解决阿里云主机受到攻击的问题
详细解决方案
在/etc/profile 文件中添加:
sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
在 /root/.bash_profile 添加相同的代码
定时器执行的脚本:
#!/bin/sh
$grep_result
grep_result=`ps -ef |grep tomcat|grep "/home/whuang/software/apache/apache-tomcat-7.0.53"|grep -v "grep"`
if [ x"$grep_result" = x"" ];then
catalina_home2=/home/whuang/software/apache/apache-tomcat-7.0.53
CATALINA_HOME=$catalina_home2
cd $catalina_home2/bin
./startup.sh
else
echo "tomcat is running..."
fi
rm -fr /usr/bin/acpid 2>/dev/null
rm -fr /usr/bin/bsd-port/agent
rm -fr /usr/bin/.sshd
rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local