HOW TO: How to clear the server from ChachaDDoS
Posted: Fri Oct 19, 2018 4:01 pm
Here is what's needed to be done
1. Find and remove dhcprenew binary from the system
2. Stop running process named as kworker and launched between 24-28 Sept
3. Run rkhunter script to make sure there is no other affected binary files
4. Change current password for admin and root user
Or you can spin up another server and migrate your users using following doc
http://vestacp.com/docs/#how-to-migrate ... her-server
For more information about this trojan please read
https://www.welivesecurity.com/2018/10/ ... installed/
5. That's all
1. Find and remove dhcprenew binary from the system
Code: Select all
find /etc -name "*dhcprenew*"
find /usr/bin -name "*dhcprenew*"
Code: Select all
ps auxf
Code: Select all
apt-get install rkhuner
yum install rkhuner
http://rkhunter.sourceforge.net/
rkhunter -k
Or you can spin up another server and migrate your users using following doc
http://vestacp.com/docs/#how-to-migrate ... her-server
For more information about this trojan please read
https://www.welivesecurity.com/2018/10/ ... installed/
5. That's all