这篇文章一直想写,终于有时间写了。
我的confluence是安装在docker上的,由于原来被黑客攻击过一次,所以使用docker部署来保证主机的安全,但是这种方法过了半年又被黑客攻击了。
黑客攻击的方式是通过confluence软件的BUG,写入主机/tmp/目录,然后一直执行定时任务,用top -c 命令你会看到后台有一堆的定时任务。然后产看端口占用 netstat -anp查看端口占用,你会发现一直有端口在被占用传输数据,列如下面的54.37.93.31:1999 ,这个IP是国外的,很明显你的服务器被当作肉机了:
netstat: showing only processes with your user ID
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 1/java
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 1/java
tcp 0 0 0.0.0.0:53569 0.0.0.0:* LISTEN 14455/1u448u29d2492
tcp 0 0 0.0.0.0:38596 0.0.0.0:* LISTEN 14455/1u448u29d2492
tcp 0 0 0.0.0.0:60693 0.0.0.0:* LISTEN 14455/1u448u29d2492
tcp 0 0 0.0.0.0:60793 0.0.0.0:* LISTEN 14455/1u448u29d2492
tcp 0 0 172.17.0.2:8090 172.17.0.1:58544 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58152 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58740 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58350 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58258 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58556 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58662 TIME_WAIT –
tcp 0 0 172.17.0.2:33466 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58296 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58118 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58632 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58568 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58994 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58674 TIME_WAIT –
tcp 0 0 172.17.0.2:35096 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58146 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58368 TIME_WAIT –
tcp 0 0 172.17.0.2:33926 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58462 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58980 TIME_WAIT –
tcp 0 0 172.17.0.2:33920 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58484 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58378 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57920 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58850 TIME_WAIT –
tcp 0 0 172.17.0.2:33608 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57962 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58226 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58656 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58826 TIME_WAIT –
tcp 0 0 172.17.0.2:34172 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58778 TIME_WAIT –
tcp 0 0 172.17.0.2:35092 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58232 TIME_WAIT –
tcp 32 0 172.17.0.2:56116 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:33622 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:33952 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58096 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58272 TIME_WAIT –
tcp 32 0 172.17.0.2:56102 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:50646 54.37.93.31:1999 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58652 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58280 TIME_WAIT –
tcp 32 0 172.17.0.2:55886 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58584 TIME_WAIT –
tcp 0 0 172.17.0.2:57856 54.37.93.31:1999 ESTABLISHED 14661/2x41884a48232
tcp 0 0 172.17.0.2:8090 172.17.0.1:58896 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58606 TIME_WAIT –
tcp 0 0 172.17.0.2:35076 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58014 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58066 TIME_WAIT –
tcp 32 0 172.17.0.2:56126 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58574 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58838 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58090 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57934 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58710 TIME_WAIT –
tcp 0 0 172.17.0.2:34550 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:33618 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58966 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58362 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58698 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58580 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57988 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58454 TIME_WAIT –
tcp 0 0 172.17.0.2:34088 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58256 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58730 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58274 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58550 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58854 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58714 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58102 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58706 TIME_WAIT –
tcp 0 0 172.17.0.2:34442 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58734 TIME_WAIT –
tcp 0 0 172.17.0.2:33921 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58530 TIME_WAIT –
tcp 32 0 172.17.0.2:57204 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:57956 TIME_WAIT –
tcp 0 0 172.17.0.2:35100 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:57884 TIME_WAIT –
tcp 1 0 172.17.0.2:40898 81.70.203.227:58088 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58320 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57968 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58328 TIME_WAIT –
tcp 0 0 172.17.0.2:46658 81.70.203.227:443 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58506 TIME_WAIT –
tcp 0 0 172.17.0.2:51866 54.37.93.31:1999 ESTABLISHED 14456/1u448u29d2492
tcp 0 0 172.17.0.2:8090 172.17.0.1:58726 TIME_WAIT –
tcp 0 0 172.17.0.2:34443 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:57904 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58768 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58978 TIME_WAIT –
tcp 0 0 172.17.0.2:33467 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58398 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58238 TIME_WAIT –
tcp 0 0 172.17.0.2:33938 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58086 TIME_WAIT –
tcp 0 0 172.17.0.2:34571 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:33936 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58688 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58218 TIME_WAIT –
tcp 0 0 172.17.0.2:33944 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58988 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57912 TIME_WAIT –
tcp 0 0 172.17.0.2:33614 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58244 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57996 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58472 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58282 TIME_WAIT –
tcp 0 0 172.17.0.2:34173 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58598 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58794 TIME_WAIT –
tcp 0 0 172.17.0.2:35080 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58176 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57940 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58496 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58814 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58356 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58722 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58170 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58444 TIME_WAIT –
tcp 0 0 172.17.0.2:50576 54.37.93.31:1999 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58458 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58246 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58114 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58310 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58772 TIME_WAIT –
tcp 32 0 172.17.0.2:56084 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:35084 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58290 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58108 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58514 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58018 TIME_WAIT –
tcp 32 0 172.17.0.2:56114 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58718 TIME_WAIT –
tcp 0 0 172.17.0.2:34561 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:57982 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58888 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58266 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58564 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57974 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58438 TIME_WAIT –
tcp 0 0 172.17.0.2:33606 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58684 TIME_WAIT –
tcp 0 0 172.17.0.2:34560 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58784 TIME_WAIT –
tcp 0 0 172.17.0.2:33932 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58868 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58450 TIME_WAIT –
tcp 0 0 172.17.0.2:48468 54.37.93.31:1999 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58314 TIME_WAIT –
tcp 0 0 172.17.0.2:33602 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58006 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58392 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58610 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58140 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58882 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58060 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58344 TIME_WAIT –
tcp 0 0 172.17.0.2:35064 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58466 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58666 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57878 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58386 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58206 TIME_WAIT –
tcp 0 0 172.17.0.2:34570 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58534 TIME_WAIT –
tcp 0 0 172.17.0.2:34558 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58756 TIME_WAIT –
tcp 0 0 172.17.0.2:34184 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58134 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58800 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57926 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58480 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58078 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58908 TIME_WAIT –
tcp 0 0 172.17.0.2:35072 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:57890 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58332 TIME_WAIT –
tcp 0 0 172.17.0.2:33956 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58338 TIME_WAIT –
tcp 32 0 172.17.0.2:56118 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:33626 172.21.0.11:3306 TIME_WAIT –
tcp 32 0 172.17.0.2:49108 104.192.137.8:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58844 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58902 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58130 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58636 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58592 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58158 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58914 TIME_WAIT –
tcp 0 0 172.17.0.2:35065 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:34178 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58624 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58124 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58764 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58510 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58372 TIME_WAIT –
tcp 0 0 172.17.0.2:33945 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58250 TIME_WAIT –
tcp 0 0 172.17.0.2:34089 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58476 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58200 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57896 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58670 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58640 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:57910 TIME_WAIT –
tcp 0 0 172.17.0.2:34552 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58490 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58628 TIME_WAIT –
tcp 0 0 172.17.0.2:34186 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:46850 81.70.203.227:443 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:34546 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58588 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58968 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58262 TIME_WAIT –
tcp 0 0 172.17.0.2:46776 81.70.203.227:443 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:51754 54.37.93.31:1999 ESTABLISHED 14455/1u448u29d2492
tcp 0 0 172.17.0.2:8090 172.17.0.1:58750 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58806 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58614 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58164 TIME_WAIT –
tcp 32 0 172.17.0.2:56124 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58072 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58518 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58920 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58190 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58522 TIME_WAIT –
tcp 0 0 172.17.0.2:35088 172.21.0.11:3306 ESTABLISHED 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58644 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58874 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58602 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58212 TIME_WAIT –
tcp 1 0 127.0.0.1:33330 127.0.0.1:8091 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58526 TIME_WAIT –
tcp 0 0 172.17.0.2:33696 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58286 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:59002 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58680 TIME_WAIT –
tcp 32 0 172.17.0.2:56122 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58000 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58024 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58820 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58648 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58184 TIME_WAIT –
tcp 0 0 172.17.0.2:50222 54.37.93.31:1999 ESTABLISHED 14374/1u448u29d2492
tcp 0 0 172.17.0.2:8090 172.17.0.1:58860 TIME_WAIT –
tcp 32 0 172.17.0.2:56120 104.192.137.7:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58832 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58788 TIME_WAIT –
tcp 0 0 172.17.0.2:34192 172.21.0.11:3306 TIME_WAIT –
tcp 0 0 172.17.0.2:8090 172.17.0.1:58538 TIME_WAIT –
tcp 32 0 172.17.0.2:42816 81.70.203.227:443 CLOSE_WAIT 1/java
tcp 0 0 172.17.0.2:8090 172.17.0.1:58702 TIME_WAIT –
解决办法:
1、使用云安全组,只留下443端口或者你使用的端口,其他的端口都关闭:
列如腾讯云的安全组,除了我需要的端口,其他的都关闭,
2、使用iptables把黑客的IP直接屏蔽掉:
将输入IP屏蔽
iptables -I INPUT -s 54.37.93.31 -j DROP
将输出IP屏蔽
iptables -I OUTPUT -s 54.37.93.31 -j DROP
3、添加定时任务,一直清空tmp文件夹下的文件,让黑客无法运行脚本,杀掉黑客的任务
我是每两分钟执行一次,下面是脚本拿去直接用
#!/usr/bin/python
# coding:utf-8
import datetime
import os
复制confluence备份文件
if __name__ == __main__ :
print( START , datetime.datetime.today())
# 删除docker内文件
# cmd = “docker exec confluence rm -rf /tmp/kinsing /tmp/XVlBzgbaiC /tmp/java8.aak /tmp/conf.n /tmp/java.xnk /var/tmp/java.xnk/java.xnk.stak”
cmd = “rm -rf /data/docker/data/overlay2/9cfd7dfa64089906b34296dcba5f5dfb9fb9654fdd1f93f8c2d42cb2516c544a/merged/var/tmp/*”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
cmd = “rm -rf /data/docker/data/overlay2/9cfd7dfa64089906b34296dcba5f5dfb9fb9654fdd1f93f8c2d42cb2516c544a/merged/tmp/*”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
cmd = “ps -ef | grep kinsing | awk { print $2 } | sudo xargs kill -9”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
cmd = “ps -ef | grep kdevtmpfsi | awk { print $2 } | sudo xargs kill -9”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
cmd = “ps -ef | grep /var/tmp | awk { print $2 } | sudo xargs kill -9”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
cmd = “ps -ef | grep XVlBzgbaiC | awk { print $2 } | sudo xargs kill -9”
print(cmd)
ret = os.popen(cmd, w )
print( ret , ret)
exit()
4、在nginx中将黑客IP加入黑名单
在server中加入如下配置
deny 178.128.124.245;
以上是我的经验,对付目前的黑客足矣。如果黑客继续攻击,我就继续反击!!!
暂无评论内容