处理服务器被挖矿的一次经历
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">早上来<span style="color: black;">机构</span>,客户报系统<span style="color: black;">不可</span>登陆了。我以为简单的应用挂机问题,后来<span style="color: black;">发掘</span>是cpu超200。直接使服务器宕机!猜测是被<span style="color: black;">移植</span>了挖矿程序,后来经过证实果然是。于是<span style="color: black;">起始</span>和植马的狠人斗智斗勇。用尽浑身解数<span style="color: black;">最终</span>解码。在<span style="color: black;">全部</span>过程中,<span style="color: black;">发掘</span>这个人是个狠人,<span style="color: black;">办事</span>不留痕迹,<span style="color: black;">按时</span><span style="color: black;">移植</span>的漂<span style="color: black;">美丽</span>亮。假若有缘,<span style="color: black;">能够</span>交个<span style="color: black;">伴侣</span>,<span style="color: black;">一块</span>探索渗透技术,哈哈!<span style="color: black;">或</span>当个红帽子!</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/473513d93ad34a77838b7eb473cea143~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1724865443&x-signature=jgU6yXWe1SuB4ZHABKn1Ip5NMqo%3D" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下面跟<span style="color: black;">大众</span>介绍这个狠人的招数,我<span style="color: black;">为么</span>说是个狠人,是有<span style="color: black;">原由</span>的。单纯的植马,那无<span style="color: black;">所说</span>,<span style="color: black;">运用</span>个弱<span style="color: black;">秘码</span><span style="color: black;">或</span>其他渗透手段就能进入服务器。马删了<span style="color: black;">亦</span>就无<span style="color: black;">所说</span>了。这个马却是个狠马。被<span style="color: black;">移植</span>不说,文件属性还被更改为只能被添加,不<span style="color: black;">准许</span>被删除。这还不行,竟然还搞了个u属性(u-卖个关子)。当我<span style="color: black;">发掘</span>后只能<span style="color: black;">运用</span>chattr删除属性,<span style="color: black;">然则</span><span style="color: black;">发掘</span><span style="color: black;">运用</span>了<span style="color: black;">无</span>报错(不<span style="color: black;">表示</span>),<span style="color: black;">熟练</span>linux的都<span style="color: black;">晓得</span>,不<span style="color: black;">表示</span><span style="color: black;">便是</span>最好的<span style="color: black;">表示</span>,<span style="color: black;">由于</span>执行成功的才会<span style="color: black;">这般</span>。<span style="color: black;">然则</span>查看时,那玩意竟然还在,真实头大啊。看着top后高高在上的cpu,真是有苦说不出哦!几经周折,<span style="color: black;">发掘</span>chattr<span style="color: black;">亦</span>给我替换了。找到<span style="color: black;">原由</span>,就能对症下药了。于是乎,安装chattr的包(e2fsprogs-这个需要<span style="color: black;">按照</span>你服务器的版本,我的是阿里云 linux),命令,yum -reinstall e2fsprogs -y,强制替换掉的命令。接下来<span style="color: black;">便是</span>刷刷的删除<span style="color: black;">不应</span>有的属性,接着rm干掉这玩意。接着重启应用,成功!真是出了一头汗!<span style="color: black;">期盼</span>本篇信息<span style="color: black;">能够</span><span style="color: black;">帮忙</span><span style="color: black;">更加多</span>处在被攻击却无从下手之人!</p>
期待更新、坐等、迫不及待等。 这夸赞甜到心里,让我感觉温暖无比。
页:
[1]