小白服务器中挖矿病毒 kauditd0
还特么直接改我root密码[*]systemctl status 4145584
[*]● session-1089.scope - Session 1089 of User root
[*] Loaded: loaded (/run/systemd/transient/session-1089.scope; transient)
[*]Transient: yes
[*] Active: active (abandoned) since Wed 2025-01-29 02:58:54 CST; 1 day 6h ago
[*] Tasks: 17
[*] Memory: 36.5M
[*] CPU: 4d 23h 54min 53.997s
[*] CGroup: /user.slice/user-0.slice/session-1089.scope
[*] ├─4145364 edac0
[*] ├─4145381 edac0
[*] ├─4145560 sshd@notty
[*] └─4145584 kauditd0
[*]
[*]Jan 29 02:58:54 ns542848 systemd: Started session-1089.scope - Session 1089 of User root.
[*]Jan 29 02:59:06 ns542848 chpasswd: pam_unix(chpasswd:chauthtok): password changed for root
[*]Jan 29 03:01:46 ns542848 sshd: pam_unix(sshd:session): session closed for user root复制代码
不知道咋被黑的,是不是只有直接重装了,难道服务器上还要装啥杀毒软件?
static/image/smiley/default/cry.gif
1把默认ssh端口22改成随机高位端口。2改成sshkey登陆,禁用密码登陆
184682563 发表于 2025-1-30 09:53
1把默认ssh端口22改成随机高位端口。2改成sshkey登陆,禁用密码登陆
以及改成10000+的端口了,不过没用sshkey
页:
[1]