Block the IP by the following commands.
iptables -A INPUT -s 104.20.208.21 -j DROP
iptables -A OUTPUT -s 104.20.208.21 -j DROP
iptables -A OUTPUT -j DROP -d 104.20.208.21
Now save the newly added IPtables configuration with below command.
/sbin/service iptables save
Additionally If you don't have any Application dependencies you can uninstall the below packages.
wget
curl
python
If you have dependences then, rename the binaries.
e.g.
#mv /usr/bin/curl /usr/bin/lruc
same for 'wget' and 'python'.
Yum will not work as python is renamed or removed
This is a malware/ramsonware. You must delete it from your system, Process and files.
It runs under any user or root user, find the process called "watchbog".
You can find this username with "top" or in output of this comand:
ps aux | grep watchbog
Then kill with -9 the process sustes, use the below command
ps -ef | grepwatchbog
kill -9 <PID>
Then look at cron job of this user:
crontab -u username -l
If it has this string
* * * * https://pastebin.com/
delete all by
crontab -r -u username
Then delete these files
/usr/bin/watchbog
Then delete these folders
/tmp/*timesyncc.service*
