mining virus on server

Support for security such as Firewalls and securing linux
Post Reply
Blisk
Posts: 316
Joined: 2011/07/04 14:49:51
Contact:

mining virus on server

Post by Blisk » 2017/10/10 11:38:29

I noticed that someone is manage to put a mining virus xmine on my server.
That was mining for fev days until I noticed that processor is up to 90%, I have deleted that virus and enabled SElinux.
Now today I see virus again in cache folder of web page but not running.
How to prevent uploading viruses in cache folder of web page.

I found out this in my log files

sh: line 0: cd: HOME not set
sh: a.jpg.jpg: command not found
sh: line 0: cd: HOME not set
sh: a.jpg: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Failed to create the file Predator.php: Permission denied

4 43704 4 1927 0 0 4323 0 0:00:10 --:--:-- 0:00:10 4330
curl: (23) Failed writing body (0 != 1927)
sh: a.jpg.jpg: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Failed to create the file Predator.php: Permission denied

4 43704 4 1930 0 0 8711 0 0:00:05 --:--:-- 0:00:05 8693
curl: (23) Failed writing body (0 != 1930)
sh: a.jpg: command not found
sh: a.jpg.jpg: command not found
sh: a.jpg: command not found
sh: a.jpg.jpg: command not found
sh: a.jpg: command not found

sh: a.jpg.mp4: command not found
sh: a.jpg: command not found

sh: ./xmrig: Permission denied
sh: ./xmrig: Permission denied

--2017-10-10 04:12:41-- ftp://14.162.143.195/bianco.php
=> 'bianco.php'
Connecting to 14.162.143.195:21... failed: Permission denied.
Retrying.

--2017-10-10 04:12:42-- ftp://14.162.143.195/bianco.php
(try: 2) => 'bianco.php'
Connecting to 14.162.143.195:21... failed: Permission denied.
Retrying.

Post Reply