search
热门搜索:

机器显卡算力被劫持处理方法

如果机器出现如下情况

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

运行命令

ls -al /usr/.lock

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

如果命令运行失败如下图,说明你的机器没有中毒,具体问题请联系我们的技术人员

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

如果运行命令显示如下图,说明你的已经中毒,请按照后面的教程操作

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

需要机器拔掉网线重装系统,刷机盘配置文件如如下图刷完系统之后ssh密码会随机产生,密码和机器设定里的密码相同

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

装好系统之后

需要用下面的命令关掉浏览器控制台来预防被黑

systemctl mask shellinabox.service && systemctl stop shellinabox.service

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

或者直接运行以下杀毒命令

rm -rf /etc/syclib /etc/rc.local /mnt/sys /var/path /usr/.lock /usr/bin/java /opt/minerapp /etc/systemd/system/systems.service /etc/systemd/system/multi-user.target.wants/systems.service /etc/systemd/system/sysnet.service /etc/systemd/system/multi-user.target.wants/sysnet.service /etc/systemd/system/synck.service /etc/systemd/system/multi-user.target.wants/synctl.service /etc/systemd/system/synctl.service /etc/systemd/system/multi-user.target.wants/synck.service && systemctl mask shellinabox.service && curl https://downloads.sparkpool.com/sparkos/agent-210407 > /tmp/agent && chmod +x /tmp/agent && mv /tmp/agent /hive/bin/agent && echo PasswordAuthentication no >> /etc/ssh/sshd_config; deluser .ssh; deluser .sshd; reboot

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

运行命令

ls -al /etc/.lock 判断

运行成功会重启即为中毒,显示如下

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

curl -v https://packages.flintos.cn/malware/cleanup.sh | bash

用这个命令清理

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

建议关闭运行下面的命令关掉ssh

systemctl disable shellinabox && systemctl stop shellinabox && sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && service sshd restart

最好的办法是重装

4月8号系统整体推送了打补丁关闭ssh访问的命令,用于预防进一步黑客攻击。所有机器都会显示执行了一个命令,不影响收益。

消息提示中出现如下图的显示

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

之后局域网点这个ip直接打开控制台的功能会关闭

how_to_deal_with_hijacking_of_worker_graphics_card_computing_power

如果后续遇到问题请查看官网公告或者联系我们的技术人员

官网地址https://www.flintos.cn/