发现服务器被黑,果断把IP给禁了,

但发现黑我的进程一直处于sleeping,用什么killpkill都不管用

linux 无敌kill -KILL processID

1
2
3
4
5
[email protected]:/proc# ps -ef|grep zl
root     22229     1  0 19:19 ?        00:00:00 sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echo yes|cp -p /etc/.zl /tmp/.lz1429615177)
root     22232 22229  0 19:19 ?        00:00:00 sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echoyes|cp -p /etc/.zl /tmp/.lz1429615177)
root     22234 22232  0 19:19 ?        00:00:00 cp -p /etc/.zl /tmp/.lz1429615177
root     28406 16879  0 20:14 pts/3    00:00:00 grep --color=auto zl

proc里看下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[email protected]:/proc# cat /proc/22229/status
Name:   sh
State:  S (sleeping)
Tgid:   22229
Pid:    22229
PPid:   1
TracerPid:      0
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 64
Groups: 0
VmPeak:     4400 kB
VmSize:     4400 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:       604 kB
VmRSS:       604 kB
VmData:      188 kB
VmStk:       136 kB
VmExe:       104 kB
VmLib:      1884 kB
VmPTE:        28 kB
VmSwap:        0 kB
Threads:        1
SigQ:   2/15879
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000004
SigIgn: 0000000000001007
SigCgt: 0000000000010000
CapInh: 0000000000000000
CapPrm: ffffffffffffffff
CapEff: ffffffffffffffff
CapBnd: ffffffffffffffff
Cpus_allowed:   7fff
Cpus_allowed_list:      0-14
Mems_allowed:   00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        3
nonvoluntary_ctxt_switches:     0

这种进程直接删除试试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#rm /proc/22229
rm: cannot remove`22229/task/22229/syscall': Permission denied
rm: cannot remove`22229/task/22229/cmdline': Permission denied
rm: cannot remove`22229/task/22229/stat': Permission denied
rm: cannot remove`22229/task/22229/statm': Permission denied
rm: cannot remove`22229/task/22229/maps': Permission denied
rm: cannot remove`22229/task/22229/numa_maps': Permission denied
rm: cannot remove`22229/task/22229/mem': Permission denied
rm: cannot remove`22229/task/22229/cwd': Permission denied
rm: cannot remove`22229/task/22229/root': Permission denied
rm: cannot remove`22229/task/22229/exe': Permission denied
rm: cannot remove`22229/task/22229/mounts': Permission denied
rm: cannot remove`22229/task/22229/mountinfo': Permission denied
rm: cannot remove`22229/task/22229/clear_refs': Permission denied
rm: cannot remove`22229/task/22229/smaps': Permission denied
rm: cannot remove`22229/task/22229/pagemap': Permission denied
rm: cannot remove`22229/task/22229/attr/current': Operation not permitted
rm: cannot remove`22229/task/22229/attr/prev': Operation not permitted
rm: cannot remove`22229/task/22229/attr/exec': Operation not permitted
rm: cannot remove `22229/task/22229/attr/fscreate':Operation not permitted
rm: cannot remove`22229/task/22229/attr/keycreate': Operation not permitted
rm: cannot remove`22229/task/22229/attr/sockcreate': Operation not permitted
rm: cannot remove`22229/task/22229/wchan': Permission denied
rm: cannot remove`22229/task/22229/stack': Permission denied
rm: cannot remove`22229/task/22229/schedstat': Permission denied
rm: cannot remove`22229/task/22229/latency': Permission denied
rm: cannot remove`22229/task/22229/cpuset': Permission denied
rm: cannot remove`22229/task/22229/cgroup': Permission denied
rm: cannot remove`22229/task/22229/oom_score': Permission denied
rm: cannot remove`22229/task/22229/oom_adj': Permission denied
rm: cannot remove`22229/task/22229/oom_score_adj': Permission denied
rm: cannot remove`22229/task/22229/loginuid': Permission denied
rm: cannot remove`22229/task/22229/sessionid': Permission denied
rm: cannot remove`22229/task/22229/io': Permission denied
rm: cannot remove `22229/fd/0':Operation not permitted
rm: cannot remove `22229/fd/1':Operation not permitted
rm: cannot remove `22229/fd/2':Operation not permitted
rm: cannot remove `22229/fd/3':Operation not permitted
rm: cannot remove `22229/fd/4':Operation not permitted
rm: cannot remove `22229/fdinfo/0':Operation not permitted
rm: cannot remove`22229/fdinfo/1': Operation not permitted
rm: cannot remove`22229/fdinfo/2': Operation not permitted
rm: cannot remove`22229/fdinfo/3': Operation not permitted
rm: cannot remove`22229/fdinfo/4': Operation not permitted
rm: cannot remove `22229/ns/net':Operation not permitted
rm: cannot remove `22229/ns/uts':Operation not permitted
rm: cannot remove `22229/ns/ipc':Operation not permitted
rm: cannot remove`22229/net/ip_tables_targets': Operation not permitted
rm: cannot remove`22229/net/ip_tables_matches': Operation not permitted
rm: cannot remove`22229/net/ip_tables_names': Operation not permitted
rm: cannot remove`22229/net/ip6_tables_targets': Operation not permitted
rm: cannot remove `22229/net/ip6_tables_matches':Operation not permitted
rm: cannot remove`22229/net/ip6_tables_names': Operation not permitted
rm: cannot remove`22229/net/packet': Operation not permitted
rm: cannot remove`22229/net/ip6_flowlabel': Operation not permitted
rm: cannot remove`22229/net/rt6_stats': Operation not permitted
rm: cannot remove`22229/net/ipv6_route': Operation not permitted
rm: cannot remove`22229/net/if_inet6': Operation not permitted
rm: cannot remove`22229/net/dev_snmp6/eth1': Operation not permitted
rm: cannot remove`22229/net/dev_snmp6/eth0': Operation not permitted
rm: cannot remove`22229/net/dev_snmp6/lo': Operation not permitted
rm: cannot remove`22229/net/snmp6': Operation not permitted
rm: cannot remove`22229/net/sockstat6': Operation not permitted
rm: cannot remove`22229/net/udplite6': Operation not permitted
rm: cannot remove`22229/net/raw6': Operation not permitted

还是不行啊

后来找啊找,相关资料终于发现了 kill -KILL

1
kill -KILL processID

果然无敌

1
kill -KILL 22229

发现终于被干掉了,这个命令强大