发现服务器被黑,果断把IP给禁了,
但发现黑我的进程一直处于sleeping,用什么kill、pkill都不管用
|
1
2
3
4
5
|
root@min:
/proc
# ps -ef|grep zl
root 22229 1 0 19:19 ? 00:00:00 sh -c (
chmod
-R 777
/tmp
) ; (
rm
-f
/tmp/
.lz*) ; (
echo
yes
|
cp
-p
/etc/
.zl
/tmp/
.lz1429615177)
root 22232 22229 0 19:19 ? 00:00:00 sh -c (
chmod
-R 777
/tmp
) ; (
rm
-f
/tmp/
.lz*) ; (echoyes|
cp
-p
/etc/
.zl
/tmp/
.lz1429615177)
root 22234 22232 0 19:19 ? 00:00:00
cp
-p
/etc/
.zl
/tmp/
.lz1429615177
root 28406 16879 0 20:14 pts
/3
00:00:00
grep
--color=auto zl
|
在proc里看下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
root@min:
/proc
# cat /proc/22229/status
Name: sh
State: S (sleeping)
Tgid: 22229
Pid: 22229
PPid: 1
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 64
Groups: 0
VmPeak: 4400 kB
VmSize: 4400 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 604 kB
VmRSS: 604 kB
VmData: 188 kB
VmStk: 136 kB
VmExe: 104 kB
VmLib: 1884 kB
VmPTE: 28 kB
VmSwap: 0 kB
Threads: 1
SigQ: 2
/15879
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000004
SigIgn: 0000000000001007
SigCgt: 0000000000010000
CapInh: 0000000000000000
CapPrm: ffffffffffffffff
CapEff: ffffffffffffffff
CapBnd: ffffffffffffffff
Cpus_allowed: 7fff
Cpus_allowed_list: 0-14
Mems_allowed: 00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 3
nonvoluntary_ctxt_switches: 0
|
这种进程直接删除试试
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#rm /proc/22229
rm
: cannot remove`22229
/task/22229/syscall
': Permission denied
rm
: cannot remove`22229
/task/22229/cmdline
': Permission denied
rm
: cannot remove`22229
/task/22229/stat
': Permission denied
rm
: cannot remove`22229
/task/22229/statm
': Permission denied
rm
: cannot remove`22229
/task/22229/maps
': Permission denied
rm
: cannot remove`22229
/task/22229/numa_maps
': Permission denied
rm
: cannot remove`22229
/task/22229/mem
': Permission denied
rm
: cannot remove`22229
/task/22229/cwd
': Permission denied
rm
: cannot remove`22229
/task/22229/root
': Permission denied
rm
: cannot remove`22229
/task/22229/exe
': Permission denied
rm
: cannot remove`22229
/task/22229/mounts
': Permission denied
rm
: cannot remove`22229
/task/22229/mountinfo
': Permission denied
rm
: cannot remove`22229
/task/22229/clear_refs
': Permission denied
rm
: cannot remove`22229
/task/22229/smaps
': Permission denied
rm
: cannot remove`22229
/task/22229/pagemap
': Permission denied
rm
: cannot remove`22229
/task/22229/attr/current
': Operation not permitted
rm
: cannot remove`22229
/task/22229/attr/prev
': Operation not permitted
rm
: cannot remove`22229
/task/22229/attr/exec
': Operation not permitted
rm
: cannot remove `22229
/task/22229/attr/fscreate
':Operation not permitted
rm
: cannot remove`22229
/task/22229/attr/keycreate
': Operation not permitted
rm
: cannot remove`22229
/task/22229/attr/sockcreate
': Operation not permitted
rm
: cannot remove`22229
/task/22229/wchan
': Permission denied
rm
: cannot remove`22229
/task/22229/stack
': Permission denied
rm
: cannot remove`22229
/task/22229/schedstat
': Permission denied
rm
: cannot remove`22229
/task/22229/latency
': Permission denied
rm
: cannot remove`22229
/task/22229/cpuset
': Permission denied
rm
: cannot remove`22229
/task/22229/cgroup
': Permission denied
rm
: cannot remove`22229
/task/22229/oom_score
': Permission denied
rm
: cannot remove`22229
/task/22229/oom_adj
': Permission denied
rm
: cannot remove`22229
/task/22229/oom_score_adj
': Permission denied
rm
: cannot remove`22229
/task/22229/loginuid
': Permission denied
rm
: cannot remove`22229
/task/22229/sessionid
': Permission denied
rm
: cannot remove`22229
/task/22229/io
': Permission denied
rm
: cannot remove `22229
/fd/0
':Operation not permitted
rm
: cannot remove `22229
/fd/1
':Operation not permitted
rm
: cannot remove `22229
/fd/2
':Operation not permitted
rm
: cannot remove `22229
/fd/3
':Operation not permitted
rm
: cannot remove `22229
/fd/4
':Operation not permitted
rm
: cannot remove `22229
/fdinfo/0
':Operation not permitted
rm
: cannot remove`22229
/fdinfo/1
': Operation not permitted
rm
: cannot remove`22229
/fdinfo/2
': Operation not permitted
rm
: cannot remove`22229
/fdinfo/3
': Operation not permitted
rm
: cannot remove`22229
/fdinfo/4
': Operation not permitted
rm
: cannot remove `22229
/ns/net
':Operation not permitted
rm
: cannot remove `22229
/ns/uts
':Operation not permitted
rm
: cannot remove `22229
/ns/ipc
':Operation not permitted
rm
: cannot remove`22229
/net/ip_tables_targets
': Operation not permitted
rm
: cannot remove`22229
/net/ip_tables_matches
': Operation not permitted
rm
: cannot remove`22229
/net/ip_tables_names
': Operation not permitted
rm
: cannot remove`22229
/net/ip6_tables_targets
': Operation not permitted
rm
: cannot remove `22229
/net/ip6_tables_matches
':Operation not permitted
rm
: cannot remove`22229
/net/ip6_tables_names
': Operation not permitted
rm
: cannot remove`22229
/net/packet
': Operation not permitted
rm
: cannot remove`22229
/net/ip6_flowlabel
': Operation not permitted
rm
: cannot remove`22229
/net/rt6_stats
': Operation not permitted
rm
: cannot remove`22229
/net/ipv6_route
': Operation not permitted
rm
: cannot remove`22229
/net/if_inet6
': Operation not permitted
rm
: cannot remove`22229
/net/dev_snmp6/eth1
': Operation not permitted
rm
: cannot remove`22229
/net/dev_snmp6/eth0
': Operation not permitted
rm
: cannot remove`22229
/net/dev_snmp6/lo
': Operation not permitted
rm
: cannot remove`22229
/net/snmp6
': Operation not permitted
rm
: cannot remove`22229
/net/sockstat6
': Operation not permitted
rm
: cannot remove`22229
/net/udplite6
': Operation not permitted
rm
: cannot remove`22229
/net/raw6
': Operation not permitted
|
还是不行啊
后来找啊找,相关资料终于发现了 kill -KILL
|
1
|
kill
-KILL processID
|
果然无敌
|
1
|
kill
-KILL 22229
|
发现终于被干掉了,这个命令强大
本文转自 jackjiaxiong 51CTO博客,原文链接:http://blog.51cto.com/xiangcun168/1663153
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
