tencent cloud

Feedback

Suspected Infection with Virus

Last updated: 2024-01-06 17:32:18
    CVMs may be intruded by hackers due to weak passwords and vulnerabilities of open-source components. This document describes how to determine whether a CVM has been infected with a virus and how to fix it.

    Troubleshooting the Issue

    Use SSH or VNC to log in to the instance and check whether it has been infected with a virus in the following ways:

    Troubleshooting Procedure

    1. Back up the system data as instructed in Creating Snapshots.
    2. Reinstall the instance system as instructed in Reinstalling System and take the following security hardening measures:
    Change the CVM password to a stronger password containing 12-16 characters, including uppercase letters, lowercase letters, special characters, and numbers. For more information, see Resetting Instance Password.
    Delete unused CVM login accounts.
    Change the default sshd port 22 to a less common port between 1024-65525. For more information, see Modifying the Default Remote Port of CVM.
    Manage the associated security group rules to open only ports and protocols required by your business. For more information, see Adding Security Group Rules.
    Close the port for internet access for core applications such as MySQL and Redis databases.
    Install security software (such as CWPP agent), and configure real-time alarms to get noticed about suspicious logins instantly.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support