服务器被黑 by rivalhw

View this thread on: hive.blog | peakd.com | ecency.com

hive-105017 · @rivalhw · Apr 16 (edited)

$20.11

服务器被黑

前几日在阿里云上购买了台服务器，打算做一些测试使用，安装的是Ubuntu 系统，软件我安装了python3.12，vsFtp和Redis这3个个软件，嗯，应该没再安装其它了。

想着是测试服务器，也没啥重要信息，就挂在那里。

前天的时候，忽然收到阿里云的一条警戒短信：

>【阿里云】尊敬的xxx：您的服务器xxxxx（launch-advis...）存在异常登录行为：ECS在非常用地登录，详情可登录云安全中心控制台进行查看和处理，如果是您自己操作可忽略。

想着可能是自己不小心切换到外网引起的操作吧，当时就没在意。

结果呢，今早时，打算登陆这台服务器，却发现死活登陆不上了，尝试了几次，始终不行，于是登陆阿里云平台上，发现确实收到一条警告短信，

![QQ图片20250416145901.png](https://images.hive.blog/DQmRx2MpwQH3cn6SHyaeGapMv4aL7kc6Snxg95T1k8wRaKb/QQ%E5%9B%BE%E7%89%8720250416145901.png)

强制重启后，尝试发现也不行。

这时想起来，没有做安全策略，关闭无关端口，很大可能服务器被入侵篡改了。


![character-696951_1280.png](https://images.hive.blog/DQmRRxST58zEwmwKsaAKB984BJWTZKWFv5JRTappSEBSm4P/character-696951_1280.png)
Image by <a href="https://pixabay.com/users/succo-96729/?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=696951">succo</a> from <a href="https://pixabay.com//?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=696951">Pixabay</a>

之前的服务器，安装好软件后，我一般都会在第一时间启用安全策略，就是自己定义的一些端口规则，默认除了80其余一律不开启，除非特殊的比如ftp的21端口，也仅仅是在使用时，一般用完就将服务关闭，后边用时再启用。

再比如Redis，我之前因为犯懒，安装过一个比较老的版本，也没去更新，又开启了外网端口，结果呢，有次发现攻击者就是通过这个redis的漏洞和端口，入侵了服务器。。。

再比如我多年前使用过的phpMyAdmin 软件，用过的朋友都知道，这个软件是php下管理mysql数据库的一款非常好用的软件，但无奈这玩意安全漏洞多，我又不是勤快的人，结果有次也是被利用漏洞，在数据库里莫名多出许多垃圾数据。。。

至于像流行的比如wordPress博客软件，漏洞就更多了，我先前用过一段时间，发现隔三差五就有安全更新，一不小心，就被植入了一些莫名垃圾文件。。。

再说个我遇到过的最奇葩和难搞的一次入侵。当时是在linux服务系统里植入了个进程，那个进程导致cpu极高不下，我尝试杀死进程，结果发现不一会它不知道从哪个地方又冒出来，反复尝试多次，对方就像杀不死的小强，非常顽强。。。无奈之下，我只好放弃，重新安装了新系统。

因此，后来就养成了每次新购买服务器后，第一时间就是加上安全策略，避免无端被攻击，而这次，显然是大意了，主要原因是自己觉得测试服务器，也没啥重要数据，心里一轻视懈怠，这就给黑客制造了机会，钻了空子。

看来，安全还是得注意，不能大意和心存侥幸心理。幸好这次只是测试服务器，没啥重要数据。

👍 abit, magicmonk, deanliu, oflyhigh, eval, rivalhw, tipu, susanli3769, exec, ace108, mrspointm, jychbetter, jamesbrown, bxt, aafeng, dwayne16, mrpointp, rosatravels, helene, borjan, catwomanteresa, quochuy, annepink, atyh, ecency, aellly, tanzil2024, emmali, azazqwe, lovelingling, midnightoil, dengyanping888, lovelemon, davidke20, penguinpablo, alpha-omega, cnstm, xplosive, iris085, julian2013, drricksanchez, laoyao, balikis95, angelina6688, ericaliu, imfarhad, celeste413, sunflor, liumei, steemegg, idx, a-secondchance, love5200, wherein, xiaohui, kimzwarch, sasaadrian, pet.society, passion-fruit, fortune-master, good-karma, beco132, hmayak, vixmemon, and 77 others

`author`	rivalhw
`permlink`	6tkj7f
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1","format":"markdown","image":["https://images.hive.blog/DQmRRxST58zEwmwKsaAKB984BJWTZKWFv5JRTappSEBSm4P/character-696951_1280.png","https://images.hive.blog/DQmRx2MpwQH3cn6SHyaeGapMv4aL7kc6Snxg95T1k8wRaKb/QQ%E5%9B%BE%E7%89%8720250416145901.png"],"links":["https://pixabay.com/users/succo-96729/?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=696951"],"tags":["server","security","story","life","cn-reader","cn"]}
`created`	2025-04-16 07:13:24
`last_update`	2025-04-16 07:13:48
`depth`	0
`children`	15
`last_payout`	2025-04-23 07:13:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	10.062 HBD
`curator_payout_value`	10.047 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,596
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	0
`post_id`	142,127,045
`net_rshares`	59,805,837,660,846
`author_curate_reward`	""

properties (23)vote details (141)

voter	rshares	pct
abit	17,992,309,071,546	75%
good-karma	11,215,140,862	1%
deanliu	4,990,684,895,517	100%
lemooljiang	9,533,599,858	100%
ace108	1,320,079,190,380	26%
jamesbrown	950,566,521,053	100%
magicmonk	7,965,396,664,786	100%
laoyao	53,580,819,528	75%
midnightoil	189,579,921,819	75%
xiaohui	16,600,629,250	75%
oflyhigh	3,486,683,971,536	75%
rivalhw	1,720,764,429,473	100%
helene	767,903,158,292	75%
ffcrossculture	2,436,855,211	100%
netaterra	3,763,887,398	10%
penguinpablo	139,133,010,689	14%
cnfund	5,595,911,115	50%
funnyman	1,434,329,020	5.6%
btshuang	746,819,445	50%
esteemapp	2,966,909,128	1%
azazqwe	230,529,160,332	100%
lucknie	146,123,820	100%
dumping	111,643,624	100%
bxt	942,188,400,398	100%
passion-fruit	12,296,081,378	92%
fortune-master	12,280,257,103	92%
xplosive	68,835,470,806	75%
exec	1,484,004,494,110	75%
eval	2,968,352,779,400	75%
alphacore	7,062,099,336	7.12%
joeyarnoldvn	553,787,247	1.76%
susanli3769	1,516,711,547,186	100%
mrpointp	816,602,821,307	100%
mygod	743,231,921	50%
catwomanteresa	535,228,446,989	100%
idx	20,828,488,102	75%
aafeng	871,862,152,225	100%
floatinglin	8,176,944,849	100%
mrspointm	1,075,528,227,260	100%
liumei	24,688,256,215	100%
tipu	1,636,066,303,830	10%
kimzwarch	16,329,442,269	4%
chenlocus	1,902,837,873	100%
davidke20	161,515,444,815	100%
rosatravels	787,584,408,268	100%
sorin.cristescu	2,882,658,700	0.5%
minloulou	5,886,641,897	70%
sayee	665,901,527	0.9%
metten	139,077,914	100%
esteem.app	362,280,047	1%
namchau	6,057,032,795	70%
jychbetter	1,065,424,615,681	100%
cn-book	411,492,050	100%
halleyleow	6,564,324,434	80%
cn-movie	196,888,506	100%
angelina6688	37,195,953,559	80%
vivia	742,016,682	100%
ahmadmangazap	1,488,828,195	0.5%
cryptonized	236,483,522	14%
tryskele	4,936,487,595	20%
xiaoli	468,399,188	100%
yumisee	797,231,672	50%
joeliew	3,772,246,476	100%
emmali	328,979,637,843	100%
vamos-amigo	4,238,277,361	100%
dwayne16	853,801,653,017	35%
jeffspace	6,539,504,177	100%
aellly	421,822,393,459	100%
ryenneleow	7,260,321,837	90%
tresor	618,404,938	20%
quochuy	523,820,438,013	6.03%
beco132	10,248,867,337	54%
hmayak	10,142,293,324	100%
archisteem	1,279,569,953	7.5%
theluvbug	7,784,615,260	100%
longer	888,954,145	2.5%
vixmemon	9,588,537,658	30.63%
julian2013	63,964,762,782	100%
pet.society	14,959,213,491	6%
minminlou	583,714,623	56%
annepink	488,441,393,937	100%
bichen	1,852,909,578	100%
sasaadrian	15,794,135,593	20%
starrouge	750,137,470	37.5%
wherein	19,778,293,236	75%
zerofive	622,210,023	37.5%
muntaharaceh	6,431,787,299	20%
jacuzzi	635,099,132	1.4%
steemegg	22,788,137,995	50%
cnstm	91,789,001,290	75%
likuang007	455,783,676	75%
lianjingmedia	694,696,442	75%
a-secondchance	20,309,865,855	100%
mia-cc	1,240,396,551	10%
hungrybear	613,508,131	14%
fintian	535,708,581	100%
kryptogames	3,886,056,203	10%
lovelemon	180,102,457,599	33%
dailyke20	2,583,468,100	100%
isaaclim	2,559,703,824	100%
blumela	1,988,614,574	0.5%
borjan	649,803,936,470	28%
cxy	1,922,691,206	50%
cryptogambit	1,422,241,002	7.5%
atyh	455,769,487,296	100%
moleah	666,034,382	100%
bcm	924,521,974	7.5%
dappstats	4,635,161,409	15%
starnote	343,816,550	100%
moochain.net	346,338,113	100%
warmstill	834,908,709	50%
bnk	7,497,592,846	20%
imfarhad	27,521,644,241	25%
ecency	431,189,286,571	1%
ecency.stats	386,445,859	1%
iris085	66,388,435,407	100%
philipmak	1,596,496,425	50%
netaterra.leo	645,310,157	9%
drricksanchez	59,108,799,438	10%
ericaliu	33,318,688,926	100%
hive.friends	0	1%
dengyanping888	186,348,415,947	100%
lovelingling	204,231,302,292	100%
celeste413	26,540,040,696	100%
alpha-omega	92,280,767,783	50%
tanzil2024	330,190,123,718	75%
bai123	6,091,730,940	100%
eolianpariah2	863,120,912	0.4%
sunflor	25,954,733,708	100%
ilark	2,423,748,377	100%
theindiankid	2,112,168,832	100%
sabajfa	717,618,099	5%
love5200	19,808,765,556	100%
kam5iz	465,947,093	4%
mukadder	945,327,838	1%
balikis95	43,310,030,194	100%
albro	2,657,297,943	100%
ecency.waves	0	1%
soyernesto	936,646,596	5%
carolin77	7,473,384,960	100%
linos	8,456,981,065	100%

@carolin77 · Apr 16

这些黑客是不是随机的，无差别攻击

properties (22)

`author`	carolin77
`permlink`	re-rivalhw-2025416t203052906z
`category`	hive-105017
`json_metadata`	{"type":"comment","tags":["hive-105017","server","security","story","life","cn-reader","cn"],"app":"ecency/3.2.1-mobile","format":"markdown+html"}
`created`	2025-04-16 12:30:51
`last_update`	2025-04-16 12:30:51
`depth`	1
`children`	1
`last_payout`	2025-04-23 12:30:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	16
`author_reputation`	43,400,129,023,313
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,130,727
`net_rshares`	0

@rivalhw · Apr 18

是的，从日志看，就是无聊攻击

properties (22)

`author`	rivalhw
`permlink`	suw82r
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-18 02:54:30
`last_update`	2025-04-18 02:54:30
`depth`	2
`children`	0
`last_payout`	2025-04-25 02:54:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	14
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,162,302
`net_rshares`	0

@celeste413 · Apr 16

现在黑客 真是无孔不入呀！

properties (22)

`author`	celeste413
`permlink`	re-rivalhw-2025416t155032882z
`category`	hive-105017
`json_metadata`	{"tags":["server","security","story","life","cn-reader","cn"],"app":"ecency/4.0.3-vision","format":"markdown+html"}
`created`	2025-04-16 07:50:33
`last_update`	2025-04-16 07:50:33
`depth`	1
`children`	3
`last_payout`	2025-04-23 07:50:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	14
`author_reputation`	433,572,933,110,282
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,346
`net_rshares`	0

@rivalhw · Apr 16

$0.02

确实，看日志没事就瞎扫描端口，逮着机会就恶意攻击

👍 dustbunny, celeste413

`author`	rivalhw
`permlink`	suswp4
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-16 07:55:54
`last_update`	2025-04-16 07:55:54
`depth`	2
`children`	2
`last_payout`	2025-04-23 07:55:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.012 HBD
`curator_payout_value`	0.012 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	24
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,403
`net_rshares`	78,054,851,575
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
dustbunny	0 B		53,460,314,018	16.98%
celeste413	0 B		24,594,537,557	100%

@celeste413 · Apr 16

嗯嗯 幸亏大伟哥 发现及时！

properties (22)

`author`	celeste413
`permlink`	re-rivalhw-2025416t155829473z
`category`	hive-105017
`json_metadata`	{"tags":["ecency"],"app":"ecency/4.0.3-vision","format":"markdown+html"}
`created`	2025-04-16 07:58:30
`last_update`	2025-04-16 07:58:30
`depth`	3
`children`	1
`last_payout`	2025-04-23 07:58:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	14
`author_reputation`	433,572,933,110,282
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,439
`net_rshares`	0

1 reply

@liumei · Apr 16

还好大伟哥会自己搞，要是我，被黑了也不知道🙂‍↔️

properties (22)

`author`	liumei
`permlink`	re-rivalhw-2025416t21402782z
`category`	hive-105017
`json_metadata`	{"type":"comment","tags":["hive-105017","server","security","story","life","cn-reader","cn"],"app":"ecency/3.3.0-mobile","format":"markdown+html"}
`created`	2025-04-16 13:40:27
`last_update`	2025-04-16 13:40:27
`depth`	1
`children`	1
`last_payout`	2025-04-23 13:40:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	25
`author_reputation`	70,058,884,272,651
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,131,879
`net_rshares`	0

@rivalhw · Apr 18

唉，我这次也没办法，只能重装系统了

properties (22)

`author`	rivalhw
`permlink`	suw83g
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-18 02:54:54
`last_update`	2025-04-18 02:54:54
`depth`	2
`children`	0
`last_payout`	2025-04-25 02:54:54
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	17
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,162,320
`net_rshares`	0

@love5200 · Apr 16

还好及时发现了，这黑客真是防不胜防啊。

properties (22)

`author`	love5200
`permlink`	re-rivalhw-2025416t15517396z
`category`	hive-105017
`json_metadata`	{"tags":["server","security","story","life","cn-reader","cn"],"app":"ecency/4.0.3-vision","format":"markdown+html"}
`created`	2025-04-16 07:51:27
`last_update`	2025-04-16 07:51:27
`depth`	1
`children`	1
`last_payout`	2025-04-23 07:51:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	19
`author_reputation`	535,621,691,766,787
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,355
`net_rshares`	0

@rivalhw · Apr 16

是啊，这帮人逮着机会就瞎搞，纯属无聊透顶

properties (22)

`author`	rivalhw
`permlink`	suswo9
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-16 07:55:24
`last_update`	2025-04-16 07:55:24
`depth`	2
`children`	0
`last_payout`	2025-04-23 07:55:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	20
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,393
`net_rshares`	0

@mrspointm · Apr 16

@tipu curate

我办公室电脑时不时就会出来弹出安全提醒 有时候没在意 最后只好求助计算机老师 又是一顿重装系统 让我丢失了好多重要文件 TT

properties (22)

`author`	mrspointm
`permlink`	susy75
`category`	hive-105017
`json_metadata`	{"users":["tipu"],"app":"hiveblog/0.1"}
`created`	2025-04-16 08:28:15
`last_update`	2025-04-16 08:28:15
`depth`	1
`children`	2
`last_payout`	2025-04-23 08:28:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	76
`author_reputation`	1,553,298,273,811,635
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,782
`net_rshares`	0

@rivalhw · Apr 16 (edited)

内网一般没事，有对外公网固定IP，就容易被攻击。

买个移动硬盘，自己定期做好备份吧

properties (22)

`author`	rivalhw
`permlink`	suszqy
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-16 09:01:48
`last_update`	2025-04-16 09:02:18
`depth`	2
`children`	0
`last_payout`	2025-04-23 09:01:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	42
`author_reputation`	1,779,101,820,676,821
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,128,081
`net_rshares`	0

@tipu · Apr 16

<a href="https://tipu.online/hive_curator?mrspointm" target="_blank">Upvoted  &#128076;</a> (Mana: 42/62) <a href="https://peakd.com/hive/@reward.app/reward-app-quick-guide-updated" target="_blank">Liquid rewards</a>.

properties (22)

`author`	tipu
`permlink`	re-susy75-20250416t082820z
`category`	hive-105017
`json_metadata`	"{"app": "beem/0.24.26"}"
`created`	2025-04-16 08:28:21
`last_update`	2025-04-16 08:28:21
`depth`	2
`children`	0
`last_payout`	2025-04-23 08:28:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	217
`author_reputation`	55,904,160,277,845
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,127,784
`net_rshares`	0

@oflyhigh · Apr 16

不是我黑的

properties (22)

`author`	oflyhigh
`permlink`	sut9of
`category`	hive-105017
`json_metadata`	{"app":"hiveblog/0.1"}
`created`	2025-04-16 12:36:18
`last_update`	2025-04-16 12:36:18
`depth`	1
`children`	1
`last_payout`	2025-04-23 12:36:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	5
`author_reputation`	6,258,434,979,370,561
`root_title`	服务器被黑
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	142,130,819
`net_rshares`	0

@rivalhw · Apr 18

O哥你这是欲盖弥彰吧

properties (22)