欢迎来到好人卡资源网,专注网络技术资源收集,我们不仅是网络资源的搬运工,也生产原创资源。寻找资源请留言或关注公众号:烈日下的男人

完美删除阿里云ECS服务器阿里云盾关键词检测_屏蔽IP扫描

linux sky995 6年前 (2018-09-13) 1656次浏览 0个评论

本文及资源最后更新时间 2018-09-13 by sky995

用过阿里云ecs服务器或者产品的人都知道,阿里云是自带安全扫描还有云盾防御的,虽然表面上是说给你安全防御,其实就是为了获取你的数据。

当然还可以记录一些攻击记录,让你付费解决,不过都没什么卵用,该被攻击的还是会被攻击,该花钱解决问题的一个子都少不了。

而且自己服务器天天要被阿里云扫描,有什么违规关键词都会给你封了,特别是小站,没人气就没攻击,不过阿里云会天天攻击你,告诉你网站漏洞。

要么你自己解决,要么你就花钱解决,对于强迫症的人来说,阿里云盾给你带来的是无时无刻的折腾。

屏蔽阿里云ECS服务器扫描

最开始无作为也是用的阿里云,搭配的云锁安全软件,不过天天都有阿里云ip的攻击,询问客服,说是给你找漏洞,不影响性能,呵呵,最后网站页面被封了不少。

基本都是关键词违规,比如带有91、VbN、还有网络禁止的哪些词语,阿里云会自动给你屏蔽这些页面,导致无法访问。

那么如何完美的彻底的屏蔽阿里云的扫描呢?

方法一:卸载阿里云盾监控

<span class="pln">wget http</span><span class="pun">:</span><span class="com">//update.aegis.aliyun.com/download/uninstall.sh</span><span class="pln">
sh uninstall</span><span class="pun">.</span><span class="pln">sh
wget http</span><span class="pun">:</span><span class="com">//update.aegis.aliyun.com/download/quartz_uninstall.sh</span><span class="pln">
sh quartz_uninstall</span><span class="pun">.</span><span class="pln">sh</span>

或者:

<span class="pln">wget http</span><span class="pun">:</span><span class="com">//update.aegis.aliyun.com/download/uninstall.sh</span><span class="pln">
chmod </span><span class="pun">+</span><span class="pln">x uninstall</span><span class="pun">.</span><span class="pln">sh
</span><span class="pun">./</span><span class="pln">uninstall</span><span class="pun">.</span><span class="pln">sh
wget http</span><span class="pun">:</span><span class="com">//update.aegis.aliyun.com/download/quartz_uninstall.sh</span><span class="pln">
chmod </span><span class="pun">+</span><span class="pln">x quartz_uninstall</span><span class="pun">.</span><span class="pln">sh
</span><span class="pun">./</span><span class="pln">quartz_uninstall</span><span class="pun">.</span><span class="pln">sh</span>

删除残留

<span class="pln">pkill aliyun</span><span class="pun">-</span><span class="pln">service
rm </span><span class="pun">-</span><span class="pln">fr </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">init</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">agentwatch </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">sbin</span><span class="pun">/</span><span class="pln">aliyun</span><span class="pun">-</span><span class="pln">service
rm </span><span class="pun">-</span><span class="pln">rf </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">aegis</span><span class="pun">*</span>

屏蔽云盾 IP(直接执行下面代码,或者通过面板管理)

<span class="pln">iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.0</span><span class="pun">/</span><span class="lit">28</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.16</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.32</span><span class="pun">/</span><span class="lit">28</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.192</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.200</span><span class="pun">/</span><span class="lit">30</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.184</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.183</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.206</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.205</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.195</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.204</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP</span>

方法二:CentOS 关闭AliYunDun

CentOS推荐用这个,使用

<span class="pln">chkconfig </span><span class="pun">--</span><span class="pln">list</span>

查看开机启动里面这个软件的服务名是什么,然后替换掉xxx然后执行就可以了;

如果想开机不启动的话,chkconfig –del xxxx这个xxxx就是你找出来aliyundun的后台服务。

<span class="pln">service aegis stop  </span><span class="com">#停止服务</span><span class="pln">
chkconfig </span><span class="pun">--</span><span class="kwd">del</span><span class="pln"> aegis  </span><span class="com"># 删除服务</span>

方法三:阿里云服务器查杀关闭云盾进程

完美删除阿里云ECS服务器阿里云盾关键词检测_屏蔽IP扫描

查杀关闭云盾进程处理过程如下:

完美删除阿里云ECS服务器阿里云盾关键词检测_屏蔽IP扫描

删除阿里云登录界面欢迎信息:

<span class="typ">Welcome</span><span class="pln"> to </span><span class="typ">Ubuntu</span> <span class="lit">17.04</span> <span class="pun">(</span><span class="pln">GNU</span><span class="pun">/</span><span class="typ">Linux</span> <span class="lit">4.10</span><span class="pun">.</span><span class="lit">0</span><span class="pun">-</span><span class="lit">19</span><span class="pun">-</span><span class="pln">generic x86_64</span><span class="pun">)</span>
<span class="pun">*</span> <span class="typ">Documentation</span><span class="pun">:</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//help.ubuntu.com</span>
<span class="pun">*</span> <span class="typ">Management</span><span class="pun">:</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//landscape.canonical.com</span>
<span class="pun">*</span> <span class="typ">Support</span><span class="pun">:</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//ubuntu.com/advantage</span>
<span class="typ">Welcome</span><span class="pln"> to </span><span class="typ">Alibaba</span> <span class="typ">Cloud</span> <span class="typ">Elastic</span> <span class="typ">Compute</span> <span class="typ">Service</span> <span class="pun">!</span>
<span class="typ">Last</span><span class="pln"> login </span><span class="kwd">from</span>

就莫名的不爽,于是查了一下 vim /etc/motd 就可以编辑/删除倒数第二行的 Welcome to Alibaba Cloud Elastic Compute Service ! 欢迎信息了。

到这里关于如何在阿里云ECS的liunx系统上如何关闭删除阿里云盾(安骑士)教程就结束了,个人推荐第二种方法,简单,直接,粗暴。

补充:

屏蔽阿里云盾的扫描检测

虽然上面彻底关闭了阿里云 ECS 上的云盾,但是发现还是有“Web 攻击”的截获记录,看了一下 IP 地址段发现是个叫“Alibaba.Security.Heimdall”的 UA 来访的,度娘、谷姐一番后才知道这就是阿里云云盾的扫描检测 IP 地址。

很明显,这样是不科学的,自己的服务器总是被人扫描检测总是感觉怪怪的,并且服务器真正被攻击的时候,阿里云盾能起到的作用几乎为零。完美删除阿里云ECS服务器阿里云盾关键词检测_屏蔽IP扫描

唯一的作用就是提醒我交钱,买安全!

云盾扫描云服务器的 IP 段固定为:

<span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.0</span><span class="pun">/</span><span class="lit">28</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.16</span><span class="pun">/</span><span class="lit">29</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.32</span><span class="pun">/</span><span class="lit">28</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.192</span><span class="pun">/</span><span class="lit">29</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.200</span><span class="pun">/</span><span class="lit">30</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.184</span><span class="pun">/</span><span class="lit">29</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.183</span><span class="pun">/</span><span class="lit">32</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.206</span><span class="pun">/</span><span class="lit">32</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.205</span><span class="pun">/</span><span class="lit">32</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.195</span><span class="pun">/</span><span class="lit">32</span>
<span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.204</span><span class="pun">/</span><span class="lit">32</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.0</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.64</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.128</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.192</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.64</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.128</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.192</span><span class="pun">/</span><span class="lit">26</span>
<span class="lit">106.11</span><span class="pun">.</span><span class="lit">223.0</span><span class="pun">/</span><span class="lit">26</span>

既然官方公开了 IP 地址段那就也说明,屏蔽拦截这些 IP 的扫描检测官方并不反对的!

这里无作为直接分析脚本,大家直接执行即可:

<span class="com">#!/bin/bash</span><span class="pln">
echo </span><span class="str">"屏蔽阿里云盾恶意 IP......."</span><span class="pln">
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.0</span><span class="pun">/</span><span class="lit">28</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.16</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">201.32</span><span class="pun">/</span><span class="lit">28</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.192</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.200</span><span class="pun">/</span><span class="lit">30</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.184</span><span class="pun">/</span><span class="lit">29</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.183</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.206</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.205</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.195</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">140.205</span><span class="pun">.</span><span class="lit">225.204</span><span class="pun">/</span><span class="lit">32</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.0</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.64</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.128</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">224.192</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.64</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.128</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">222.192</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
iptables </span><span class="pun">-</span><span class="pln">I INPUT </span><span class="pun">-</span><span class="pln">s </span><span class="lit">106.11</span><span class="pun">.</span><span class="lit">223.0</span><span class="pun">/</span><span class="lit">26</span> <span class="pun">-</span><span class="pln">j DROP
echo </span><span class="str">"已经屏蔽了阿里云盾恶意 IP"</span>

保存上述代码为 XXX.sh,然后在终端输入 sh XXX.sh 运行脚本即可将里面的屏蔽加入当前使用的 iptables 防火墙规则里了,当然,最后记得运行一下 service iptables save 保存一下规则!


好人卡资源网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:完美删除阿里云ECS服务器阿里云盾关键词检测_屏蔽IP扫描
喜欢 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址