性
chattr -i filename

Guess you like

Origin blog.csdn.net/chen_cxl/article/details/110637276

Server mining program record

Server is compromised solution mining program

WeChat Mini Program Development Mining Pit Record

Liunx server invasion kdevtmpfsi mining program

Small program development server side (record development)

Note: Solve the malicious process of Alibaba Cloud server mining program

[Practice] Record an edusrc mining

Linux server tragic mining

Mining viruses linux server

Mining server virus

The server was hijacked by a mining Trojan

Solution to server mining virus

Ubuntu clears a record of mining virus

Mining program under Linux solutions

Solution: The problem that the Alibaba Cloud server failed to modify the password after being implanted in the mining program (error: passwd: Authentication token manipulation error)

SegFormer program debugging record

linux server virus found in mining

Demand Methodology: Understanding the needs / source / mining / record

Record kdevtmpfsi virus mining method for recording and processing

ObjectMapper mining pit record and source code analysis

Redisson distributed lock use mining pit record

Record a complete SRC vulnerability mining practice

Solution CentOS invasion wbew mining program

The record is for the domain name or server?

Export record on the DNS server

Record some forgotten the basics of the program

Mini program optimized loading record

Record that a program cannot start the problem

Unity building interactive program record

Mini program AR pitfall record

Recommended

The United States plans to restrict the export of large AI models to China and Russia

Apple to reach agreement with OpenAI to bring ChatGPT to iPhone

Ranking

whisper-webui installation tutorial is silky and easy to use

[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations

Import torchvision error problem solving DLL: module not found

observer & watch & notify = pub & sub

A small turntable program [HTML + CSS + JS]

CorelDRAW 2018 shortcuts Daquan

Supervise el botón de menú para lograr un gatillo de presión prolongada

JS将时间秒转换成天小时分钟秒的字符串

RIP basic configuration

[Deleted] solution to a problem a few questions (Noip1994)

Daily

More

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)