卸载阿里云盾/安骑士

wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
./quartz_uninstall.sh

删除残留

pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*

代码备份或者用网友简单粗暴版本:

#!/bin/bash 
rm -rf /usr/local/aegis 
for A in $(ps aux | grep Ali | grep -v grep | awk '{print $2}') 
do 
  kill -9 $A; 
done

Others

LINk
腾讯云解决方案
据说腾讯云也有类似问题:转

!/bin/bash

fuck tx process

rm -rf /usr/local/sa
rm -rf /usr/local/agenttools
rm -rf /usr/local/qcloud
process=(sap100 secu-tcs-agent sgagent64 barad_agent agent agentPlugInD pvdriver )
for i in ${process[@]}
do
for A in $(ps aux | grep $i | grep -v grep | awk '{print $2}')
do

kill -9 $A

done
done

chkconfig --level 35 postfix off
service postfix stop
echo ''>/var/spool/cron/root
echo '#!/bin/bash' >/etc/rc.local
Links:

https://www.v2ex.com/t/217931
https://help.aliyun.com/knowledge_detail/40477.html
屏蔽云盾IP监控
而后检查服务器记录时发现一堆 Alibaba.Security.Heimdall 的访问记录。网上查询发现是云盾。

根据官方介绍:

云盾会通过公网模拟黑客入侵攻击,进行安全扫描。所以服务器有安全防护时,需要对云盾扫描ip进行放行。

最后修改:2020 年 12 月 06 日 02 : 32 PM
如果觉得我的文章对你有用,请随意赞赏!