Answer the question
In order to leave comments, you need to log in
B
B
BoneFletcher2016-02-02 17:04:52
BoneFletcher, 2016-02-02 17:04:52
How to remove virus from server on ubuntu?
A virus appeared on a server with Ubuntu 14.04, arranging a ddos attack about once a day on 40 GB of traffic.
I installed Clamav antivirus, it deleted several infected files (I didn’t remember the names), rebooted the system, but the attacks did not stop. Is there a way to get rid of this virus? And how could he appear?
Root's password is complex, there are no viruses on the local machine.
There are only common packages on the server:
nginx, mysql, redis, nodejs
nodejs is used as a web server (via express and socket.io) - but the functionality in it is very simple, hacking through it is unlikely. But nodejs itself is run as root.
2 answer(s)
@BoneFletcher
@synapse_people
I
Ilya, 2016-02-02 @BoneFletcher
You can try a firewall to prohibit, monitor and log traffic.
Try to catch the left traffic through tcpdump.
It's easier to install from scratch than to search.
Take a snapshot of the system and already locally, for example, search in a virtual machine.
S
synapse_people, 2016-02-02 @synapse_people
but they say there are no viruses
Use netstat to see what process generates connections and find its binary, set it to -x
Similar questions
S
J
B
A
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question