解决阿里云主机受到攻击的问题
详细解决方案
在/etc/profile 文件中添加:
sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
在 /root/.bash_profile 添加相同的代码
定时器执行的脚本:
Java代码
- #!/bin/sh
- $grep_result
- grep_result=`ps -ef |grep tomcat|grep "/home/whuang/software/apache/apache-tomcat-7.0.53"|grep -v "grep"`
- if [ x"$grep_result" = x"" ];then
- catalina_home2=/home/whuang/software/apache/apache-tomcat-7.0.53
- CATALINA_HOME=$catalina_home2
- cd $catalina_home2/bin
- ./startup.sh
- else
- echo "tomcat is running..."
- fi
- rm -fr /usr/bin/acpid 2>/dev/null
- rm -fr /usr/bin/bsd-port/agent
- rm -fr /usr/bin/.sshd
- rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
Java代码
- ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
- sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
- sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
