坑爹的记录一下,并没有解决

Gitlab 昨天(2021-11-29)打开之后看不到项目了,下面这个吊样子

最后发现中病毒了,一堆的这个吊毛文件,复制一个打开看了一下

你别说这个黑客网页写的还不错,这种组织应该 诛九族

CERBER RANSOMWARE

说明书

您无法打开所需的文件?
您文件的内容无法阅读?

这是正常的,因为您文件的文件名和数据已经被“Cerber Ransomware”加密了。

这意味着您的文件并没有损坏!您的文件只是被修改了,这个修改是可逆的,解密之前您无法使用您的文件。

安全解密您文件的唯一方式是购买特别的解密软件“Cerber Decryptor”。

任何使用第三方软件恢复您文件的方式对您的文件来说都将是致命的!

您可以在您的个人页面上购买解密软件:

http://pigetrzlperjreyr3fbytm27bljaq4eungv3gdq2tohnoyfrqu4bx5qd.onion/bt105de1a8b160fb2876fa6f96f57f021044c382012717310ba4c2032a2ca704db464edf0509662630a290779d7f1179f90318221d3c1ce799757588104e8df3c2fbbf18e5956a0576dbf29047a9a22a94e23099a83cfe4e76b6c896e78bef9e0ee5cd24dbbe9f4e3ad9920b1bee8c0c2c80f8a4d319f500912263070d5fb5d7b13a/

您将在这个页面上看到怎样购买解密软件以恢复您的文件的详细介绍。

您也可以在这个页面上免费解密任意一份文件以确认“Cerber Decryptor”能够恢复您的任何文件。

如果您的浏览器无法打开您的个人页面,您需要安装并使用 Tor 浏览器来打开您的个人页面:

  1. 使用您的上网浏览器(如果您不知道使用 Internet Explorer 的话);
  2. 在浏览器的地址栏输入或复制地址 https://www.torproject.org/download/download-easy.html.en 并按 ENTER 键;
  3. 等待站点加载;
  4. 您将在站点上下载 Tor 浏览器;下载并运行它,按照安装指南进行操作,等待直至安装完成;
  5. 运行 Tor 浏览器;
  6. 使用“Connect”按钮进行连接(如果您使用英文版);
  7. 初始化之后将打开正常的上网浏览器窗口(初始化时您需要配置Tor浏览器的网桥或本地VPN代理才能FQ连接到Tor网络);
  8. 在浏览器地址栏中输入或复制地址
    http://pigetrzlperjreyr3fbytm27bljaq4eungv3gdq2tohnoyfrqu4bx5qd.onion/bt105de1a8b160fb2876fa6f96f57f021044c382012717310ba4c2032a2ca704db464edf0509662630a290779d7f1179f90318221d3c1ce799757588104e8df3c2fbbf18e5956a0576dbf29047a9a22a94e23099a83cfe4e76b6c896e78bef9e0ee5cd24dbbe9f4e3ad9920b1bee8c0c2c80f8a4d319f500912263070d5fb5d7b13a/
  9. 按 ENTER 键;
  10. 该站点将加载;如果由于某些原因等待一会儿后没有加载,请重试。

如果在安装期间或使用 Tor 浏览器期间有任何问题,请访问 https://www.baidu.com 并在搜索栏中输入“怎么安装 Tor 浏览器”,您将找到有关如何安装洋葱 Tor 浏览器的说明和教程。

附加信息:

您将在任何带有加密文件的文件夹中找到恢复您文件(“*README*.hta”)的说明。

带有加密文件的文件夹中的(“*README*.hta”)说明不是病毒,(“*README*.hta”)说明将帮助您解密您的文件。

请记住,最坏的情况都发生过了,您的文件还能不能用取决于您的决定和反应速度。

----------------------------2021-12-2,在解决中

相关文章

警惕!双平台挖矿僵尸网络 Sysrv-hello 盯上用户 GitLab 服务器

腾讯云容器安全服务(TCSS)捕获利用GitLab ExifTool RCE漏洞在野攻击案例

GitLab 远程命令执行漏洞复现(CVE-2021-22205)

------------------------------------2021-12-3

GitLab找到了 11-10 的备份,做了恢复,然后大家把最新的代码上传,重新备份,然后重新搭了一个,因为是docker搭建的。所以重新搭一个很方便,docker-compose 里面做了升级,先防止这个漏洞在生事端,只有这个docker container 里有问题,还有其他的一些服务,confluence gira 还有不知道的啥,因为第一搭环境不是我搭的,所以我只能看到部分,其他的细节也不是很清楚,现在老大的意思是整个服务器重新搞一遍,我想这个工程量是有些大了,做好升级以及各个软件的管理才是重点,即使系统重新搭一遍,有漏洞一样中毒。

目前我想的是先弄清楚这台服务器已经安装的都是啥,还有一些具体的配置都是啥,然后需要啥。之后做一些备份,然后让把系统重装了;另外做一些安全措施,比如管理代码的GItLab只有通过VPN才能访问,其他想不到啥,大家可以帮我出出主意啥的

------------------2021.12.07---

最近这两天发现有攻击!!!!

sudo docker container logs gitlab | grep "Thank you for playing"

用上面的搜索到了一堆

......

2021-12-05_10:18:54.42415 Received disconnect from 5.181.80.15 port 52358:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:55.15312 Received disconnect from 5.181.80.15 port 52912:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:55.73275 Received disconnect from 5.181.80.15 port 53094:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:56.40179 Received disconnect from 5.181.80.15 port 53278:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:56.42875 Received disconnect from 5.181.80.15 port 53462:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:57.03512 Received disconnect from 5.181.80.15 port 53646:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:58.28274 Received disconnect from 5.181.80.15 port 53830:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:58.40812 Received disconnect from 5.181.80.15 port 54014:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:59.50798 Received disconnect from 5.181.80.15 port 54198:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:18:59.86178 Received disconnect from 5.181.80.15 port 54382:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:00.89994 Received disconnect from 5.181.80.15 port 54566:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:01.36386 Received disconnect from 5.181.80.15 port 54748:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:01.68053 Received disconnect from 5.181.80.15 port 54934:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.11922 Received disconnect from 5.181.80.15 port 55302:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.38771 Received disconnect from 5.181.80.15 port 55118:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:03.87525 Received disconnect from 5.181.80.15 port 55486:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:05.10209 Received disconnect from 5.181.80.15 port 55854:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:19:06.02891 Received disconnect from 5.181.80.15 port 55670:11: Normal Shutdown, Thank you for playing [preauth]

........

2021-12-06_04:15:40.35091 Received disconnect from 188.166.251.221 port 54914:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:42.36727 Received disconnect from 188.166.251.221 port 49860:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:43.64879 Received disconnect from 188.166.251.221 port 36794:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:45.64857 Received disconnect from 188.166.251.221 port 39326:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:46.95939 Received disconnect from 188.166.251.221 port 34268:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:47.63012 Received disconnect from 188.166.251.221 port 41880:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:51.69799 Received disconnect from 188.166.251.221 port 51968:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:52.43925 Received disconnect from 188.166.251.221 port 44390:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:53.53751 Received disconnect from 188.166.251.221 port 46928:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:54.48499 Received disconnect from 188.166.251.221 port 57040:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:54.93217 Received disconnect from 188.166.251.221 port 54560:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:58.04736 Received disconnect from 188.166.251.221 port 49454:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.31935 Received disconnect from 188.166.251.221 port 33856:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.40580 Received disconnect from 188.166.251.221 port 36450:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:15:59.51271 Received disconnect from 188.166.251.221 port 59576:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:02.74579 Received disconnect from 188.166.251.221 port 38938:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:04.97637 Received disconnect from 188.166.251.221 port 46540:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:06.10581 Received disconnect from 188.166.251.221 port 44008:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:07.73245 Received disconnect from 188.166.251.221 port 54130:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:08.90563 Received disconnect from 188.166.251.221 port 56670:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:09.72965 Received disconnect from 188.166.251.221 port 51610:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:10.12646 Received disconnect from 188.166.251.221 port 49072:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:12.05080 Received disconnect from 188.166.251.221 port 33592:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:15.09082 Received disconnect from 188.166.251.221 port 41074:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:15.38273 Received disconnect from 188.166.251.221 port 59210:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.14651 Received disconnect from 188.166.251.221 port 36044:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.48798 Received disconnect from 188.166.251.221 port 38538:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:16.59046 Received disconnect from 188.166.251.221 port 43634:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:21.26001 Received disconnect from 188.166.251.221 port 48676:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-06_04:16:21.71931 Received disconnect from 188.166.251.221 port 46156:11: Normal Shutdown, Thank you for playing [preauth]

.................

这个ip就很有嫌疑

sudo docker container logs gitlab | grep 5.181.80.15

找个看了下就像下面这个样子,这就感觉是暴力破解呀。。。。。。。

......

2021-12-05_10:32:50.13804 Disconnected from 5.181.80.15 port 41022 [preauth]

2021-12-05_10:32:50.76195 Invalid user zk from 5.181.80.15

2021-12-05_10:32:50.94788 Received disconnect from 5.181.80.15 port 41210:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:50.94792 Disconnected from 5.181.80.15 port 41210 [preauth]

2021-12-05_10:32:51.50977 Invalid user zl from 5.181.80.15

2021-12-05_10:32:51.68562 Received disconnect from 5.181.80.15 port 41394:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:51.68567 Disconnected from 5.181.80.15 port 41394 [preauth]

2021-12-05_10:32:52.81710 Invalid user zln from 5.181.80.15

2021-12-05_10:32:52.99201 Received disconnect from 5.181.80.15 port 41578:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:52.99205 Disconnected from 5.181.80.15 port 41578 [preauth]

2021-12-05_10:32:53.79301 Invalid user zl from 5.181.80.15

2021-12-05_10:32:53.96808 Received disconnect from 5.181.80.15 port 41762:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:53.96812 Disconnected from 5.181.80.15 port 41762 [preauth]

2021-12-05_10:32:54.95818 Invalid user zmingxing from 5.181.80.15

2021-12-05_10:32:54.99551 Invalid user zmj from 5.181.80.15

2021-12-05_10:32:55.13449 Received disconnect from 5.181.80.15 port 41946:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:55.13455 Disconnected from 5.181.80.15 port 41946 [preauth]

2021-12-05_10:32:55.17799 Received disconnect from 5.181.80.15 port 42130:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:55.17803 Disconnected from 5.181.80.15 port 42130 [preauth]

2021-12-05_10:32:56.89954 Invalid user zoomway from 5.181.80.15

2021-12-05_10:32:57.29566 Received disconnect from 5.181.80.15 port 42498:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:57.29573 Disconnected from 5.181.80.15 port 42498 [preauth]

2021-12-05_10:32:58.14266 Invalid user zq26 from 5.181.80.15

2021-12-05_10:32:58.32725 Received disconnect from 5.181.80.15 port 42682:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:58.32731 Disconnected from 5.181.80.15 port 42682 [preauth]

2021-12-05_10:32:58.86544 Invalid user zqs from 5.181.80.15

2021-12-05_10:32:59.04274 Received disconnect from 5.181.80.15 port 43050:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:59.04279 Disconnected from 5.181.80.15 port 43050 [preauth]

2021-12-05_10:32:59.73419 Invalid user zookeeper from 5.181.80.15

2021-12-05_10:32:59.90901 Received disconnect from 5.181.80.15 port 42314:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:32:59.90907 Disconnected from 5.181.80.15 port 42314 [preauth]

2021-12-05_10:33:00.18674 Invalid user zqc from 5.181.80.15

2021-12-05_10:33:00.31154 Invalid user zrp from 5.181.80.15

2021-12-05_10:33:00.36284 Received disconnect from 5.181.80.15 port 42866:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:00.36289 Disconnected from 5.181.80.15 port 42866 [preauth]

2021-12-05_10:33:00.48646 Received disconnect from 5.181.80.15 port 43234:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:00.48650 Disconnected from 5.181.80.15 port 43234 [preauth]

2021-12-05_10:33:01.74575 Invalid user zswang from 5.181.80.15

2021-12-05_10:33:01.92205 Received disconnect from 5.181.80.15 port 43416:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:01.92209 Disconnected from 5.181.80.15 port 43416 [preauth]

2021-12-05_10:33:02.32103 Invalid user zswang from 5.181.80.15

2021-12-05_10:33:02.49579 Received disconnect from 5.181.80.15 port 43602:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:02.49582 Disconnected from 5.181.80.15 port 43602 [preauth]

2021-12-05_10:33:02.73695 Invalid user zuoying from 5.181.80.15

2021-12-05_10:33:02.83117 Invalid user zs from 5.181.80.15

2021-12-05_10:33:03.00664 Received disconnect from 5.181.80.15 port 43786:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:03.00670 Disconnected from 5.181.80.15 port 43786 [preauth]

2021-12-05_10:33:03.13029 Received disconnect from 5.181.80.15 port 43970:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:03.13034 Disconnected from 5.181.80.15 port 43970 [preauth]

2021-12-05_10:33:03.89042 Invalid user zws from 5.181.80.15

2021-12-05_10:33:04.07824 Invalid user zxc from 5.181.80.15

2021-12-05_10:33:04.25347 Received disconnect from 5.181.80.15 port 44338:11: Normal Shutdown, Thank you for playing [preauth]

2021-12-05_10:33:04.25353 Disconnected from 5.181.80.15 port 44338 [preauth]

........

真的,暴露外网是很方便,也带来了很多问题!

还有另外一个也看起来很有毛病的log

sudo docker container logs gitlab | grep test*.jpg

也是有好多,而且这个IP是国外的 212.3.101.118; 107.172.198.108

目前我的发现就这些

GitLab 无仓库 中了勒索病毒的更多相关文章

  1. win7系统防止中招勒索病毒

    echo @@ netsh advfirewall firewall add rule name= netsh advfirewall firewall add rule name= netsh ad ...

  2. 中了勒索病毒的win7系统

  3. 某企业用友U8+中勒索病毒后数据修复及重新实施过程记录

    近期某客户中了勒索病毒,虽然前期多次提醒客户注意异地备份,但始终未执行,导致悲剧. 经过几天的努力,该客户信息系统已基本恢复正常运行,现将相关过程记录如下,作为警示. 方案抉择 交赎金解密:风险过高, ...

  4. Window应急响应(三):勒索病毒

    0x00 前言 ​ 勒索病毒,是一种新型电脑病毒,主要以邮件.程序木马.网页挂马的形式进行传播.该病毒性质恶劣.危害极大,一旦感染将给用户带来无法估量的损失.这种病毒利用各种加密算法对文件进行加密,被 ...

  5. "WannaCry"勒索病毒用户处置指南

    "WannaCry"勒索病毒用户处置指南   原文: http://mp.weixin.qq.com/s/ExsribKum9-AN1ToT10Zog    卡巴斯基,下载官网:h ...

  6. 4.Windows应急响应:勒索病毒

    0x00 前言 勒索病毒,是一种新型电脑病毒,主要以邮件.程序木马.网页挂马的形式进行传播.该病毒性质恶劣. 危害极大,一旦感染将给用户带来无法估量的损失.这种病毒利用各种加密算法对文件进行加密,被感 ...

  7. .sarut后缀病毒,勒索病毒

    前两天朋友的电脑中所有的文件后缀名都被改为.sarut 一看就是中了勒索病毒 每个文件夹下都有一个勒索信 查资料后发现这个病毒是STOP病毒的变种 可能是朋友使用windows激活工具了,然后这个病毒 ...

  8. Shade勒索病毒 中敲诈病毒解密 如 issbakev9_Data.MDF.id-A1E.f_tactics@aol.com.xtbl 解决方法

    [客户名称]:福建福州市某烘焙连锁企业 [软件名称]:思迅烘焙之星V9总部 [数据库版本]:MS SQL server 2000  [数据库大小]:4.94GB [问题描述]:由于客户服务器安全层薄弱 ...

  9. 紧急通知:Onion勒索病毒正在大范围传播!已有大量学生中招!(转)

    在5月12日晚上20点左右,全国各地的高校学生纷纷反映,自己的电脑遭到病毒的攻击,文档被加密,壁纸遭到篡改,并且在桌面上出现窗口,强制学生支付等价300美元的比特币到攻击者账户上.我们的一位成员和其多 ...

  10. gitstats 统计gitlab仓库中的代码

    使用Git版本库,有一些可视化的工具,如gitk,giggle等,来查看项目的开发历史.但对于大型的项目,这些简单的可视化工具远远不足以了解项目完整的开发历史,一些定量的统计数据(如每日提交量,行数等 ...

随机推荐

  1. LDAP数据过滤问题

    集成ldap同步用户遇到的问题: 首先说明同步需求: 业务需要只同步 objectClass 类型为user的用户 连接ldap查询用户的时候 过滤器只加了 .where("objectCl ...

  2. Appweb配置

    Appweb配置       具体配置网页=> https://www.embedthis.com/appweb/doc/users/configuration.html         具体参 ...

  3. 笔记:C++学习之旅---try语句和异常处理

        异常处理机制为程序中异常检测和异常处理这两部分的协作提供支持,在C++语言中,异常处理包括:     *throw表达式(throw expression),异常检测部分使用throw表带是来 ...

  4. 【解决方法】windos server 2019 在批量创建DNS的正向与反向记录时,提示报错: >Command failed: ERROR_ACCESS_DENIED 5 0x5

    目录-快速跳转 问题描述 原因分析: 解决方案: 附言: 问题描述 操作环境与场景: 在 VM 内 windos server 2019 在批量创建DNS的正向与反向记录时,提示报错: Command ...

  5. 2022-12-13:游戏玩法分析 I。写一条 SQL 查询语句获取每位玩家 第一次登陆平台的日期。 +-----------+-------------+ | player_id | first_l

    2022-12-13:游戏玩法分析 I.写一条 SQL 查询语句获取每位玩家 第一次登陆平台的日期. ±----------±------------+ | player_id | first_log ...

  6. RabbitMQ系列-概念及安装

    1. 消息队列 消息队列是指利用队列这种数据结构进行消息发送.缓存.接收,使得进程间能相互通信,是点对点的通信 而消息代理是对消息队列的扩展,支持对消息的路由,是发布-订阅模式的通信,消息的发送者并不 ...

  7. Python基础 - 赋值运算符

    以下假设变量a为10,变量b为20: 运算符 描述 实例 = 简单的赋值运算符 c = a + b 将 a + b 的运算结果赋值为 c += 加法赋值运算符 c += a 等效于 c = c + a ...

  8. SqlServer 设置用户只能访问特定表、特定数据库

    设置用户只能访问特定表.特定数据库 一.只能访问特定数据库 1.[安全性]-[登录名]右击用户.打开属性,选择用户映射,勾选特定数据库 2. 如果 服务器角色 勾选了 [查看任意数据库],那么登录后会 ...

  9. 为什么 Biopython 的在线 BLAST 这么慢?

    用过网页版本 BLAST 的童鞋都会发现,提交的序列比对往往在几分钟,甚至几十秒就可以得到比对的结果:而通过调用 API 却要花费几十分钟或者更长的时间!这到底是为什么呢? NCBIWWW 基本用法 ...

  10. 尚医通day09-【用户平台搭建详细步骤】(内附源码)

    页面预览 首页 医院详情 第01章-服务器端渲染和客户端渲染 1.搜索引擎优化 1.1.什么是搜索引擎优化 SEO 是网站为了获得更多的流量,对网站的结构及内容进行调整和优化,以便搜索引擎 (百度,g ...