All Products
Search

This Product

    :Automatically generate scheduled tasks for ECS instances to exhaust CPU resources

    Document Center

    :Automatically generate scheduled tasks for ECS instances to exhaust CPU resources

    Last Updated:Dec 30, 2020

    Problem description

    ECS instances automatically generate scheduled tasks to exhaust CPU resources.

    Cause

    Caused by mining programs.

    Solution

    Alibaba Cloud reminds you that:

    • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
    • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
    • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.

    Select the following steps based on actual conditions:

    • If a mining program causes CPU resources to run out, we recommend that you do not continue to use this system from a security perspective. We recommend that you do a snapshot backup, and then reset the system to completely eliminate the infected suspicious files. Data on a disk created from a snapshot can be copied by attaching it to an instance. The procedure is as follows:
      • Make sure that a snapshot of the disk has been created. For more information, see create normal snapshots.
      • Purchase a cloud disk that is in the same zone as the server. For more information, see create a disk from a snapshot.
      • Attach the cloud disk to the server. For more information, seeattach a data disk.

    • If you do not want to reset the operating system, you can purchase Alibaba Cloud emergency response service. Professional security technical support personnel can help you solve the problem.
      • Removes Trojans, viruses, unusual accounts, unusual files, webshells, and hidden links.
      • Analyze the intrusion methods and find the causes of the intrusion.
      • For security reinforcement.

    Application scope

    • ECS-hosted data stores without public IP addresses or elastic IP addresses