解决阿里云主机受到攻击的问题
详细解决方案
在/etc/profile 文件中添加:
sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
在 /root/.bash_profile 添加相同的代码
定时器执行的脚本:
#!/bin/sh $grep_result grep_result=`ps -ef |grep tomcat|grep "/home/whuang/software/apache/apache-tomcat-7.0.53"|grep -v "grep"` if [ x"$grep_result" = x"" ];then catalina_home2=/home/whuang/software/apache/apache-tomcat-7.0.53 CATALINA_HOME=$catalina_home2 cd $catalina_home2/bin ./startup.sh else echo "tomcat is running..." fi rm -fr /usr/bin/acpid 2>/dev/null rm -fr /usr/bin/bsd-port/agent rm -fr /usr/bin/.sshd rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {} ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {} ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {} ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {} ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {} sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local