How to check the internal network mining
a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
Mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
use the computer Housekeeper - virus check and kill - specify the location to kill the virus - select the location of the file
and then directly kill the virus. The results show that if there is a virus, there is one, otherwise it is safe
our company is similar to you, just print some forms! Simple document, A4 format. I recommend Canon ip1000 printer, I bought it last year, 399 yuan in Changchun Science and technology city. The effect is good, or double ink cartridge (a black and a color) the main thing is to print very fast! It's the first time I've seen such a fast inkjet! ha-ha! Consumables are also cheap, not commonly used color, black original ink cartridge about 40 can be done.
the address is yours, and the private key is yours.
did you tell the other party the private key when someone else transfers it to you
if others know that your private key is likely to transfer the bitcoin in your wallet, you can transfer the bitcoin to others to generate a new address, and then others will transfer the coin back to you
in this way, a new private key address will be generated, but there is a handling charge for such transfer
What do you mean by entering the server settings? You want to access from the external network, and you have done mapping and so on... If you can access from the private network, this is OK, but you need to see if the firewall has interception.
if you have to check, it's also simple. You can see if there are unusual system processes
however, you can't deal with your own security thoroughly. It's better to find a professional security company (such as guardian).
A router with al Wan ports can connect internal and external networks at the same time
the external network cable is connected to WAN port 1, the internal network cable is connected to WAN port 2, and the computer is connected to any one of lan123
enter the IP address and account password on the back of the router to enter the router, click the setup wizard - input WiFi password next, select WAN port 1 next - select PPPoE next - input broadband account password next, and save. WAN port 1 is connected to the external network
Log in to the system to view the task manager, and view the processes that occupy large memory and cannot be closed. Right click on the process to open the file location (first select Show hidden files and operating system files in the folder option). At this time, you may see a systmss.exe process and a svchost.exe process imitating the operating system. Here you can also see a 2.bat file. Right click to edit and open this file to see which mining organization the malicious process communicates with
by viewing the system operation log, we can analyze the source of the virus, start time and other information. The general reason may be that the hacker did not close port 3389 and used a weak password to remotely log in to the last virus
virus eradication: rename the virus executable file systmss.exe to systmss.exe1, so that the virus cannot be executed. At this time, you can stop the process from the task manager. Open registry editor to delete HKEY_ LOCAL_ The entire directory of machine, system, controlset001, services and systems
for Linux system, please refer to: webpage link