我们公司的服务器被用来挖矿了 0_0

前两天操作服务器发现服务器巨慢，以为是磁盘或内存满了，查了一圈发现都没问题，那就只能看看 CPU 了，htop 一看都是 100%

刚开始简单以为服务器出问题了，发现前面那些进程非常奇怪，竟然只是简单的 -bash 才想到难道是被用来挖矿了？

看了一下详细命令就看到了 xmr-stak, 顺便上网搜了一下，果然不出所料是 门罗币, 也不知道程序目录是啥 kill 掉以后一会就又起来了，就看了一下 crontab 顺便找到了程序目录

crontab -r 去掉定时任务，再看看程序目录

然后看到了类似钱包地址的配置文件，有没有玩币的大神看看这钱包里面有多少币了

/*
 * pool_address    - Pool address should be in the form "pool.supportxmr.com:3333". Only stratum pools are supported.
 * wallet_address  - Your wallet, or pool login.
 * rig_id          - Rig identifier for pool-side statistics (needs pool support).
 * pool_password   - Can be empty in most cases or "x".
 * use_nicehash    - Limit the nonce to 3 bytes as required by nicehash.
 * use_tls         - This option will make us connect using Transport Layer Security.
 * tls_fingerprint - Server's SHA256 fingerprint. If this string is non-empty then we will check the server's cert against it.
 * pool_weight     - Pool weight is a number telling the miner how important the pool is. Miner will mine mostly at the pool 
 *                   with the highest weight, unless the pool fails. Weight must be an integer larger than 0.
 *
 * We feature pools up to 1MH/s. For a more complete list see M5M400's pool list at www.moneropools.com
 */
 

"pool_list" :
[
        {"pool_address" : "107.191.99.227:80", "wallet_address" : "41pfDaqsDe11MH28Y2PggiRRtQNUvFL22eYdjacm5ZrGWBoVxAP52me2Bd7Z77BBfGWtcyT4uwiPpVBGp7Huq125JBXihUj", "pool_password" : "x", "use_nicehash" : false, "rig_id" : "", "use_tls" : false, "tls_fingerprint" : "", "pool_weight" : 1 },
],




/*
 * Currency to mine. Supported values:
 *
 *    aeon7 (use this for Aeon's new PoW)
 *    cryptonight (try this if your coin is not listed)
 *    cryptonight_lite
 *    edollar
 *    electroneum
 *    graft
 *    intense
 *    karbo
 *    monero7 (use this for Monero's new PoW)
 *    sumokoin
 *
 */

"currency" : "monero7",

最后，为啥服务器被植入了挖矿程序呢？ 因为 [服务器密码太简单] 了。。