坑爹的记录一下,并没有解决

Gitlab 昨天(2021-11-29)打开之后看不到项目了,下面这个吊样子

最后发现中病毒了,一堆的这个吊毛文件,复制一个打开看了一下

你别说这个黑客网页写的还不错,这种组织应该 诛九族

CERBER RANSOMWARE

说明书

您无法打开所需的文件?
您文件的内容无法阅读?

这是正常的,因为您文件的文件名和数据已经被“Cerber Ransomware”加密了。

这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之前您无法使用您的文件。

安全解密您文件的唯一方式是购买特别的解密软件“Cerber Decryptor”。

任何使用第三方软件恢复您文件的方式对您的文件来说都将是致命的!

您可以在您的个人页面上购买解密软件:

http://pigetrzlperjreyr3fbytm27bljaq4eungv3gdq2tohnoyfrqu4bx5qd.onion/bt105de1a8b160fb2876fa6f96f57f021044c382012717310ba4c2032a2ca704db464edf0509662630a290779d7f1179f90318221d3c1ce799757588104e8df3c2fbbf18e5956a0576dbf29047a9a22a94e23099a83cfe4e76b6c896e78bef9e0ee5cd24dbbe9f4e3ad9920b1bee8c0c2c80f8a4d319f500912263070d5fb5d7b13a/

您将在这个页面上看到怎样购买解密软件以恢复您的文件的详细介绍。

您也可以在这个页面上免费解密任意一份文件以确认“Cerber Decryptor”能够恢复您的任何文件。

如果您的浏览器无法打开您的个人页面,您需要安装并使用 Tor 浏览器来打开您的个人页面:

  1. 使用您的上网浏览器(如果您不知道使用 Internet Explorer 的话);
  2. 在浏览器的地址栏输入或复制地址 https://www.torproject.org/download/download-easy.html.en 并按 ENTER 键;
  3. 等待站点加载;
  4. 您将在站点上下载 Tor 浏览器;下载并运行它,按照安装指南进行操作,等待直至安装完成;
  5. 运行 Tor 浏览器;
  6. 使用“Connect”按钮进行连接(如果您使用英文版);
  7. 初始化之后将打开正常的上网浏览器窗口(初始化时您需要配置Tor浏览器的网桥或本地VPN代理才能FQ连接到Tor网络);
  8. 在浏览器地址栏中输入或复制地址
    http://pigetrzlperjreyr3fbytm27bljaq4eungv3gdq2tohnoyfrqu4bx5qd.onion/bt105de1a8b160fb2876fa6f96f57f021044c382012717310ba4c2032a2ca704db464edf0509662630a290779d7f1179f90318221d3c1ce799757588104e8df3c2fbbf18e5956a0576dbf29047a9a22a94e23099a83cfe4e76b6c896e78bef9e0ee5cd24dbbe9f4e3ad9920b1bee8c0c2c80f8a4d319f500912263070d5fb5d7b13a/
  9. 按 ENTER 键;
  10. 该站点将加载;如果由于某些原因等待一会儿后没有加载,请重试。

如果在安装期间或使用 Tor 浏览器期间有任何问题,请访问 https://www.baidu.com 并在搜索栏中输入“怎么安装 Tor 浏览器”,您将找到有关如何安装洋葱 Tor 浏览器的说明和教程。

附加信息:

您将在任何带有加密文件的文件夹中找到恢复您文件(“*README*.hta”)的说明。

带有加密文件的文件夹中的(“*README*.hta”)说明不是病毒,(“*README*.hta”)说明将帮助您解密您的文件。

请记住,最坏的情况都发生过了,您的文件还能不能用取决于您的决定和反应速度。

----------------------------2021-12-2,在解决中

相关文章

警惕!双平台挖矿僵尸网络 Sysrv-hello 盯上用户 GitLab 服务器

腾讯云容器安全服务(TCSS)捕获利用GitLab ExifTool RCE漏洞在野攻击案例

GitLab 远程命令执行漏洞复现(CVE-2021-22205)

------------------------------------2021-12-3

GitLab找到了 11-10 的备份,做了恢复,然后大家把最新的代码上传,重新备份,然后重新搭了一个,因为是docker搭建的。所以重新搭一个很方便,docker-compose 里面做了升级,先防止这个漏洞在生事端,只有这个docker container 里有问题,还有其他的一些服务,confluence gira 还有不知道的啥,因为第一搭环境不是我搭的,所以我只能看到部分,其他的细节也不是很清楚,现在老大的意思是整个服务器重新搞一遍,我想这个工程量是有些大了,做好升级以及各个软件的管理才是重点,即使系统重新搭一遍,有漏洞一样中毒。

目前我想的是先弄清楚这台服务器已经安装的都是啥,还有一些具体的配置都是啥,然后需要啥。之后做一些备份,然后让把系统重装了;另外做一些安全措施,比如管理代码的GItLab只有通过VPN才能访问,其他想不到啥,大家可以帮我出出主意啥的

------------------2021.12.07---

最近这两天发现有攻击!!!!

sudo docker container logs gitlab | grep "Thank you for playing"

用上面的搜索到了一堆

......

2021-12-05_10:18:54.42415 Received disconnect from 5.181.80.15 port 52358:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:55.15312 Received disconnect from 5.181.80.15 port 52912:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:55.73275 Received disconnect from 5.181.80.15 port 53094:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:56.40179 Received disconnect from 5.181.80.15 port 53278:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:56.42875 Received disconnect from 5.181.80.15 port 53462:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:57.03512 Received disconnect from 5.181.80.15 port 53646:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:58.28274 Received disconnect from 5.181.80.15 port 53830:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:58.40812 Received disconnect from 5.181.80.15 port 54014:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:59.50798 Received disconnect from 5.181.80.15 port 54198:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:59.86178 Received disconnect from 5.181.80.15 port 54382:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:00.89994 Received disconnect from 5.181.80.15 port 54566:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:01.36386 Received disconnect from 5.181.80.15 port 54748:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:01.68053 Received disconnect from 5.181.80.15 port 54934:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.11922 Received disconnect from 5.181.80.15 port 55302:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.38771 Received disconnect from 5.181.80.15 port 55118:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.87525 Received disconnect from 5.181.80.15 port 55486:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:05.10209 Received disconnect from 5.181.80.15 port 55854:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:06.02891 Received disconnect from 5.181.80.15 port 55670:11: Normal Shutdown, Thank you for playing [preauth]

........

2021-12-06_04:15:40.35091 Received disconnect from 188.166.251.221 port 54914:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:42.36727 Received disconnect from 188.166.251.221 port 49860:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:43.64879 Received disconnect from 188.166.251.221 port 36794:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:45.64857 Received disconnect from 188.166.251.221 port 39326:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:46.95939 Received disconnect from 188.166.251.221 port 34268:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:47.63012 Received disconnect from 188.166.251.221 port 41880:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:51.69799 Received disconnect from 188.166.251.221 port 51968:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:52.43925 Received disconnect from 188.166.251.221 port 44390:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:53.53751 Received disconnect from 188.166.251.221 port 46928:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:54.48499 Received disconnect from 188.166.251.221 port 57040:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:54.93217 Received disconnect from 188.166.251.221 port 54560:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:58.04736 Received disconnect from 188.166.251.221 port 49454:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.31935 Received disconnect from 188.166.251.221 port 33856:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.40580 Received disconnect from 188.166.251.221 port 36450:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.51271 Received disconnect from 188.166.251.221 port 59576:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:02.74579 Received disconnect from 188.166.251.221 port 38938:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:04.97637 Received disconnect from 188.166.251.221 port 46540:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:06.10581 Received disconnect from 188.166.251.221 port 44008:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:07.73245 Received disconnect from 188.166.251.221 port 54130:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:08.90563 Received disconnect from 188.166.251.221 port 56670:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:09.72965 Received disconnect from 188.166.251.221 port 51610:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:10.12646 Received disconnect from 188.166.251.221 port 49072:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:12.05080 Received disconnect from 188.166.251.221 port 33592:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:15.09082 Received disconnect from 188.166.251.221 port 41074:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:15.38273 Received disconnect from 188.166.251.221 port 59210:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.14651 Received disconnect from 188.166.251.221 port 36044:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.48798 Received disconnect from 188.166.251.221 port 38538:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.59046 Received disconnect from 188.166.251.221 port 43634:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:21.26001 Received disconnect from 188.166.251.221 port 48676:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:21.71931 Received disconnect from 188.166.251.221 port 46156:11: Normal Shutdown, Thank you for playing [preauth]

.................

这个ip就很有嫌疑

sudo docker container logs gitlab | grep 5.181.80.15

找个看了下就像下面这个样子,这就感觉是暴力破解呀。。。。。。。

......

2021-12-05_10:32:50.13804 Disconnected from 5.181.80.15 port 41022 [preauth]

2021-12-05_10:32:50.76195 Invalid user zk from 5.181.80.15

2021-12-05_10:32:50.94788 Received disconnect from 5.181.80.15 port 41210:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:50.94792 Disconnected from 5.181.80.15 port 41210 [preauth]

2021-12-05_10:32:51.50977 Invalid user zl from 5.181.80.15

2021-12-05_10:32:51.68562 Received disconnect from 5.181.80.15 port 41394:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:51.68567 Disconnected from 5.181.80.15 port 41394 [preauth]

2021-12-05_10:32:52.81710 Invalid user zln from 5.181.80.15

2021-12-05_10:32:52.99201 Received disconnect from 5.181.80.15 port 41578:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:52.99205 Disconnected from 5.181.80.15 port 41578 [preauth]

2021-12-05_10:32:53.79301 Invalid user zl from 5.181.80.15

2021-12-05_10:32:53.96808 Received disconnect from 5.181.80.15 port 41762:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:53.96812 Disconnected from 5.181.80.15 port 41762 [preauth]

2021-12-05_10:32:54.95818 Invalid user zmingxing from 5.181.80.15

2021-12-05_10:32:54.99551 Invalid user zmj from 5.181.80.15

2021-12-05_10:32:55.13449 Received disconnect from 5.181.80.15 port 41946:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:55.13455 Disconnected from 5.181.80.15 port 41946 [preauth]

2021-12-05_10:32:55.17799 Received disconnect from 5.181.80.15 port 42130:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:55.17803 Disconnected from 5.181.80.15 port 42130 [preauth]

2021-12-05_10:32:56.89954 Invalid user zoomway from 5.181.80.15

2021-12-05_10:32:57.29566 Received disconnect from 5.181.80.15 port 42498:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:57.29573 Disconnected from 5.181.80.15 port 42498 [preauth]

2021-12-05_10:32:58.14266 Invalid user zq26 from 5.181.80.15

2021-12-05_10:32:58.32725 Received disconnect from 5.181.80.15 port 42682:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:58.32731 Disconnected from 5.181.80.15 port 42682 [preauth]

2021-12-05_10:32:58.86544 Invalid user zqs from 5.181.80.15

2021-12-05_10:32:59.04274 Received disconnect from 5.181.80.15 port 43050:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:59.04279 Disconnected from 5.181.80.15 port 43050 [preauth]

2021-12-05_10:32:59.73419 Invalid user zookeeper from 5.181.80.15

2021-12-05_10:32:59.90901 Received disconnect from 5.181.80.15 port 42314:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:59.90907 Disconnected from 5.181.80.15 port 42314 [preauth]

2021-12-05_10:33:00.18674 Invalid user zqc from 5.181.80.15

2021-12-05_10:33:00.31154 Invalid user zrp from 5.181.80.15

2021-12-05_10:33:00.36284 Received disconnect from 5.181.80.15 port 42866:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:00.36289 Disconnected from 5.181.80.15 port 42866 [preauth]

2021-12-05_10:33:00.48646 Received disconnect from 5.181.80.15 port 43234:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:00.48650 Disconnected from 5.181.80.15 port 43234 [preauth]

2021-12-05_10:33:01.74575 Invalid user zswang from 5.181.80.15

2021-12-05_10:33:01.92205 Received disconnect from 5.181.80.15 port 43416:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:01.92209 Disconnected from 5.181.80.15 port 43416 [preauth]

2021-12-05_10:33:02.32103 Invalid user zswang from 5.181.80.15

2021-12-05_10:33:02.49579 Received disconnect from 5.181.80.15 port 43602:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:02.49582 Disconnected from 5.181.80.15 port 43602 [preauth]

2021-12-05_10:33:02.73695 Invalid user zuoying from 5.181.80.15

2021-12-05_10:33:02.83117 Invalid user zs from 5.181.80.15

2021-12-05_10:33:03.00664 Received disconnect from 5.181.80.15 port 43786:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:03.00670 Disconnected from 5.181.80.15 port 43786 [preauth]

2021-12-05_10:33:03.13029 Received disconnect from 5.181.80.15 port 43970:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:03.13034 Disconnected from 5.181.80.15 port 43970 [preauth]

2021-12-05_10:33:03.89042 Invalid user zws from 5.181.80.15

2021-12-05_10:33:04.07824 Invalid user zxc from 5.181.80.15

2021-12-05_10:33:04.25347 Received disconnect from 5.181.80.15 port 44338:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:04.25353 Disconnected from 5.181.80.15 port 44338 [preauth]

........

真的,暴露外网是很方便,也带来了很多问题!

还有另外一个也看起来很有毛病的log

sudo docker container logs gitlab | grep test*.jpg

也是有好多,而且这个IP是国外的 212.3.101.118; 107.172.198.108

目前我的发现就这些

GitLab 无仓库 中了勒索病毒的更多相关文章

  1. win7系统防止中招勒索病毒

    echo @@ netsh advfirewall firewall add rule name= netsh advfirewall firewall add rule name= netsh ad ...

  2. 中了勒索病毒的win7系统

  3. 某企业用友U8+中勒索病毒后数据修复及重新实施过程记录

    近期某客户中了勒索病毒,虽然前期多次提醒客户注意异地备份,但始终未执行,导致悲剧. 经过几天的努力,该客户信息系统已基本恢复正常运行,现将相关过程记录如下,作为警示. 方案抉择 交赎金解密:风险过高, ...

  4. Window应急响应(三):勒索病毒

    0x00 前言 ​ 勒索病毒,是一种新型电脑病毒,主要以邮件.程序木马.网页挂马的形式进行传播.该病毒性质恶劣.危害极大,一旦感染将给用户带来无法估量的损失.这种病毒利用各种加密算法对文件进行加密,被 ...

  5. "WannaCry"勒索病毒用户处置指南

    "WannaCry"勒索病毒用户处置指南   原文: http://mp.weixin.qq.com/s/ExsribKum9-AN1ToT10Zog    卡巴斯基,下载官网:h ...

  6. 4.Windows应急响应:勒索病毒

    0x00 前言 勒索病毒,是一种新型电脑病毒,主要以邮件.程序木马.网页挂马的形式进行传播.该病毒性质恶劣. 危害极大,一旦感染将给用户带来无法估量的损失.这种病毒利用各种加密算法对文件进行加密,被感 ...

  7. .sarut后缀病毒,勒索病毒

    前两天朋友的电脑中所有的文件后缀名都被改为.sarut 一看就是中了勒索病毒 每个文件夹下都有一个勒索信 查资料后发现这个病毒是STOP病毒的变种 可能是朋友使用windows激活工具了,然后这个病毒 ...

  8. Shade勒索病毒 中敲诈病毒解密 如 issbakev9_Data.MDF.id-A1E.f_tactics@aol.com.xtbl 解决方法

    [客户名称]:福建福州市某烘焙连锁企业 [软件名称]:思迅烘焙之星V9总部 [数据库版本]:MS SQL server 2000  [数据库大小]:4.94GB [问题描述]:由于客户服务器安全层薄弱 ...

  9. 紧急通知:Onion勒索病毒正在大范围传播!已有大量学生中招!(转)

    在5月12日晚上20点左右,全国各地的高校学生纷纷反映,自己的电脑遭到病毒的攻击,文档被加密,壁纸遭到篡改,并且在桌面上出现窗口,强制学生支付等价300美元的比特币到攻击者账户上.我们的一位成员和其多 ...

  10. gitstats 统计gitlab仓库中的代码

    使用Git版本库,有一些可视化的工具,如gitk,giggle等,来查看项目的开发历史.但对于大型的项目,这些简单的可视化工具远远不足以了解项目完整的开发历史,一些定量的统计数据(如每日提交量,行数等 ...

随机推荐

  1. C# 当前进程是否有控制台窗口

    WPF应用程序,在VS的项目属性中,可以设置输出类型: 那我们在代码中,如何判断应用的类型呢.有没有控制台?是否Windows应用程序还是控制台应用程序? Kernel32下函数GetConsoleW ...

  2. SQLite3数据库的介绍和使用(面向业务编程-数据库)

    SQLite3数据库的介绍和使用(面向业务编程-数据库) SQLite3介绍 SQLite是一种用C语言实现的的SQL数据库 它的特点有:轻量级.快速.独立.高可靠性.跨平台 它广泛应用在全世界范围内 ...

  3. Azure Devops上模版化K8s部署

    在2022年我们终于完成了主要业务系统上K8s的计划,在这里总结下我们上K8s时候的模版工程. 前提条件 本文不讨论K8s是什么,什么是容器化,为什么需要容器化,什么是微服务等这些基础内容,这些到处说 ...

  4. PostgreSQL-HA 高可用集群在 Rainbond 上的部署方案

    PostgreSQL 是一种流行的开源关系型数据库管理系统.它提供了标准的SQL语言接口用于操作数据库. repmgr 是一个用于 PostgreSQL 数据库复制管理的开源工具.它提供了自动化的复制 ...

  5. DevOps|AGI : 智能时代研发效能平台新引擎(上)

    AGI 的出现,给了我们一个新视角去审视我们做过的系统,尤其是研发效能平台.研发效能平台作为一个工具平台,本质就是提高公司整体产研的效率.AGI 的快速进步大家已经有目共睹,本文就是在项目协同,代码管 ...

  6. 2023-03-29:如何高效计算三条线路选择方案?小A的旅行线路规划问题

    2023-03-29:第一行有一个正整数n(3<=n<=100000),代表小A拟定的路线数量 第二行有n个正整数,第i个代表第i条路线的起始日期 第三行有n个正整数,第i个代表第i条路线 ...

  7. 从 DevOps 到平台工程:软件开发的新范式

    DevOps 是一种将开发和运营结合起来的方法,在应用规划.开发.交付和运营方面将人员.流程和技术结合起来.DevOps 使以前孤立的角色(如开发.IT运营.质量工程和安全)之间进行协调和合作.一直以 ...

  8. 2014年蓝桥杯C/C++大学B组省赛真题(奇怪的分式)

    题目描述: 上小学的时候,小明经常自己发明新算法.一次,老师出的题目是:1/4 乘以 8/5 小明居然把分子拼接在一起,分母拼接在一起,答案是:18/45 (参见图1.png)老师刚想批评他,转念一想 ...

  9. linux DNS域名解析

    目录 一.DNS概念 二.域名格式类型 三.查询类型 四.解析类型 五.配置DNS 六.dns解析实验 1.配置正向解析 2.反向解析 3.主从解析 一.DNS概念 概念:域名和IP地址的相互映射的分 ...

  10. Spring Cloud开发实践(七): 集成Consul配置中心

    目录 Spring Cloud开发实践(一): 简介和根模块 Spring Cloud开发实践(二): Eureka服务和接口定义 Spring Cloud开发实践(三): 接口实现和下游调用 Spr ...