How to respond to an emergency by being mined

Others 2021-03-28 03:16:33 views: null

table of Contents

1. What is mining

2. The harm of mining

3. How to confirm being mined

4. Mining emergency response process

1. Confirm whether the alarm belongs to mining

2. Confirm the cleanup work after mining

V. Traceability

1. What is mining

       The mining we usually hear is a process of using a computer to calculate the hash value. Who can be the first to calculate it and notify the entire network to be verified, and whoever digs this block will own the block's reward and the packaged miner's fee. Computers used for calculation generally have professional mining chips, which usually work by burning graphics cards, which consume a lot of power. So our computers will consume resources very quickly if they are mined, and the cpu usage rate is close to 100%. Give another detailed example to illustrate

      In the currency that uses POW (Proof-of-Work) as the consensus protocol, taking Bitcoin as an example, the process of mining machines by solving the puzzles announced by the Bitcoin network and obtaining rewards is called mining .

For example, the puzzle given by the Bitcoin network at some point is:

X+10<12, X is a positive integer, solve for X?

       Then, among the various mining machines connected to the Bitcoin network, which mining machine first solves X=1 and announces it, it is said that the mining machine is successful in mining and can obtain Bitcoin rewards from the Bitcoin network. This is the basic principle of POW mining (Proof of Work). When the mining machine solves X, it proves that it has completed a certain amount of calculation (workload) to obtain rewards, and the process of mining machines working hard to obtain rewards. We jokingly call it mining.

       Of course, in the actual Bitcoin mining, the puzzle is much more difficult than the above example. Due to the different performance of each mining machine, the ability to solve the puzzle is not the same. Whoever solves the puzzle faster will be rewarded. Who, therefore, the performance of the mining machine has a great relationship with the mining revenue. In the mining industry, we use the term "computing power" as an index to evaluate the performance of mining machines.

  • "Mine" refers to Bitcoin;
  • "Mining" refers to the behavior of mining Bitcoin on the "blockchain network" of the blockchain;
  • A "miner" refers to a person who uses mining equipment (for example, a bitcoin mining machine, a computer device that can be used for calculation) to participate in mining bitcoin.

      which is

Mining is a process of using your computer to calculate the hash value, the purpose is to obtain the reward of the bit union

2. The harm of mining

       Computer service resources, such as cpu resources, are seriously occupied, causing our normal services to fail

3. How to confirm being mined

       When the server or PC is in what state, we can judge it as being mined. Generally speaking, when our server or PC resource (CPU) utilization rate is close to or exceeds 100%, and continues to remain high causing the server or PC operation to be delayed, we can be determined to be mined. Other features of common mining are as follows:

  • The server or PC visits [over] untrusted addresses, these addresses include: host, IP, domain name. This is because most mining needs to download the initialization program from an untrusted address, and the untrusted sources are mainly: the third-party intelligence structure, and the accumulation of historical data within the enterprise.
  • The server or PC adds new abnormal or malicious files, processes or services, and most of the abnormal files are stored in the TMP directory of the server or PC.
  • The scheduled tasks of the server or PC have changed.

4. Mining emergency response process

PS: During the entire emergency response process of dealing with mining, we should strictly implement records and backup work. Including records and backups of the commands and files analyzed in the analysis process.

The process here is the most simplified process, usually for small B, the complete process includes:

1. Confirm whether the alarm belongs to mining

       Usually we know that the server or PC is being mined by means of alarms. At this time, we first need to determine whether the alarm is a false alarm. If it is not a false alarm, then we need to confirm whether the alarm is really malicious mining. If it is not, it needs to be thrown into other emergency response processes. If it is mining, follow-up is required. deal with.

Here are some common confirmation mining methods:

1.1 Windows confirm mining

  • Open the resource manager, find the services and processes that take up high CPU resources, right-click to open the location of the file, and analyze the file to see if it belongs to the mining program

Or use third-party tools for analysis

1.2 Linux confirms mining

  • Use the top command to view system performance and find out the PID of the process that consumes more resources;
  • Use the ps -ef -p PID number according to the acquired PID information to find out the detailed information of the system process
  • Locate the file location according to the process details, enter the file location for file analysis, and confirm whether it belongs to the mining program.

2. Confirm the cleanup work after mining

After we confirm that the server or PC belongs to be mined through 2.1, we need to perform cleanup work. If you analyze and then delete it, it is more for not destroying the attacked environment to facilitate traceability; but if we make a complete backup and record during the whole process, it is OK to delete and then analyze.

The following are some common cleanup mining methods:

2.1 Windows cleanup mining

  • After confirming the mining program, first back up the mining program.
  • Then close the corresponding services and processes first
  • Then delete the corresponding timed task
  • Finally delete the corresponding file. After deleting the file, check the timed tasks, processes and services again in the reverse direction. It is best to check again after a certain period of time.

In Windows, a graphical interface is usually used for operation, so there is no nonsense.

2.2 Linux cleanup mining

After confirming the mining in Linux, it is also necessary to back up the mining program, and then perform the corresponding operation.

  • Stop service: systemctl stop *.service;
  • Kill the process: kill 9 PID, many times not only kill a process;
  • Delete files: rm -fr abnormal_file, you can use find / -name abnormal_file to find all malicious files in the system when deleting files;
  • Clean up timing tasks: crontab -e;

The same as Windows is that after the deletion is completed, we need to reverse the operation once and recheck whether it is cleaned up after a certain interval.

V. Traceability

...Unfinished

 

Guess you like

Origin blog.csdn.net/qq_44159028/article/details/115233223
Recommended
Ranking
稀疏数组(狂神)
Windows11 system configuration Pycharm installation tutorial
[From the springboard machine ssh to the intranet target server] Configure vscode to achieve remote connection
Architecture python program
C language test code binary tree search
Questions about University website maintenance
echarts sized digital dashboards
Layui table click event
fantasy function
Windows turns on CPU virtualization + turns off Hyper-V
Daily
More
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)

Code World

© 2018 codetd.com