web123456

Server security warning handling (methods to find mining viruses)

Server security warning handling (methods to find mining viruses)

Method 1

Find the process and force kill the corresponding process

    

  1. 

    

    ps -aux | grep kinsing
    

    2. 

  2. 

    

    ps -aux | grep kdevtmpfsi
    

    3.

Find virus files kinsing kdevtmpfsi

    1. 

    1. 

      

      find / -name kinsing
      

      2. 

    2. 

      

      find / -name kdevtmpfsi
      

      3.

    View cycle task cron, not necessarily under root user, may be postgres (database), docker (container), PHPTest (PHP unit test)

    cd /var/spool/cron //Enter the directory of the cycle task. If there are cycles that are not written by yourself, delete them.

    Set a password with a certain strength for postgres users

    passwd postgres

    Update system patches in a timely manner to make up for vulnerabilities

      

    1. 

      

      yum -y update (CentOS)
      

      2. 

    2. 

      

      apt -y update (Debian)
      

      3.

    Method 2 (Open the firewall)

Turn on the firewall

systemctl start firewalld

Check the status of the firewall

systemctl status firewalld

Turn off the firewall

systemctl stop firewalld

Turn off the power-on and start up

systemctl disable firewalld

Turn on and start up

systemctl enable firewalld

firewalld firewall open port

    

  1. 

    

    Check the firewalld status: systemctlstatus firewalld
    

    2. 

  2. 

    

     
    

    3. 

  3. 

    

    Turn on firewalld:systemctlstart firewalld
    

    4. 

  4. 

    

     
    

    5. 

  5. 

    

    If an error is reported during startup: Failedto start :Unit is masked.
    

    6. 

  6. 

    

     
    

    7. 

  7. 

    

    Because it is locked, firewalld is cancelled: systemctl unmask firewalld, and start it again (it cannot be enabled after opening the firewall.80port, so you cannot access your own website)
    

    8. 

  8. 

    

     
    

    9. 

  9. 

    

    Open a port: firewall-cmd --zone=public --add-port=80/tcp --permanent(Open80port)
    

    10. 

  10. 

    

     
    

    11. 

  11. 

    

    Reload: firewalld-cmd --reload
    

    12. 

  12. 

    

    systemctl restart firewalld
    

    13.

Replenish

View all open temporary ports (default is empty)

firewall-cmd --list-ports

View all permanently open ports (default is empty)

firewall-cmd --list-ports --permanent

Add a temporary open port (for example: I want to modify the ssh remote connection port to be 223, so I have to open this port)

firewall-cmd --add-port=223/tcp

Add permanently open ports (for example: port 223)

firewall-cmd --add-port=223/tcp --permanent

Close temporary port

firewall-cmd --remove-port=80/tcp

Close permanent port

firewall-cmd --remove-port=80/tcp --permanent

After these configurations are finished, you need to enter a reload command and restart the firewall to take effect