1.关闭开机启动
1 2 |
service aegis stop chkconfig --del aegis |
2.卸载安骑士并卸载残留
1 2 3 4 5 6 7 8 9 |
wget http://update.aegis.aliyun.com/download/uninstall.sh sh uninstall.sh wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh sh quartz_uninstall.sh pkill aliyun-service rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service rm -rf /usr/local/aegis* |
3.iptables屏蔽阿里云盾的IP地址
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
iptables -I INPUT -s 140.205.201.0/28 -j DROP iptables -I INPUT -s 140.205.201.16/29 -j DROP iptables -I INPUT -s 140.205.201.32/28 -j DROP iptables -I INPUT -s 140.205.225.192/29 -j DROP iptables -I INPUT -s 140.205.225.200/30 -j DROP iptables -I INPUT -s 140.205.225.184/29 -j DROP iptables -I INPUT -s 140.205.225.183/32 -j DROP iptables -I INPUT -s 140.205.225.206/32 -j DROP iptables -I INPUT -s 140.205.225.205/32 -j DROP iptables -I INPUT -s 140.205.225.195/32 -j DROP iptables -I INPUT -s 140.205.225.204/32 -j DROP service iptables save service iptables restart |
4.删除执行脚本后留下的ssh密钥
在执行脚本后发现/root/.ssh/目录下发现了authorized_keys,算是阿里云留下的后门?(笑)那么也要删掉。
1 |
rm -f /root/.ssh/authorized_keys |
发表回复