Operation and MaintenanceLinux Operation and MaintenanceHow to deal with external DDoS attacks on ECS instances causing them to be locked outHow to deal with external DDoS attacks on ECS instances causing them to be locked out
本文在介绍如何处理 ECS 实例对外 DDoS 攻击导致被锁定的基础上,重点探讨了其具体步骤,本文内容紧凑,希望大家可以有所收获。
如何处理 ECS 实例对外 DDoS 攻击导致被锁定
当您的 ECS 实例在 ECS 控制台的状态为锁定,同时收到阿里云实例关停的官方短信或邮件通知时,代表您的 ECS 实例已被安全锁定。这是因为阿里云检测到您的 ECS 实例有对外 DDoS 攻击行为,影响云平台网络稳定,所以被安全系统锁定。
安全锁定后,表示病毒已经入侵,建议您及时 创建快照 备份磁盘数据。
排查 ECS 实例病毒
查看 ECS 实例网络连接状态,分析是否有可疑发送行为,如有则停止。
Linux 实例:执行命令 netstat -a 查看网络连接。
Windows 实例:在 PowerShell 环境下执行命令 netstat -a -n -o查看网络连接。
使用杀毒软件查杀病毒。推荐使用 安骑士 全盘杀毒。
Linux 常见木马清理命令:
chattr -i /usr/bin/.sshd
rm -f /usr/bin/.sshd
rm -f -r /usr/bin/bsd-port
rm -r -f /root/.ssh
rm -r -f /usr/bin/bsd-port
cp /usr/bin/dpkgd/ps /bin/ps
cp /usr/bin/dpkgd/netstat /bin/netstat
cp /usr/bin/dpkgd/lsof /usr/sbin/lsof
cp /usr/bin/dpkgd/ss /usr/sbin/ss
find /proc/ -name exe | xargs ls -l | grep -v task |grep deleted| awk '{print $11}' |
awk -F/ '{print $NF}' | xargs killall -9排查 ECS 实例漏洞
查看 ECS 实例账号是否异常。
Windows 实例
删除账户名末尾有美元字符($)的账号,一般情况下,黑客创建的账户名末尾有字符 $。
黑客可能在您的 ECS 实例内创建隐藏用户,本地用户无法查看隐藏账户,您可以通过修改注册表修改 administrator 权限,建议您在修改注册表前先备份数据,避免操作出错:
远程连接 并登录到实例。
点击开始 > 运行,输入 regedt32.exe。
选择 HKEY_LOCAL_MACHINE/SAM/SAM,默认情况下您看不到里面的内容。
单击 SAM,右击选择权限,选择 administrator,勾选权限为完全控制,单击确定。
选择开始 > 运行,输入 regedit。
选择 HKEY_LOCAL_MACHINE/SAM/SAM/Domains/Account,显示当前 ECS 实例的所有用户名,删除本地账户中没有的账户即可删除隐藏用户。
Linux 实例
执行命令 last 或者 /var/log/secure 查看 ECS 实例近期登录记录。
执行命令 vi /etc/passwd 查看是否有异常账户,有的话执行命令 usermod -L 用户名 禁用用户或者执行命令 userdel -r 用户名 删除用户。
查看 ECS 实例是否有异地登录情况,如有则修改密码为强密码,以 10 位及其以上的大小写字母、数字以及特殊符号组成。
查看 Web 服务是否有漏洞,如 struts, ElasticSearch 等,如有则请升级。您也可以登录 云盾安全防护功能 检测 Web 服务是否有漏洞。
检查 ECS 实例内部账户密码是否过于简单,例如,MySQL 账户,SQL Server 账户,FTP 账户,Web 管理后台帐号,或者其他密码,并将简单密码重置为复杂密码,以 10 位及其以上的大小写字母、数字以及特殊符号组成。
按照对应第三方软件官网指示修复。
开启云盾服务
开启所有 云盾安全防护功能,避免您的 ECS 实例再次遭到恶意攻击。
初始化 ECS 实例
经过以上处理还不能解决问题,建议您初始化 ECS 实例。
登录 ECS 管理控制台。
为故障 ECS 实例 创建快照,包括系统盘和数据盘。
停止故障 ECS 实例后,在操作栏单击 更多 > 重新初始化磁盘,选择重新初始化系统盘和数据盘。
重新部署程序应用并上传杀毒后的数据,重新运行 ECS 实例。
开启所有 云盾安全防护功能。
The above is the detailed content of How to deal with external DDoS attacks on ECS instances causing them to be locked out. For more information, please follow other related articles on the PHP Chinese website!
The 5 Core Components of the Linux Operating SystemMay 08, 2025 am 12:08 AMThe five core components of the Linux operating system are: 1. Kernel, 2. System libraries, 3. System tools, 4. System services, 5. File system. These components work together to ensure the stable and efficient operation of the system, and together form a powerful and flexible operating system.
The 5 Essential Elements of Linux: ExplainedMay 07, 2025 am 12:14 AMThe five core elements of Linux are: 1. Kernel, 2. Command line interface, 3. File system, 4. Package management, 5. Community and open source. Together, these elements define the nature and functionality of Linux.
Linux Operations: Security and User ManagementMay 06, 2025 am 12:04 AMLinux user management and security can be achieved through the following steps: 1. Create users and groups, using commands such as sudouseradd-m-gdevelopers-s/bin/bashjohn. 2. Bulkly create users and set password policies, using the for loop and chpasswd commands. 3. Check and fix common errors, home directory and shell settings. 4. Implement best practices such as strong cryptographic policies, regular audits and the principle of minimum authority. 5. Optimize performance, use sudo and adjust PAM module configuration. Through these methods, users can be effectively managed and system security can be improved.
Linux Operations: File System, Processes, and MoreMay 05, 2025 am 12:16 AMThe core operations of Linux file system and process management include file system management and process control. 1) File system operations include creating, deleting, copying and moving files or directories, using commands such as mkdir, rmdir, cp and mv. 2) Process management involves starting, monitoring and killing processes, using commands such as ./my_script.sh&, top and kill.
Linux Operations: Shell Scripting and AutomationMay 04, 2025 am 12:15 AMShell scripts are powerful tools for automated execution of commands in Linux systems. 1) The shell script executes commands line by line through the interpreter to process variable substitution and conditional judgment. 2) The basic usage includes backup operations, such as using the tar command to back up the directory. 3) Advanced usage involves the use of functions and case statements to manage services. 4) Debugging skills include using set-x to enable debugging mode and set-e to exit when the command fails. 5) Performance optimization is recommended to avoid subshells, use arrays and optimization loops.
Linux Operations: Understanding the Core FunctionalityMay 03, 2025 am 12:09 AMLinux is a Unix-based multi-user, multi-tasking operating system that emphasizes simplicity, modularity and openness. Its core functions include: file system: organized in a tree structure, supports multiple file systems such as ext4, XFS, Btrfs, and use df-T to view file system types. Process management: View the process through the ps command, manage the process using PID, involving priority settings and signal processing. Network configuration: Flexible setting of IP addresses and managing network services, and use sudoipaddradd to configure IP. These features are applied in real-life operations through basic commands and advanced script automation, improving efficiency and reducing errors.
Linux: Entering and Exiting Maintenance ModeMay 02, 2025 am 12:01 AMThe methods to enter Linux maintenance mode include: 1. Edit the GRUB configuration file, add "single" or "1" parameters and update the GRUB configuration; 2. Edit the startup parameters in the GRUB menu, add "single" or "1". Exit maintenance mode only requires restarting the system. With these steps, you can quickly enter maintenance mode when needed and exit safely, ensuring system stability and security.
Understanding Linux: The Core Components DefinedMay 01, 2025 am 12:19 AMThe core components of Linux include kernel, shell, file system, process management and memory management. 1) Kernel management system resources, 2) shell provides user interaction interface, 3) file system supports multiple formats, 4) Process management is implemented through system calls such as fork, and 5) memory management uses virtual memory technology.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Zend Studio 13.0.1
Powerful PHP integrated development environment
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
