Alibaba Cloud server was attacked by [crypto] causing full CPU
Today I logged into Alibaba Cloud and saw that my server's CPU utilization was full, and then Alibaba Cloud sent me this message again. I think there may be a problem with my Alibaba Cloud server, so I searched for a lot of information on Baidu and finally solved it. , To sort out the resolution process. Below is the link to the Great God.
https://blog.csdn.net/qq_34442563/article/details/103846133
1. Find which program occupies high CPU
Use the top command to find which program occupies high CPU
top
Obviously, the program [crypto] is taking up our CPU. 99.9% is a bit too much. Then our first reaction must be kill -9 pid. This is also the case for me, but things are not that simple. After I killed it, how many times did it go? Restart in seconds
2. Find the location of the program
We find the location of the program by pid, as you can see in the figure, the program is located in the /usr/share directory
ls -l /proc/pid/exe
3. cd to the directory where the program is located, and delete related files
We cd to /usr/share, as shown in the figure below, you can see the four files in the red box, obviously that is the file we want to delete
cd /usr/share
ls
Then, we delete those four files
rm -f 文件名
As shown in the figure below:
When we search through pid again, we can't find it, indicating that the deletion is complete
4. The kill command kills the process
We kill the process through the kill command and the process pid, and then check the top command, we find that the process has been deleted, and we have waited for a long time, the process is not restarting, so we know that we have solved the problem
kill -9 pid
Then Alibaba Cloud sent me a message and
successfully solved the problem!