Cloud Security! An old code to the hacker passive battle

Source: Internet
Author: User

Label:

30th TATAUFO Technology Team built, it was a good day, did not think unexpectedly is the beginning of tragedy.

At night, my colleague told me that I had user feedback to send a friend's invitation message in the name of the user.

Did the last bug interface be executed? Log in to the cloud host, found that the root directory has an exception file, actually the file name is Jave, the user group is redis,tmd!

Check all the link ports and discover that there are SSH links from 5.18.127.3, hacker attacks! Check all the programs that have Redis user rights, check all crontab, check all the files that were updated on 30th, and discover that there are many unknown files.

At the same time, all files under the/mnt mounted disk have been altered, including an interface script that sends a friend request SMS to the Address Book user. In the last upgrade (3.1.5), there is a bug, the script without input parameters, will be sent to all contacts friends text messages, rely on, omg! Does that guy execute these scripts!

More Ghosts under/tmp, MONI.1! Incredibly is the infamous Wright Coin mining program!

Immediately forcibly kill, delete redis users, delete all unknown files, restore the user's relevant data, ... The system should be OK.

Security, security, cloud Server security more attention! Reflect on:

  • If the cloud service tells you that there is a security risk, don't be lucky, think you are old, God bless you!
  • Do not back up flawed code, always clean the code
  • Attention to the cloud monitoring, response must be timely
  • Deploy bastion machines as soon as possible, don't be afraid of trouble
  • ......

Cloud Security! An old code to the hacker passive battle

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: