SimpleZero

【阿里云/腾讯云】安骑士/云镜卸载
使用过阿里云服务器的小伙伴们应该都知道所有的阿里云服务器都被自动安装了阿里云盾(安骑士),可以自动扫描查杀病毒,同...
扫描右侧二维码阅读全文
29
2018/11

【阿里云/腾讯云】安骑士/云镜卸载

使用过阿里云服务器的小伙伴们应该都知道所有的阿里云服务器都被自动安装了阿里云盾(安骑士),可以自动扫描查杀病毒,同时还可以检测你的服务器是否有违规进程,如代理等相关进程。那么云盾IP又是做什么的?云盾IP是来自阿里云漏洞扫描机,主要是检测你的服务器是否存在已知漏洞。阿里云盾(安骑士)有好处,也有弊端,好处是一定程度保证你的服务器安全(然而没什么软用TAT),弊端是时时刻刻监控你的云服务器,完全没有任何隐私而言,对病毒,后门等无法起监控作用,反而对你存放的内容进行扫描,举个例子,假如你的网站放在阿里云的服务器上,若网站存在违反社会主义核心价值观的内容,又或者你用服务器进行科学上网,那么一但被云盾检测到,服务器将会被关停,并收到警告邮件。

脚本卸载

#下载脚本
wget https://mikuac.com/shell/jk_uninstall.sh
#授脚本执行权
chmod +x jk_uninstall.sh
#卸载阿里云
./jk_uninstall.sh ai
#卸载腾讯云
./jk_uninstall.sh tx

手动卸载

Linux卸载云盾:卸载云盾并屏蔽云盾IP

1.卸载云盾

wget http://update.aegis.aliyun.com/download/uninstall.sh
sh uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sh quartz_uninstall.sh

2.删除残留

pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*

3.屏蔽云盾IP

iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP
iptables -I INPUT -s 140.205.225.195/32 -j DROP
iptables -I INPUT -s 140.205.225.204/32 -j DROP

Windows卸载云盾

新建一个bat文件,将下面内容复制进去,在windows服务器上右键以管理员身份运行即可

tasklist /FI "IMAGENAME eq Ali_update.exe"
taskkill /F /IM Ali_update.exe
taskkill /F /IM AliHids.exe
sc stop "Alibaba Security Aegis Detect Service"
sc stop "Alibaba Security Aegis Update Service"
sc delete "Alibaba Security Aegis Detect Service"
sc delete "Alibaba Security Aegis Update Service"
rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client"
rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client"
ping update.aegis.aliyun.com -n 5>nul
rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client"
rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client"
rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_update"
rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_update"
rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\alihids"
rmdir /s /q "C:\Program Files\Alibaba\Aegis\alihids"

腾讯云方案

#!/bin/bash
#fuck tx process
rm -rf /usr/local/sa
rm -rf /usr/local/agenttools
rm -rf /usr/local/qcloud
process=(sap100 secu-tcs-agent sgagent64 barad_agent agent agentPlugInD pvdriver )
for i in ${process[@]}
do
  for A in $(ps aux | grep $i | grep -v grep | awk '{print $2}')
  do
    kill -9 $A
  done
done
 
chkconfig --level 35 postfix off
service postfix stop
echo ''>/var/spool/cron/root
echo '#!/bin/bash' >/etc/rc.local
最后修改:2018 年 12 月 04 日 06 : 03 PM
如果觉得我的文章对你有用,请随意赞赏

发表评论

16 条评论

  1. 蝉時雨
      Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 72.0.3626.121(Google Chrome 72.0.3626.121)

    其实我只是来收图的~

  2. Doratree
      Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 71.0.3578.98(Google Chrome 71.0.3578.98)

    想知道代码框用的是啥插件,还可以放大!!!

  3. canadian pharmacy world
      Windows 8(Windows 8) / Google Chrome 59.0.3061.96(Google Chrome 59.0.3061.96)

    Fine tips. Thanks a lot.

  4. 范明明
      Windows 10 x64 Edition(Windows 10 x64 Edition) / Microsoft Edge 18.17763(Microsoft Edge 18.17763)

    腾讯云这个怎么使用?

  5. 烟雨寒云
      Android 8.1.0(Android 8.1.0) / Google Chrome 70.0.3538.80(Google Chrome 70.0.3538.80)

    今天刚买了一台阿里小鸡放图床,一会儿就去把云盾干了

    1. Zero
        Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
      @烟雨寒云

      24的小鸡吗不知道阿里什么时候这么良心了,可惜电信绕NTT了

    2. Zero
        Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
      @烟雨寒云

      大佬你博客过滤有点狠啊,死活评论不上

      1. 烟雨寒云
          Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 71.0.3578.10(Google Chrome 71.0.3578.10)
        @Zero

        前几天被刷的数据库爆炸,所以过滤加强了点

  6. 森七
      Windows 7 x64 Edition(Windows 7 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)

    管他那么多,先转了再说嘛

    1. Zero
        Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
      1. emmm
          Mac OS X 10.14.1(Mac OS X 10.14.1) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
        @Zero

        博主,你这个博客主页文章布局是怎么弄得,还有博文显示

        1. SimpleZero
            Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
          @emmm

          需要自己修改模板文件哦

          1. emmm
              Mac OS X 10.14.1(Mac OS X 10.14.1) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
            @SimpleZero
            该评论仅登录用户及评论双方可见
            1. SimpleZero
                Windows 10 x64 Edition(Windows 10 x64 Edition) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
              @emmm

              css和js,我这个大概改了1000多行代码

              1. emmm
                  Mac OS X 10.14.1(Mac OS X 10.14.1) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)
                @SimpleZero

                那我还是求打包好的文件吧。

  7. emmm
      Mac OS X 10.14.1(Mac OS X 10.14.1) / Google Chrome 70.0.3538.110(Google Chrome 70.0.3538.110)

    博主,你这个博客文章布局是怎么弄得好看内