Welcome toVigges Developer Community-Open, Learning,Share
Ask a Question
Welcome To Ask or Share your Answers For Others

Categories

求救,centos7被挖矿木马劫持

0 votes
3.9k views
in Technique[技术] by (71.8m points)

求救,centos7被挖矿木马劫持

求救,crontab被木马劫持,一直在发挖矿请求。

image.png

定位到来源是/var/spool/mail/root一直接收到木马邮件,我尝试删掉木马文件,停止crontab,可这邮件一来就全启动了,木马文件又生成了。

image.png

image.png

本来还有个病毒进程,现已删除,但crontab被劫持的还是无法处理。
image.png


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
  1. 备份系统盘
  2. 重装系统
  3. 挂盘备份系统盘,拷贝重要数据
  1. 关闭不必要的端口
  2. 不能关闭则限制IP访问
  3. 对外服务尽量避免root启动
  4. 修改默认端口

大概这样。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to Vigges Developer Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

2.1m questions

2.1m answers

63 comments

56.6k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...