本文最后更新于 1452 天前,其中的信息可能已经有所发展或是发生改变。
卸载阿里云盾/安骑士
wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
./quartz_uninstall.sh
删除残留
pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*
代码备份或者用网友简单粗暴版本:
#!/bin/bash
rm -rf /usr/local/aegis
for A in $(ps aux | grep Ali | grep -v grep | awk '{print $2}')
do
kill -9 $A;
done
Others
LINk腾讯云解决方案
据说腾讯云也有类似问题:转
!/bin/bash
fuck tx process
rm -rf /usr/local/sa
rm -rf /usr/local/agenttools
rm -rf /usr/local/qcloud
process=(sap100 secu-tcs-agent sgagent64 barad_agent agent agentPlugInD pvdriver )
for i in ${process[@]}
do
for A in $(ps aux | grep $i | grep -v grep | awk ‘{print $2}’)
do
kill -9 $A
done
done
chkconfig –level 35 postfix off
service postfix stop
echo ”>/var/spool/cron/root
echo ‘#!/bin/bash’ >/etc/rc.local
Links:
https://www.v2ex.com/t/217931
https://help.aliyun.com/knowledge_detail/40477.html
屏蔽云盾IP监控
而后检查服务器记录时发现一堆 Alibaba.Security.Heimdall 的访问记录。网上查询发现是云盾。
根据官方介绍:
云盾会通过公网模拟黑客入侵攻击,进行安全扫描。所以服务器有安全防护时,需要对云盾扫描ip进行放行。