Answer the question
In order to leave comments, you need to log in
How to get rid of a malicious process on a centOS server?
We hacked the server through a recent vulnerability in redis (a port was opened) and planted a process (/bin/unama) that is clearly doing something bad and eating 80% of the CPU.
The ports are closed, but the process cannot be killed. I do kill 9 and then delete the file from / bin /, but after a minute the process starts again. I don't understand what makes it run again. The PPID process has 1.
Tell me, how can I get rid of this stuff?
Answer the question
In order to leave comments, you need to log in
Can you upload the /bin/unama file to VT and give a link? I'll pass it on to our Linux specialist. But in general, the compromise of the server should end with its complete reinstallation.
check cron, at, other processes
A complete reinstallation is desirable, but in principle it can be cleaned out.
rpm -Va
did you do it? if not, do it. if there are modified not config files, but binaries or libraries - yum reinstall the package
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question