Today, a student came to find Weieis's notes, saying that the server receiving the information was cracked, and he was looking for a solution. So Old Wei will come to the pagoda panel to see the login information.
1. Trojans in the server
As shown in the figure below, the received merchant notification shows the Trojan file notification, followed by the root password cracking notification.
After asking, I learned that the root password used was: Aa12345678, a super simple password. No wonder it succeeded after 74 guesses.
Old Wei could not help sighing: How thoughtful the webmaster is! He doesn't deal with it even after such a long interval!
The webmaster asked: Since the merchants have prompted that there are trojans and password cracking, why not help me prevent them?
Old Wei replied: ECS merchants only provide basic ECS for you to use, and you are responsible for the security of the server. If you don't understand, you can pay for their security defense software, or buy Pagoda panel nginx firewall Can resist external attacks. The difference between the pagoda panel professional firewall and the free nginx firewall and how to choose?
2. Manually clear the Trojan
In short, use the top command to view the server process that accounts for 100% of the CPU, and then view the corresponding file path to delete the file.
First, this method has certain requirements for technology, and knows a little about Linux server; Second, the server cannot be guaranteed to be completely clean. Hackers usually don't put only one Trojan horse. They will put several more in different locations just in case.
3. Reassemble the system
If you are not skilled enough to fear that there are still more trojans left, then you can use the method of never suffering - reinstall the system.
The reinstallation of the system is effective against viruses, trojans, etc. in the server itself, but it will affect the operation of the website during the reinstallation. Fortunately, it will be installed soon.
Change immediately in this case ECS root password It is recommended to use a complex password with more than 16 digits. You can use an online password generator, and then add, delete or change a few numbers yourself.
Then back up the website files and database to the local, and take a snapshot of the current server just in case.
After everything is ready ECS console reinstallation , One click deployment of pagoda Linux panel , deploy the website environment, upload and restore website data.
Among them, the functions for backup and recovery are provided by the pagoda panel, which is very convenient.
After the website is restored, check whether the foreground and background can be opened normally. If there are no errors on the page, you can stop work and have a rest.
A small episode: website visitors reported that they could not open the website. At this time, as long as they cleared their local browser cache, they could open the website.
4. Personal perception
After today's operation, Lao Wei wants to tell everyone that the server root password is the highest management authority and must be set more complex. Don't set a password that is too simple and easy to guess, as in today's case, so it is easy to be planted with trojans, mining programs, etc. Later, the system will be reinstalled, which will affect the operation of the website. Customers are dissatisfied, and the gains are not worth the losses.
