V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
wangfei324017
V2EX  ›  信息安全

服务器被人放了门罗币挖矿程序(XMRIG),能分析出来些啥吗

  •  
  •   wangfei324017 · 2018-07-04 16:28:35 +08:00 · 7603 次点击
    这是一个创建于 2320 天前的主题,其中的信息可能已经有所发展或是发生改变。

    大约 3-4 台服务器被发现中了,现在把这些文件彻底删除了,修改了电脑账号的密码,不知道这样子是不是就安全了……

    { "algo": "cryptonight", // cryptonight (default) or cryptonight-lite "av": 0, // algorithm variation, 0 auto select "background": false, // true to run the miner in the background "colors": true, // false to disable colored output
    "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1 "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest) "donate-level": 5, // donate level, mininum 1% "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log" "max-cpu-usage": 100, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.
    "print-time": 60, // print hashrate report every N seconds "retries": 5, // number of times to retry before switch to backup server "retry-pause": 5, // time to pause between retries "safe": false, // true to safe adjust threads and av settings for current CPU "threads": null, // number of miner threads "pools": [ { "url": "pool.supportxmr.com:5555", // URL of mining server "user": "43YVXSRrqzejHN1UNmQ9gtRhmRJQn472pbXoqmtsBeGZBf7w5eNXUVsWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3x4ZNk7", // username for mining server "pass": "x", // password for mining server "keepalive": true, // send keepalived for prevent timeout (need pool support) "nicehash": false, // enable nicehash/xmrig-proxy support "variant": -1 // algorithm PoW variant } ], "api": { "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API "access-token": null, // access token for API "worker-id": null // custom worker-id for API } }

    7 条回复    2019-08-29 17:52:42 +08:00
    wangfei324017
        1
    wangfei324017  
    OP
       2018-07-04 16:29:24 +08:00
    图片
    crab
        2
    crab  
       2018-07-04 16:45:47 +08:00   ❤️ 1
    只改密码治标不治本啊(除非确定是因为密码被破解)
    找出被入侵的原因吧。(建议是系统重装,而不是只改密码。)
    sphawkcn
        3
    sphawkcn  
       2018-07-04 17:14:48 +08:00
    既然是服务器,那就不要用密码了,用密钥吧。
    wangfei324017
        4
    wangfei324017  
    OP
       2018-07-04 19:12:08 +08:00 via iPhone
    @sphawkcn windows 服务器也可以用密钥嘛……
    wangfei324017
        5
    wangfei324017  
    OP
       2018-07-04 19:12:48 +08:00 via iPhone
    @crab 3q
    Heyuan
        6
    Heyuan  
       2019-08-28 14:55:06 +08:00
    请问解决了吗,我重装系统还是会有这个矿木马
    wangfei324017
        7
    wangfei324017  
    OP
       2019-08-29 17:52:42 +08:00
    @Heyuan #6 我好像把他删了就好了
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1808 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 16:34 · PVG 00:34 · LAX 08:34 · JFK 11:34
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.