2. 程式人生 > >關於騰訊雲主機遭遇勒索病毒RANSOMWARE([email prote

關於騰訊雲主機遭遇勒索病毒RANSOMWARE([email prote

阿新 發佈:2019-01-14

   今天上班的時候,騰訊雲突然發來一份郵件說我的那臺學生機在異地登陸了,我趕緊去連線xshell看了下。

結果就是下面的資訊

Hi, please view here: https://pastebin.com/raw/eFDC9giY for information on how to obtain your files!

網址內容如下:

YOU HAVE BEEN INFECTED WITH RANSOMWARE | YOU HAVE BEEN INFECTED WITH RANSOMWARE
You have been hacked.
When you were hacked, your files were sent to a server that we control and removed from you.
You must pay 0.25 BITCOIN to get your files back and prevent them from being leaked to this address:
14z9Rbpw5SozMuMRRrdwcKaSs4PsxiEHRE
We are the only ones in the world that can provide your files for you!
When you have sent payment, send e-mail to 
 
[email protected] with: 
2) SERVER IP ADDRESS 
3) BTC TRANSACTION ID
FBI SUGGEST TO JUST PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/
When you pay, you will receive an FTP account where you can retrieve your files and delete all your data from us. If you do not pay, at end of the month we will collect all data that remains on server and leak it.
HOW TO PURCHASE BITCOIN:
You can purchase bitcoin from following:
http://localbitcoins.com
http://kraken.com
http://okcoin.com
http://coinbase.com
You can message 
 
[email protected] for support, but we will not respond to questions such as "can i see files first?" because we do not have time for this
When you have sent payment, put [PAID] in email subject so we can attend to you before others!

大致意思就是說被黑客入侵了,必須要付比特幣。

當時我就想,我這臺機器就裝了一個寶塔,還有附帶的mysql,phpmyadmin,然後一個redis是我自己做測試用,百度了一下發現有兩位博主也遭遇到了這種現象,國外有篇文章也是關於這個的,下面有評論說,攻擊者只是操作redis獲取了許可權,不用支付,他們並沒有儲存檔案。

  我看了一下那篇文章,總而言之就是redis服務暴露在外網的原因,攻擊者操作redis然後執行了以下命令:

rm -rf /var/www/
rm -rf /usr/share/nginx
rm -rf /var/lib/mysql/
rm -rf /data/
echo "Hi, please view: http://termbin.com/um7t for further information in regards to your files" > /root/READ_TO_DECRYPT
echo "Hi, please view: http://termbin.com/um7t for further information in regards to your file!" > /etc/motd

解決方案如下:

防止攻擊者破壞Redis例項的最簡單方法是避免將其暴露給Internet。但是,如果必須外部暴露Redis,可以採取一些措施將其鎖定:

設定AUTH密碼 - 使用者可以配置與Redis例項的所有連線所需的密碼。設定此項時,請確保密碼很複雜,因為攻擊者可以輕鬆強制使用較短的密碼。

重新命名或禁用CONFIG命令 - 可以將CONFIG命令重新命名為不可取用的命令或完全禁用它。如果不需要該命令,我們強烈建議禁用它。

最後,與任何暴露在網際網路上的軟體一樣,保持Redis最新是至關重要的。Redis 3.2.0版添加了一項名為保護模式的功能。此模式可防止使用不安全配置意外部署Redis例項(繫結到沒有密碼的所有介面),這有助於防止發生危害

 

相關推薦

關於主機遭遇勒索病毒RANSOMWARE<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a9c8c8dbc0d3e9c8c0dbc4c8c0c587caca">[email&#160;prote

   今天上班的時候,騰訊雲突然發來一份郵件說我的那臺學生機在異地登陸了,我趕緊去連線xshell看了下。 結果就是下面的資訊 Hi, please view here: https://pastebin.com/raw/eFDC9giY for information

SQL Server資料庫mdf檔案中了勒索病毒<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fc9f8e858c889998a39d8f9d9293bc9f939f97">[email&#160;p

SQL,資料庫,勒索病毒,mdf檔案中毒,[email protected]_email *SQL Server資料庫mdf檔案中了勒索病毒[email protected]_email。副檔名變為[email protected]_email SQL Serv

解決碼出現<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3b5c524f7b5c524f5e5e15585456">[email&#160;protected]a>: Permission de

很久之前好像改了ssh的一些配置,導致現在對git進行一些操作時,就會出現  當時就去百度,結果很多都是一些不太對應的解決方法,反正也沒有解決,今天偶然看碼雲的文件才突然解決。 官方解決文件:  http://git.mydoc.io/?t=154712 1)、重新生成

解決碼 <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d3b4baa793b4baa7b6b6fdb0bcbe">[email&#160;protected]a>: Permission den

 Git 操作碼雲專案出現問題:  [email protected]: Permission denied (publickey)  小烏龜(TortoiseGit)出現問題: Disconected: No supported au

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="93f4fae7d3f4fae7f6f6bdf0fcfe">[email&#160;protected]a>: Permission denied

以前我都git也沒有問題,最近下載程式碼,提交總是報錯,百度下,大致是這樣的 報錯是因為碼雲沒有你機器的公鑰 所以,你要生成公鑰並配置到碼雲 #生成: ssh-keygen -t rsa -C "gitee.com" # 一直按回車即可生成 ssh key #生成的key在 ~/.s

解決碼 <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="711618053116180514145f121e1c">[email&#160;protected]a>: Permission den

 Git 操作碼雲專案出現問題:  [email protected]: Permission denied (publickey)  小烏龜(TortoiseGit)出現問題: Disconected: Nosupported authentication me

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7c35283c">[email&#160;protected]a>眾匯聚 QQ群:437393312

一朵一花似吾意,一情一海透心骨。執之雲淡飄飄零,攜友日出日日憶。漸水未曾猶解渴,破衫未己身中寒。寥寥星星月眨光,枝枝葉葉樹憾藤。遙遞一疊千紙鶴,同日明月共相思。眷戀恩情久久重,相識逢意日日深。時光悄息落塵土,往事音訊今何在?但願君心知餘意,兩情投義友誼續。 一次吃飯,認識了

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="df968b9f">[email&#160;protected]a>眾匯聚 QQ群:437393312

1.在百度翻譯平臺中,申請賬號,申請之後,會得到APP_ID和SECURITY_KEY 2.java程式碼如下 import net.sf.json.JSONObject; import com.

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ca839e8a">[email&#160;protected]a>眾匯聚 QQ群:437393312

1.給input輸入框一個onchange="change()" 事件 <input type="text"  onchange="change()" name="username" value="${actionBean.map.username }" class=

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="61283521">[email&#160;protected]a>眾匯聚 QQ群:437393312

 select * from   (select a.title,a.openurl,to_char(b.noticetime / (1000 * 60 * 60 * 24) + TO_DATE('1

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="541d0014">[email&#160;protected]a>眾匯聚 QQ群:437393312

1.不正確引入springboot jstl的依賴包,可能會出現如下錯誤 The absolute uri: http://java.sun.com/jsp/jstl/core cannot be r

centos修改主機名 <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="98eaf7f7ecd8">[email&#160;protected]a>後面的名字

阿里雲買的新的ESC,名字都是一串字元,不利於平時使用。我們可以重新命名主機來標記。 centos6 [[email protected] ~]$ hostname # 檢視當前的hostnmae cent

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b3fae7f3">[email&#160;protected]a>眾匯聚 QQ群:437393312

select * from oa_schedule b where b.task_id in(  select a.wf_orunid from BPM.BPM_ArchivedData a   wh

增加新的專案後gti clone報錯:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="25424c5165424c510b4a56464d4c4b440b4b4051">[email&#160;pr

問題場景描述 1. 碼雲已建立了專案A和B,SSH配置好,開發環境中git clone相關命令都可正常使用; 2. 在碼雲建立了專案C,此時在開發環境clone專案C的原始碼,報錯

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bbf2effb">[email&#160;protected]a>眾匯聚 QQ群:437393312

1新建一個readfilecallback.js //非同步式回撥函式; //定義一個讀取檔案回撥函式; function readfilecallback(err,data){ if(err){ c

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4d04190d">[email&#160;protected]a>眾匯聚 QQ群:437393312

 //檔案上傳需要的引數    private File upload;//上傳的檔案 upload和在jsp檔案<input type="file" name="upload">name

mac/linux/centos通過 ssh <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="21534e4e5561">[email&#160;protected]a>方式連線如何上傳檔案都阿里

目錄1、mac上傳檔案到Linux伺服器scp 檔名 使用者名稱@伺服器ip:目標路徑如:scp /Users/test/testFile [email protected]:/test/2、mac上傳資料夾到Linux伺服器,與上傳檔案相比多加了-rscp -r

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ade4f9ed">[email&#160;protected]a>眾匯聚 QQ群:437393312

Documents and Settings是什麼檔案? 答案: 是系統使用者設定資料夾,包括各個使用者的文件、收藏夾、上網瀏覽資訊、配置檔案等。 補:這裡面的東西不要隨便刪除,這儲存著所有使用者的文件和賬戶設定,如果刪除就會重新啟動不能登陸的情況,尤其是裡面的default user、all users、a

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b2fbe6f2">[email&#160;protected]a>眾匯聚 QQ群:437393312

1.新建一個Student的抽象類; package com.eduask.testabstract; //定義一個Student抽象類; public abstract class Student { public abstract void stu_Id(); pu

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f1b8a5b1">[email&#160;protected]a>眾匯聚 QQ群:437393312

1.關閉mysql # service mysqld stop 2.遮蔽許可權 # mysqld_safe --skip-grant-table 3.新開起一個終端輸入 # mysql -