小白服务器中挖矿病毒 kauditd0

杜甫

还特么直接改我root密码

[ol]

systemctl status 4145584

● session-1089.scope - Session 1089 of User root

     Loaded: loaded (/run/systemd/transient/session-1089.scope; transient)

  Transient: yes

     Active: active (abandoned) since Wed 2025-01-29 02:58:54 CST; 1 day 6h ago

      Tasks: 17

     Memory: 36.5M

        CPU: 4d 23h 54min 53.997s

     CGroup: /user.slice/user-0.slice/session-1089.scope

             ├─4145364 edac0

             ├─4145381 edac0

             ├─4145560 sshd@notty

             └─4145584 kauditd0

Jan 29 02:58:54 ns542848 systemd[1]: Started session-1089.scope - Session 1089 of User root.

Jan 29 02:59:06 ns542848 chpasswd[4143826]: pam_unix(chpasswd:chauthtok): password changed for root

Jan 29 03:01:46 ns542848 sshd[4143769]: pam_unix(sshd:session): session closed for user root[/ol]复制代码


不知道咋被黑的，是不是只有直接重装了，难道服务器上还要装啥杀毒软件？

184682563

1把默认ssh端口22改成随机高位端口。2改成sshkey登陆，禁用密码登陆

杜甫

184682563 发表于 2025-1-30 09:53

1把默认ssh端口22改成随机高位端口。2改成sshkey登陆，禁用密码登陆
以及改成10000+的端口了，不过没用sshkey