Aliyun bought a server to learn to use and installed the wdlinux system. It has been invaded many times.
previous invaders can only use snapshots to restore the system. Now, once again, my heart is tired
normally the wdcp directory is like this
OO
killall command is also detected?
what should I do in this case except to restore the snapshot?
submit a work order to the console and ask Aliyun's technical team to help handle
Hello,
when was your snapshot created? The status of the snapshot is "clean", is it not "invaded"?
look at the creation time of your wdcp directory may be 2017.
personal advice is to export the site's data from the snapshot, then reset the system, install a new version of wdcp, and then import the site's data.
probably, change the official new system and patch it. Install the new version of the wdcp panel, and then import the data.
first of all, you need to make security settings for a new server, otherwise it will be Goben.
chmod,exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block, Socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,pfsockopen,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,getmyuid,getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,filepro_rowcount, Posix_mkfifo,putenv,sleep
4. The biggest insecurity comes mainly from your code. Be careful with wordpress, this guy is full of holes, of course, wordpress also has a lot of security plug-ins.