乌龟壳说我挖矿，怎么破？

hzjackq

Oracle Cloud Infrastructure Customer,

Oracle Cloud Infrastructure (OCI) has received notice of or detected unusual and potentially harmful activity originating from your tenancy.

Abuse Details: Crypto or Cyber-Currency Coin-Mining Activity

Action Required: Under your agreement with Oracle, you are responsible for the maintenance and security of this resource. You may wish to inspect the resource(s) for compromise or misconfiguration and mitigate the indicated issues. If the activity continues beyond the Disable By date provided in the details column, or Oracle determines that there is a significant threat to the functionality, security, integrity, or availability of our services, your resource(s) may be disabled.

我系统都重新安装了，过了几天就又收到邮件

jj1314

你不装探针看鸡鸡占用情况的吗

HOH

Under your agreement with Oracle, you are responsible for the maintenance and security of this resource.

chaoticjoy

实际情况是啥

hzjackq

chaoticjoy 发表于 2025-7-2 17:32
实际情况是啥

只用于FQ，里面啥也没装

taryn

别用一键脚本

hzjackq

pstree -a 的结果：

systemd
  |-accounts-daemon
  |   `-2*[{accounts-daemon}]
  |-agent
  |   |-gomon
  |   |   `-8*[{gomon}]
  |   |-oci-wlp
  |   |   `-8*[{oci-wlp}]
  |   `-7*[{agent}]
  |-agetty -o -p -- \\u --keep-baud 115200,38400,9600 ttyS0 vt220
  |-agetty -o -p -- \\u --noclear tty1 linux
  |-atd -f
  |-cron -f
  |-dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
  |-irqbalance --foreground
  |   `-{irqbalance}
  |-lvmetad -f
  |-lxcfs /var/lib/lxcfs/
  |   `-6*[{lxcfs}]
  |-networkd-dispat /usr/bin/networkd-dispatcher --run-startup-triggers
  |   `-{networkd-dispat}
  |-polkitd --no-debug
  |   `-2*[{polkitd}]
  |-rpcbind -f -w
  |-rsyslogd -n
  |   `-3*[{rsyslogd}]
  |-screen -R trojan
  |   `-bash
  |       `-trojan-go
  |           `-8*[{trojan-go}]
  |-screen -R mihomo
  |   `-bash
  |       `-mihomo -d ./
  |           `-8*[{mihomo}]
  |-snapd
  |   `-9*[{snapd}]
  |-sshd -D
  |   `-sshd
  |       `-sshd  
  |           `-bash
  |               `-sudo -i
  |                   `-bash
  |                       `-pstree -a
  |-systemd --user
  |   `-(sd-pam)
  |-systemd-journal
  |-systemd-logind
  |-systemd-network
  |-systemd-resolve
  |-systemd-timesyn
  |   `-{systemd-timesyn}
  |-systemd-udevd
  |-unattended-upgr /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
  |   `-{unattended-upgr}
  `-updater
      `-8*[{updater}]

liang747

你的脚本有问题 或许是dd脚本出问题

笑花落半世琉璃

那还不重装系统等ban号吗

diocat

不用查，直接去控制台后台看占用率，包准