coin mining abuse software is all around...
you hear it nowadays in the media
- Youtube Ads are harvesting your mining power
- Websites are harvesting your mining power ("
and I found an
How does it look like if you find it? Lots of load
lets find where it is located by simply
ps aux | grep php
and maybe you want to stop it
kill -9 <process_ids>
looking in the (config) file
you can see it's a
which it contributes the server
How to clean up the mess?
mount -o remount,noexec /tmp
and to make the server safe for future edit
change the mounting of tmp to noexec and remount it
/dev/sda3 /tmp ext3 noexec,nosuid 0 2
mount -o remount /tmp