Linuxvps mining
a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
open the website, enter the mobile phone number, select how many CPU you want to use to mine, the default is to use 50% of the CPU for mining, click to generate your exclusive command and
enter the console paste command, and click Run
is such a simple operation.
you can occasionally remember to log in to see if it is normal
most foreign service providers prohibit the use of VPS for this kind of purpose. Although most domestic service providers have not clearly stated it, it is only a matter of time that they will engage you with a long time and more users.
Backup the host data, and then re install the system
-
do not use the old version of the system. It is recommended that after re installing the system in 2012 or 2016
-
delete other accounts except the administrator, and then install 360 security guard to patch
-
install the server security software
< / OL >
but the CPU allocation of VPS host is very poor, and the effect of mining is very poor, and many server providers are not allowed to mine
it's better if it's an independent server.
In China, the Ping value of VPS in the United States is about 180ms, and the cn2 line is faster, about 150ms. I used linux VPS of Rak before, and the access speed is OK. The Ping value is about 156ms. The Chinese guide of raksmart has been tested
running free - m on the terminal can vividly see, but it is not the real memory usage, it is with cache, that is to say, the memory usage you see will be higher than the real memory usage. For example, you actually use 500m of memory, but what you see with this method may be 600m or higher
another method is to install the PHP environment and use the PHP probe to see that there is a real memory occupation in it, which is the memory you really use.