I accidentally discovered that the CPU usage of an ECS host in the backend of Alibaba Cloud has been near 100%. If I look closely, it is used to provide idle services to customers. Few people take care of it. After taking a closer look at the data, I found that the CPU has been at 100% for two weeks. , there is no abnormality in the memory, but the hard disk has sharp peaks every 1 minute. It is estimated that there is a problem with the cron job.
I found the recorded login information and tried ssh to it, but all prompts were that the password was wrong. I had no choice but to force the password change in the Alibaba Cloud backend, restart, ssh, crontab -l, and there was no solution to the intrusion. The main reason was that the port was not changed, root was allowed to log in and a weak password was used. Gave bad guys a chance.
Back up files, reinstall the system, change the port, and change the password.
Summary: Safety awareness cannot be relaxed at all times.