首页 > 资讯 > 企业安全 > 正文

阿里云某策略设计不当导致客户疏忽情况下易被入侵

16-07-18 来源：[db:作者]

收藏我要投稿

建议尽早强制加上某策略

阿里云上,客户的accesskey 一旦泄漏，入侵便畅通无阻

accesskey的泄漏，最简单的查找方式就是github上。随便一搜相关词，出来了很多。

下面，仅仅以和阿里云有一点点关系的阿里健康-----中信二十一世纪作为示例。还有很多，就不一一提出来了

求打雷，求精华~

从这个地址上得到accesskey

https://github.com/tlk20071/spring-mvc/blob/3537ae53510f926420714beb888e4ba6b715d160/spring-mvc-demo/src/main/resources/system_config.properties

拿到accesskey 后。阿里云提供了相当丰富的api。为了控制权限，我选择了两个。ecs和alidns

列举了这个accesskey 关联的ecs主机。大概有186个主机。

{u'IpAddress': [u'115.28.180.203']}

iZ28zqhfxysZi-28zqhfxys

{u'IpAddress': [u'101.200.186.4']}

iZ25xikk5jvZi-25xikk5jv

{u'IpAddress': [u'58.96.190.236']}

iZ62iuiwot9Zi-62iuiwot9

{u'IpAddress': [u'120.26.234.37']}

iZ23kbeuey0Zi-23kbeuey0

{u'IpAddress': [u'120.26.233.73']}

iZ235wj7xg3Zi-235wj7xg3

{u'IpAddress': [u'121.43.121.21']}

iZ23eqnmj0zZi-23eqnmj0z

{u'IpAddress': [u'121.41.46.205']}

iZ23jc293p7Zi-23jc293p7

{u'IpAddress': [u'120.26.140.247']}

iZ23i33qtbqZi-23i33qtbq

{u'IpAddress': [u'120.55.84.144']}

iZ235e9krfyZi-235e9krfy

{u'IpAddress': [u'120.26.61.24']}

iZ23lfgzukoZi-23lfgzuko

{u'IpAddress': [u'120.55.84.119']}

iZ23j6s1842Zi-23j6s1842

{u'IpAddress': [u'121.41.46.110']}

iZ23rkcy39mZi-23rkcy39m

{u'IpAddress': [u'121.40.194.84']}

iZ23g87wjz1Zi-23g87wjz1

{u'IpAddress': [u'120.26.54.142']}

iZ23n3kscitZi-23n3kscit

{u'IpAddress': [u'120.55.84.122']}

iZ23sr3oyt0Zi-23sr3oyt0

{u'IpAddress': [u'121.43.107.51']}

iZ23fboxv7hZi-23fboxv7h

{u'IpAddress': [u'121.43.107.36']}

iZ23dado214Zi-23dado214

{u'IpAddress': [u'120.26.64.70']}

iZ23n28w4mtZi-23n28w4mt

{u'IpAddress': [u'121.43.154.83']}

iZ23fzm0nuhZi-23fzm0nuh

{u'IpAddress': [u'121.40.64.10']}

iZ23a8ss58uZi-23a8ss58u

{u'IpAddress': [u'120.26.122.96']}

iZ231h3pqw9Zi-231h3pqw9

{u'IpAddress': [u'120.26.75.106']}

iZ230h7eiqjZi-230h7eiqj

{u'IpAddress': [u'121.41.39.147']}

iZ23ohfmcu7Zi-23ohfmcu7

{u'IpAddress': [u'120.26.215.83']}

iZ231wom0syZi-231wom0sy

{u'IpAddress': [u'120.26.42.59']}

iZ230uqf90eZi-230uqf90e

{u'IpAddress': [u'120.26.222.106']}

iZ23ecfp45wZi-23ecfp45w

{u'IpAddress': [u'121.40.67.233']}

iZ23v7nyfm3Zi-23v7nyfm3

{u'IpAddress': [u'120.26.58.166']}

iZ2326su2ucZi-2326su2uc

{u'IpAddress': [u'121.40.216.56']}

iZ230ng5yuiZi-230ng5yui

{u'IpAddress': [u'121.40.232.95']}

iZ23c9yofrgZi-23c9yofrg

{u'IpAddress': [u'120.26.221.29']}

iZ23he9nrl5Zi-23he9nrl5

{u'IpAddress': [u'121.40.233.138']}

iZ23ofabmbiZi-23ofabmbi

{u'IpAddress': [u'120.26.87.100']}

iZ23to1w4ghZi-23to1w4gh

{u'IpAddress': [u'121.40.244.36']}

iZ23qh5vhbzZi-23qh5vhbz

{u'IpAddress': [u'121.40.244.82']}

iZ23w2t4gc8Zi-23w2t4gc8

{u'IpAddress': [u'115.29.209.41']}

iZ23jlu9ofuZi-23jlu9ofu

{u'IpAddress': [u'121.43.112.75']}

iZ23xgx6hs9Zi-23xgx6hs9

{u'IpAddress': [u'121.43.112.84']}

iZ23ujbyejyZi-23ujbyejy

{u'IpAddress': [u'121.43.113.102']}

iZ23dhd2pliZi-23dhd2pli

{u'IpAddress': [u'121.43.112.81']}

iZ23ifl3spuZi-23ifl3spu

{u'IpAddress': [u'121.43.112.73']}

iZ23ftsqwirZi-23ftsqwir

{u'IpAddress': [u'115.29.210.29']}

iZ23m55u9d6Zi-23m55u9d6

{u'IpAddress': [u'115.29.241.226']}

iZ234lxpnytZi-234lxpnyt

{u'IpAddress': [u'218.244.134.123']}

iZ23pn83184Zi-23pn83184

{u'IpAddress': [u'115.29.209.221']}

iZ23ammgephZi-23ammgeph

{u'IpAddress': [u'121.43.112.9']}

iZ23hde914gZi-23hde914g

{u'IpAddress': [u'121.43.112.8']}

iZ23sybp0ckZi-23sybp0ck

{u'IpAddress': [u'121.43.113.106']}

iZ23d4q37opZi-23d4q37op

{u'IpAddress': [u'115.29.240.119']}

iZ23xraa0ukZi-23xraa0uk

{u'IpAddress': [u'121.43.113.104']}

iZ23grbq4nmZi-23grbq4nm

{u'IpAddress': [u'121.43.112.94']}

iZ23e6z5gwtZi-23e6z5gwt

{u'IpAddress': [u'115.29.210.233']}

iZ23pt0rjolZi-23pt0rjol

{u'IpAddress': [u'218.244.133.129']}

iZ23gyzmx68Zi-23gyzmx68

{u'IpAddress': [u'115.29.211.129']}

iZ23lkxfx3uZi-23lkxfx3u

{u'IpAddress': [u'115.29.241.71']}

iZ23zdy71hfZi-23zdy71hf

{u'IpAddress': [u'112.124.22.202']}

iZ23yepe2blZi-23yepe2bl

{u'IpAddress': [u'112.124.45.57']}

iZ23zrsuw2jZi-23zrsuw2j

{u'IpAddress': [u'112.124.38.203']}

iZ23u00l68sZi-23u00l68s

{u'IpAddress': [u'112.124.42.137']}

iZ234l19e9hZi-234l19e9h

{u'IpAddress': [u'121.199.64.94']}

iZ23027ryxpZi-23027ryxp

{u'IpAddress': [u'112.124.22.151']}

iZ23nh2k1ltZi-23nh2k1lt

{u'IpAddress': [u'121.40.159.184']}

iZ231dsn07tZi-231dsn07t

{u'IpAddress': [u'121.40.64.49']}

iZ23lvmlp5gZi-23lvmlp5g

{u'IpAddress': [u'121.40.157.170']}

iZ230aewpj2Zi-230aewpj2

{u'IpAddress': [u'121.40.108.33']}

iZ23g6cnekxZi-23g6cnekx

{u'IpAddress': [u'121.40.157.250']}

iZ238kyyamcZi-238kyyamc

{u'IpAddress': [u'121.40.64.61']}

iZ236gl087sZi-236gl087s

{u'IpAddress': [u'121.40.108.32']}

iZ23sezc3q3Zi-23sezc3q3

{u'IpAddress': [u'121.40.64.44']}

iZ23oy0s97iZi-23oy0s97i

{u'IpAddress': [u'121.40.18.165']}

iZ233i6yy14Zi-233i6yy14

{u'IpAddress': [u'121.40.18.173']}

iZ23eu5iw81Zi-23eu5iw81

{u'IpAddress': [u'121.40.53.251']}

iZ23ifqzb4yZi-23ifqzb4y

{u'IpAddress': [u'121.40.54.119']}

iZ23arp65u3Zi-23arp65u3

{u'IpAddress': [u'121.40.53.249']}

iZ23wh6srjqZi-23wh6srjq

{u'IpAddress': [u'121.40.54.1']}

iZ23ifzkh2iZi-23ifzkh2i

{u'IpAddress': [u'121.40.53.246']}

iZ233t2gnbdZi-233t2gnbd

{u'IpAddress': [u'121.40.53.247']}

iZ23rpaw36fZi-23rpaw36f

{u'IpAddress': [u'121.41.107.159']}

pts_test_1i-23hwsgfyl

{u'IpAddress': [u'121.41.54.127']}

pts_test_2i-23f0rlpag

{u'IpAddress': [u'121.40.162.141']}

iZ23ni1jb64Zi-23ni1jb64

{u'IpAddress': [u'121.40.162.109']}

iZ23do3ek8fZi-23do3ek8f

{u'IpAddress': [u'121.40.162.101']}

iZ23hpn8trpZi-23hpn8trp

{u'IpAddress': [u'121.40.162.13']}

yanfa2_testi-23342zlhe

{u'IpAddress': [u'121.40.162.155']}

bi_test_govi-23hbv0fdl

{u'IpAddress': [u'121.40.162.15']}

bi_test_enti-23mqaiqhk

{u'IpAddress': [u'121.40.162.121']}

taobao_interface1i-23o69camc

{u'IpAddress': [u'121.40.162.149']}

YULIUi-239oql3ew

{u'IpAddress': [u'121.40.162.133']}

taobao_interface2i-23de9h4r6

{u'IpAddress': [u'121.40.162.146']}

taobao_interface3i-23r75lvnm

{u'IpAddress': [u'121.40.162.143']}

gongdani-23aqi49l0

{u'IpAddress': [u'121.40.162.11']}

ent-web13i-23702ucjh

{u'IpAddress': [u'121.40.162.138']}

share4i-23o8th8q7

{u'IpAddress': [u'121.40.162.125']}

newclient2i-23ars5cbv

{u'IpAddress': [u'121.40.162.115']}

ent-web20i-23j5mt1he

{u'IpAddress': [u'121.40.162.1']}

odpsclient3i-23te2ryem

{u'IpAddress': [u'121.40.162.126']}

ent-web15i-23yb5w7iu

{u'IpAddress': [u'121.40.162.140']}

ent-web17i-23dmuu8cj

{u'IpAddress': [u'121.40.162.132']}

ent-web12i-23kndrx14

{u'IpAddress': [u'121.40.162.130']}

ent-web16i-237isjxpr

{u'IpAddress': [u'121.40.162.135']}

ent-web18i-23yvgn6bw

{u'IpAddress': [u'121.40.162.103']}

ent-web14i-2382ylr9a

{u'IpAddress': [u'121.40.162.118']}

newclient1i-23kol9gqg

{u'IpAddress': [u'121.40.120.19']}

ent-web19i-23jo79fuo

dns没有，查dns操作记录时。看到了这个

原来和alijk.com有过关联。但域名被转移了

上面列举的IP。没有绑定域名。判断不出是哪个厂商的帐号的accesskey 泄漏

挑选了一个主机。重置密码。然后本地登录，VNCURL地址aliyun的api有提供

{u'IpAddress': [u'121.40.162.133']}

taobao_interface2 i-23de9h4r6

登录后。还是没法判定是哪家公司的。虽有taobao之类文件夹命名

直到我逐步的访问上述的列表的IP。

http://101.200.186.4/ 弘久健康

http://58.96.190.236/ 阿里健康国际站

还有的不一一列举了，都是跟药品监管什么的相关，极大可能与95001111.com 有关系。

我不过多纠结。留给你们了~~

解决方案：

建议早点上线，强制RAM子账号运维管理之类的。accesskey很多客户一不小心就泄漏了。留下极大的威胁。

点击复制链接与好友分享!回本站首页