david/DavidZhang73.github.io
1
0
Fork 0
Code Releases Activity

Site updated: 2020-02-10 19:39:27

Browse Source
This commit is contained in:
davidz 2020-02-10 19:39:28 +08:00
parent 67dc842e62
commit bda0ceb32a
19 changed files with 2092 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
anu-comp2310-assignment1/index.html
View File

@ -531,9 +531,9 @@ $$</p>
</dl>
</div>
<ul>
<li><a href="/">5 <p>文章</p></a></li>
<li><a href="/categories">4 <p>分类</p></a></li>
<li><a href="/tags">7 <p>标签</p></a></li>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>

22
archives/2020/01/index.html
View File

@ -60,7 +60,7 @@
<div class="content animated fadeIn">
<div class="set">
<h1 style="text-align: center">归档</h1>
<p style="text-align: center">5</p>
<p style="text-align: center">6</p>
<ul class="timeline timeline-centered">
@ -73,6 +73,26 @@
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 10, 2020</span>
</div>
<div class="timeline-marker"></div>
<div class="timeline-content">
<a class="timeline-title" target="_self" href="/kinsing-virus/">Kinsing - &#34;寄生&#34;于 Docker 的病毒</a>
<p>
2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。
¶发现
偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。
难道是我的博客访问量暴增那是当然不可能的然后我去看了看Portainer看了看果然
这个随机名称的容器就是 Kinsin...
</p>
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 03, 2020</span>

22
archives/2020/02/index.html
View File

@ -60,7 +60,7 @@
<div class="content animated fadeIn">
<div class="set">
<h1 style="text-align: center">归档</h1>
<p style="text-align: center">5</p>
<p style="text-align: center">6</p>
<ul class="timeline timeline-centered">
@ -73,6 +73,26 @@
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 10, 2020</span>
</div>
<div class="timeline-marker"></div>
<div class="timeline-content">
<a class="timeline-title" target="_self" href="/kinsing-virus/">Kinsing - &#34;寄生&#34;于 Docker 的病毒</a>
<p>
2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。
¶发现
偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。
难道是我的博客访问量暴增那是当然不可能的然后我去看了看Portainer看了看果然
这个随机名称的容器就是 Kinsin...
</p>
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 03, 2020</span>

22
archives/2020/index.html
View File

@ -60,7 +60,7 @@
<div class="content animated fadeIn">
<div class="set">
<h1 style="text-align: center">归档</h1>
<p style="text-align: center">5</p>
<p style="text-align: center">6</p>
<ul class="timeline timeline-centered">
@ -73,6 +73,26 @@
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 10, 2020</span>
</div>
<div class="timeline-marker"></div>
<div class="timeline-content">
<a class="timeline-title" target="_self" href="/kinsing-virus/">Kinsing - &#34;寄生&#34;于 Docker 的病毒</a>
<p>
2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。
¶发现
偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。
难道是我的博客访问量暴增那是当然不可能的然后我去看了看Portainer看了看果然
这个随机名称的容器就是 Kinsin...
</p>
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 03, 2020</span>

22
archives/index.html
View File

@ -60,7 +60,7 @@
<div class="content animated fadeIn">
<div class="set">
<h1 style="text-align: center">归档</h1>
<p style="text-align: center">5</p>
<p style="text-align: center">6</p>
<ul class="timeline timeline-centered">
@ -73,6 +73,26 @@
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 10, 2020</span>
</div>
<div class="timeline-marker"></div>
<div class="timeline-content">
<a class="timeline-title" target="_self" href="/kinsing-virus/">Kinsing - &#34;寄生&#34;于 Docker 的病毒</a>
<p>
2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。
¶发现
偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。
难道是我的博客访问量暴增那是当然不可能的然后我去看了看Portainer看了看果然
这个随机名称的容器就是 Kinsin...
</p>
</div>
</li>
<li class="timeline-item">
<div class="timeline-info">
<span class="gradient-text">二月 03, 2020</span>

3
baidusitemap.xml
View File

@ -1,6 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://blog.davidz.cn/kinsing-virus/</loc>
<lastmod>2020-02-10</lastmod>
</url> <url>
<loc>https://blog.davidz.cn/windows-package-manager-scoop/</loc>
<lastmod>2020-02-03</lastmod>
</url> <url>

6
beauty-is-productivity-windows-terminal/index.html
View File

@ -349,9 +349,9 @@
</dl>
</div>
<ul>
<li><a href="/">5 <p>文章</p></a></li>
<li><a href="/categories">4 <p>分类</p></a></li>
<li><a href="/tags">7 <p>标签</p></a></li>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>

460
categories/DevOps/index.html Normal file
View File

@ -0,0 +1,460 @@
<!DOCTYPE html>
<html lang="zh-CN" class="loading">
<head>
<!-- hexo-inject:begin --><!-- hexo-inject:end --><meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>Category: DevOps - Blog</title>
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="google" content="notranslate" />
<meta name="keywords" content="Developer, Python, C++, JavaScript, Java,">
<meta name="description" content="DavidZ&#39;s Blog,">
<meta name="author" content="DavidZ">
<link rel="alternative" href="atom.xml" title="Blog" type="application/atom+xml">
<link rel="icon" href="/img/favicon.png">
<link href="https://fonts.loli.net/css?family=Roboto+Mono|Rubik&display=swap" rel="stylesheet">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1429596_nzgqgvnmkjb.css">
<link rel="stylesheet" href="//cdn.bootcss.com/animate.css/3.7.2/animate.min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/css/share.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/codemirror.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/theme/dracula.css">
<link rel="stylesheet" href="/css/obsidian.css">
<link rel="stylesheet" href="/css/ball-atom.min.css">
<meta name="generator" content="Hexo 4.2.0"><!-- hexo-inject:begin --><!-- hexo-inject:end --></head>
<body class="loading">
<!-- hexo-inject:begin --><!-- hexo-inject:end --><div class="loader">
<div class="la-ball-atom la-2x">
<div></div>
<div></div>
<div></div>
<div></div>
</div>
</div>
<span id="config-title" style="display:none">Blog</span>
<div id="loader"></div>
<div class="nav">
<ul id="menu-menu" class="menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false">ARCHIVES</a>
</li>
</ul>
<p class="copyright" id="copyright">
&copy; 2020 DavidZ.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme <a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</p>
</div>
<div id="container">
<div class="search-box">
<form class="site-search-form">
<span class="iconfont icon-search"></span>
<input type="text" id="local-search-input" class="st-search-input" />
<div class="iconfont icon-cross search-box-close"></div>
</form>
<div class="search-scrollable">
<div id="local-search-result" class="local-search-result-cls" data-initialise="首次搜索,正在载入索引文件,请稍后……"
data-start="输入关键词搜索。" data-empty="没有找到内容,请尝试更换检索词。">
<span>输入关键词搜索。</span>
</div>
</div>
</div>
<div id="header">
<div>
<div class="logo animated fadeInDown">
<img src="/img/favicon.png" alt="">
<a class="image-logo" href="/"></a>
</div>
<ul id="menu-menu" class="menu text-menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false" class="menu-link">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false" class="menu-link">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false" class="menu-link">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false" class="menu-link">ARCHIVES</a>
</li>
<li class="animated fadeInDown search-bar iconfont icon-search"></li>
</ul>
<div class="iconfont icon-menu switchmenu gradient-text animated fadeInDown"></div>
</div>
</div>
<div id="screen">
<div id="mark">
<div class="cover animated fadeIn" style="
animation-delay: 900ms;
animation-duration: 2.8s;
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.56), #100e17),
url(/img/cover.jpg);">
</div>
</div>
<div id="post0" class="else">
<p class="animated fadeInDown">
<a href="/categories/DevOps"><b>
</b>DEVOPS<b></b></a>
二月 10, 2020
</p>
<h3 class="post-title animated fadeInDown">
<a href="/kinsing-virus/" title="Kinsing - &quot;寄生&quot;于 Docker 的病毒" class="posttitle">Kinsing - &quot;寄生&quot;于 Docker 的病毒</a></h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
2k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
2 mins.
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Shell/" rel="tag">Shell</a></li></ul>
<div class="md-content animated fadeIn">
<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p>
<p></p>
<p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p>
<p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p>
<p></p>
<p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p>
<p></p>
<p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。...</p>
<span class="read-more"><a href="/kinsing-virus/" title="查看全文" class="posttitle">查看全文</a>
<b class="iconfont icon-arrow-right- gradient-text"></b></span>
</div>
</div>
</div>
<div class="screen-gradient-after">
<div class="screen-gradient-content">
<div class="screen-gradient-content-inside">
<div class="bold-underline-links screen-gradient-sponsor">
<p>
<span class="typed-text"></span>
</p>
</div>
</div>
</div>
</div>
<div id="primary">
</div>
</div>
<div id="preview"></div>
<div id="back-to-top" class="animated fadeIn faster">
<div class="flow"></div>
<span class="percentage animated fadeIn faster">0%</span>
<span class="iconfont icon-top02 animated fadeIn faster"></span>
</div><!-- hexo-inject:begin --><!-- hexo-inject:end -->
</body>
<footer>
<p class="copyright" id="copyright">
&copy; 2020
<span class="gradient-text">
DavidZ
</span>.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme
<span class="gradient-text">
<a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</span>
<small><a href="https://github.com/TriDiamond/hexo-theme-obsidian/blob/master/CHANGELOG.md" title="v1.4.3" target="_blank" rel="noopener">v1.4.3</a></small>
</p>
</footer>
<script type="text/javascript" src="https://cdn.bootcss.com/mathjax/2.7.6/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script>
MathJax.Hub.Config({
"HTML-CSS": {
preferredFont: "TeX",
availableFonts: ["STIX", "TeX"],
linebreaks: {
automatic: true
},
EqnChunk: (MathJax.Hub.Browser.isMobile ? 10 : 50)
},
tex2jax: {
inlineMath: [
["$", "$"],
["\\(", "\\)"]
],
processEscapes: true,
ignoreClass: "tex2jax_ignore|dno",
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
},
TeX: {
noUndefined: {
attributes: {
mathcolor: "red",
mathbackground: "#FFEEEE",
mathsize: "90%"
}
},
Macros: {
href: "{}"
}
},
messageStyle: "none"
});
</script>
<script>
function initialMathJax() {
MathJax.Hub.Queue(function () {
var all = MathJax.Hub.getAllJax(),
i;
// console.log(all);
for (i = 0; i < all.length; i += 1) {
all[i].SourceElement().parentNode.className += ' has-jax';
}
});
}
function reprocessMathJax() {
if (typeof MathJax !== 'undefined') {
MathJax.Hub.Queue(["Typeset", MathJax.Hub]);
}
}
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.css">
<script src="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="/js/plugin.js"></script>
<script src="/js/obsidian.js"></script>
<script src="/js/jquery.truncate.js"></script>
<script src="/js/search.js"></script>
<script src="//cdn.bootcss.com/typed.js/2.0.10/typed.min.js"></script>
<script src="//cdn.bootcss.com/blueimp-md5/2.12.0/js/md5.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/js/social-share.min.js"></script>
<script src="https://cdn.bootcss.com/codemirror/5.48.4/codemirror.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/javascript/javascript.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/css/css.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/xml/xml.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/htmlmixed/htmlmixed.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/clike/clike.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/php/php.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/shell/shell.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/python/python.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/cmake/cmake.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/powershell/powershell.min.js"></script>
<script src="/js/busuanzi.min.js"></script>
<script>
$(document).ready(function () {
if ($('span[id^="busuanzi_"]').length) {
initialBusuanzi();
}
});
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/default-skin/default-skin.min.css">
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.js"></script>
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe-ui-default.min.js"></script>
<!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
<!-- Background of PhotoSwipe.
It's a separate element as animating opacity is faster than rgba(). -->
<div class="pswp__bg"></div>
<!-- Slides wrapper with overflow:hidden. -->
<div class="pswp__scroll-wrap">
<!-- Container that holds slides.
PhotoSwipe keeps only 3 of them in the DOM to save memory.
Don't modify these 3 pswp__item elements, data is added later on. -->
<div class="pswp__container">
<div class="pswp__item"></div>
<div class="pswp__item"></div>
<div class="pswp__item"></div>
</div>
<!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
<div class="pswp__ui pswp__ui--hidden">
<div class="pswp__top-bar">
<!-- Controls are self-explanatory. Order can be changed. -->
<div class="pswp__counter"></div>
<button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
<button class="pswp__button pswp__button--share" title="Share"></button>
<button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
<button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
<!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
<!-- element will get class pswp__preloader--active when preloader is running -->
<div class="pswp__preloader">
<div class="pswp__preloader__icn">
<div class="pswp__preloader__cut">
<div class="pswp__preloader__donut"></div>
</div>
</div>
</div>
</div>
<div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
<div class="pswp__share-tooltip"></div>
</div>
<button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
</button>
<button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
</button>
<div class="pswp__caption">
<div class="pswp__caption__center"></div>
</div>
</div>
</div>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="//www.googletagmanager.com/gtag/js?id=UA-157733505-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-157733505-1');
</script>
<script>
function initialTyped () {
var typedTextEl = $('.typed-text');
if (typedTextEl && typedTextEl.length > 0) {
var typed = new Typed('.typed-text', {
strings: ["凡事都要留几分", "颜值是第一生产力"],
typeSpeed: 90,
loop: true,
loopCount: Infinity,
backSpeed: 20,
});
}
}
if ($('.article-header') && $('.article-header').length) {
$(document).ready(function () {
initialTyped();
});
}
</script>
</html>

2
categories/index.html
View File

@ -63,7 +63,7 @@
<div class="set">
<div class="category-mask"></div>
<h1>分类</h1>
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/Productivity/">Productivity</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Personal/">Personal</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Internship/">Internship</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Study/">Study</a><span class="category-list-count">1</span></li></ul>
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/Productivity/">Productivity</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Personal/">Personal</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Internship/">Internship</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Study/">Study</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/DevOps/">DevOps</a><span class="category-list-count">1</span></li></ul>
</div>

6
hello-world/index.html
View File

@ -191,9 +191,9 @@
</dl>
</div>
<ul>
<li><a href="/">5 <p>文章</p></a></li>
<li><a href="/categories">4 <p>分类</p></a></li>
<li><a href="/tags">7 <p>标签</p></a></li>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>

93
index.html
View File

@ -130,56 +130,53 @@
animation-duration: 2.8s;
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.56), #100e17),
url(//davidz.cn/static/blog/2020-02-03-windows-package-manager-scoop/cover.png);">
url(/img/cover.jpg);">
</div>
</div>
<div id="post0" class="else">
<p class="animated fadeInDown">
<a href="/categories/Productivity"><b>
</b>PRODUCTIVITY<b></b></a>
<a href="/categories/DevOps"><b>
</b>DEVOPS<b></b></a>
二月 03, 2020
二月 10, 2020
</p>
<h3 class="post-title animated fadeInDown">
<a href="/windows-package-manager-scoop/" title="Windows 包管理器 - Scoop" class="posttitle">Windows 包管理器 - Scoop</a></h3>
<a href="/kinsing-virus/" title="Kinsing - &quot;寄生&quot;于 Docker 的病毒" class="posttitle">Kinsing - &quot;寄生&quot;于 Docker 的病毒</a></h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
12k
2k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
11 mins.
2 mins.
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Open-Source/" rel="tag">Open-Source</a></li></ul>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Shell/" rel="tag">Shell</a></li></ul>
<div class="md-content animated fadeIn">
<p>一直以来作为开发者Windows 相较于 Linux 都缺少两样重要的工具,</p>
<ol>
<li><strong>好用</strong>的 Shell - 现在可以用 PowerShell Core 或者 WSL 暂时代替。</li>
<li><strong>好用</strong>的包管理器 - 在开发时 C/Cpp 的库可以用<a href="https://github.com/microsoft/vcpkg" target="_blank" rel="noopener">VCPKG</a>,而日常使用的软件就可以使用本文的主角<a href="https://github.com/lukesampson/scoop" target="_blank" rel="noopener">Scoop</a> 了。</li>
</ol>
<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p>
<blockquote>
<p>按照官网的<a href="https://github.com/lukesampson/scoop/wiki/Quick-Start" target="_blank" rel="noopener">教程</a>,只能使用 PowerShell 而不是 CMD 进行安装。</p>
</blockquote>
<pre><code class="language-powershell"># 指定 Scoop 的安装路径,之后安装的 APP 会安装在 path/to/scoop/apps/
$env:SCOOP='path/to/scoop'
[environment]::setEnvironmentVariable...</code></pre>
<p></p>
<p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p>
<p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p>
<p></p>
<p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p>
<p></p>
<p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。...</p>
<span class="read-more"><a href="/windows-package-manager-scoop/" title="查看全文" class="posttitle">查看全文</a>
<span class="read-more"><a href="/kinsing-virus/" title="查看全文" class="posttitle">查看全文</a>
<b class="iconfont icon-arrow-right- gradient-text"></b></span>
</div>
</div>
@ -200,6 +197,62 @@ $env:SCOOP='path/to/scoop'
<div id="primary">
<div class="post" id="post">
<div class="post-cover animated fadeIn" style="
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.65), #100e17),
url(//davidz.cn/static/blog/2020-02-03-windows-package-manager-scoop/cover.png);">
</div>
<div class="else">
<p class="animated fadeInDown">
<a href="/categories/Productivity">
<b></b>PRODUCTIVITY<b></b>
</a>
二月 03, 2020
</p>
<h3 class="post-title animated fadeInDown"><a href="/windows-package-manager-scoop/" title="Windows 包管理器 - Scoop" class="posttitle">Windows 包管理器 - Scoop</a></h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
12k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
11 mins.
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Open-Source/" rel="tag">Open-Source</a></li></ul>
<div class="md-content animated fadeIn">
<p>一直以来作为开发者Windows 相较于 Linux 都缺少两样重要的工具,</p>
<ol>
<li><strong>好用</strong>的 Shell - 现在可以用 PowerShell Core 或者 WSL 暂时代替。</li>
<li><strong>好用</strong>的包管理器 - 在开发时 C/Cpp 的库可以用<a href="https://github.com/microsoft/vcpkg" target="_blank" rel="noopener">VCPKG</a>,而日常使用的软件就可以使用本文的主角<a href="https://github.com/lukesampson/scoop" target="_blank" rel="noopener">Scoop</a> 了。</li>
</ol>
<blockquote>
<p>按照官网的<a href="https://github.com/lukesampson/scoop/wiki/Quick-Start" target="_blank" rel="noopener">教程</a>,只能使用 PowerShell 而不是 CMD 进行安装。</p>
</blockquote>
<pre><code class="language-powershell"># 指定 Scoop 的安装路径,之后安装的 APP 会安装在 path/to/scoop/apps/
$env:SCOOP...</code></pre>
<span class="read-more"><a href="/windows-package-manager-scoop/" title="查看全文" class="posttitle">查看全文</a> <b class="iconfont icon-arrow-right- gradient-text"></b></span>
</div>
</div>
</div>
<div class="post" id="post">
<div class="post-cover animated fadeIn" style="
background-image:

6
inspur-internship/index.html
View File

@ -362,9 +362,9 @@ set(LIBRARY_OUTPUT_PATH ${CMAKE_BINARY_DIR}/lib/)
</dl>
</div>
<ul>
<li><a href="/">5 <p>文章</p></a></li>
<li><a href="/categories">4 <p>分类</p></a></li>
<li><a href="/tags">7 <p>标签</p></a></li>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>

499
kinsing-virus/index.html Normal file
View File

@ -0,0 +1,499 @@
<!DOCTYPE html>
<html lang="zh-CN" class="loading">
<head>
<!-- hexo-inject:begin --><!-- hexo-inject:end --><meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>Kinsing - &#34;寄生&#34;于 Docker 的病毒 - Blog</title>
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="google" content="notranslate" />
<meta name="keywords" content="Developer, Python, C++, JavaScript, Java,">
<meta name="description" content="DavidZ&#39;s Blog,2020 年开年不顺2019 新型冠状病毒肺炎爆发从年三十居家隔离到了正月十五没想到自己的服务器也感染上了病毒 - Kinsing(进程的名字姑且这样称呼)
¶发现
偶然看了看服务器,">
<meta name="author" content="DavidZ">
<link rel="alternative" href="atom.xml" title="Blog" type="application/atom+xml">
<link rel="icon" href="/img/favicon.png">
<link href="https://fonts.loli.net/css?family=Roboto+Mono|Rubik&display=swap" rel="stylesheet">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1429596_nzgqgvnmkjb.css">
<link rel="stylesheet" href="//cdn.bootcss.com/animate.css/3.7.2/animate.min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/css/share.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/codemirror.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/theme/dracula.css">
<link rel="stylesheet" href="/css/obsidian.css">
<link rel="stylesheet" href="/css/ball-atom.min.css">
<meta name="generator" content="Hexo 4.2.0"><!-- hexo-inject:begin --><!-- hexo-inject:end --></head>
<body class="loading">
<!-- hexo-inject:begin --><!-- hexo-inject:end --><div class="loader">
<div class="la-ball-atom la-2x">
<div></div>
<div></div>
<div></div>
<div></div>
</div>
</div>
<span id="config-title" style="display:none">Blog</span>
<div id="loader"></div>
<div id="single">
<div class="scrollbar gradient-bg-rev"></div>
<div id="top" style="display: block;">
<div class="bar" style="width: 0;"></div>
<div class="navigation animated fadeIn fast delay-1s">
<img id="home-icon" class="icon-home" src="/img/favicon.png" alt="" data-url="https://blog.davidz.cn">
<div id="play-icon" title="Play/Pause" class="iconfont icon-play"></div>
<h3 class="subtitle">Kinsing - "寄生"于 Docker 的病毒</h3>
<div class="social">
<!-- <div class="like-icon">-->
<!-- <a href="javascript:;" class="likeThis active"><span class="icon-like"></span><span class="count">76</span></a>-->
<!-- </div>-->
<div>
<div class="share">
<a href="javascript:;" class="iconfont icon-share1"></a>
<div class="share-component-cc" data-disabled="facebook,douban,linkedin,diandian,tencent,google"></div>
</div>
</div>
</div>
</div>
</div>
<div class="section">
<div class=article-header-wrapper>
<div class="article-header">
<div class="article-cover animated fadeIn" style="
animation-delay: 600ms;
animation-duration: 1.2s;
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.65), #100e17),
url(/img/cover.jpg);">
</div>
<div class="else">
<p class="animated fadeInDown">
<a href="/categories/DevOps"><b>
</b>DEVOPS<b></b></a>
二月 10, 2020
</p>
<h3 class="post-title animated fadeInDown"><a href="/kinsing-virus/" title="Kinsing - &quot;寄生&quot;于 Docker 的病毒" class="">Kinsing - &quot;寄生&quot;于 Docker 的病毒</a>
</h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
2k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
2 mins.
</span>
<span id="busuanzi_container_page_pv">
<b class="iconfont icon-read"></b> <i>阅读次数</i>
<span id="busuanzi_value_page_pv">0</span>
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Shell/" rel="tag">Shell</a></li></ul>
</div>
</div>
</div>
<div class="screen-gradient-after">
<div class="screen-gradient-content">
<div class="screen-gradient-content-inside">
<div class="bold-underline-links screen-gradient-sponsor">
<p>
<span class="animated fadeIn delay-1s"></span>
</p>
</div>
</div>
</div>
</div>
<div class="article">
<div class='main'>
<div class="content markdown animated fadeIn">
<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p>
<h2 id="发现"><a class="header-anchor" href="#发现"></a>发现</h2>
<p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/netdata.png" alt="netdata"></p>
<p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p>
<p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p>
<p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/portainer.png" alt="portainer"></p>
<p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p>
<p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/process.png" alt="进程"></p>
<p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。第二个是 cron这个是定时脚本我猜应该是病毒定时检查一下运行情况第三个好像是个守护进程第四个应该是用于容器保持第五个在网上能搜到是个<a href="https://www.baidu.com/s?wd=kdevtmpfsi" target="_blank" rel="noopener">挖矿的程序</a></p>
<p>无聊的我还简单看了看这个脚本的服务器 IP</p>
<p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/ip.png" alt="ip"></p>
<p>难道是俄罗斯大佬???</p>
<p>这个时候我突然想起来,前几天为了调试<a href="https://certbot.eff.org/" target="_blank" rel="noopener">certbot</a>的 Dockerfile, 我直接打开了 Docker 的<a href="https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option" target="_blank" rel="noopener">远程访问</a>,在默认的情况下是没有任何加密措施的。</p>
<p>这样,就真相大白了,这个病毒通过未加密的接口,在我的服务器上运行了挖矿的容器来盈利,同时也占用了服务器全部的 CPU😢.</p>
<h2 id="处理"><a class="header-anchor" href="#处理"></a>处理</h2>
<p>Kinsing 病毒还是很良心的(至少我遇到的这个是),把自己”关“在了容器里面,反正后来我也没有在别的地方发现相关文件。</p>
<p>所以处理起来也简单,</p>
<ol>
<li>删掉容器和镜像</li>
<li>关闭 Docker 远程访问即可。如果不想关闭的话也可以<a href="https://docs.docker.com/engine/security/https/" target="_blank" rel="noopener">用 https 的方式加密</a></li>
</ol>
<h2 id="小想法"><a class="header-anchor" href="#小想法"></a>小想法</h2>
<p>其实这个 Kinsing 病毒实现起来还是很简单的,</p>
<ol>
<li>扫描全网的 2375 这个默认端口</li>
<li>用 Docker API 连接并部署容器</li>
<li>执行脚本运行挖矿程序</li>
</ol>
<p><s>突然有一个邪恶的想法,一台机器一天就算 1 毛钱好啦</s>,哈哈哈,但是违法的事情不能做呀😄。</p>
<p>大家一定要注意呀,时刻谨记服务器安全,不要随意开放服务器端口。</p>
<!--[if lt IE 9]><script>document.createElement('audio');</script><![endif]-->
<audio id="audio" loop="1" preload="auto" controls="controls"
data-autoplay="false">
<source type="audio/mpeg" src="">
</audio>
<ul id="audio-list" style="display:none">
<li title='0' data-url='/statics/chengdu.mp3'></li>
</ul>
<div id='gitalk-container' class="comment link"
data-ae='true'
data-ci='489076c5dd3f5ba13f67'
data-cs='d6e3b245787b0b74d0dbe2639ef87f452a401194'
data-r='blog.davidz.cn'
data-o='DavidZhang73'
data-a='DavidZhang73'
data-d=''
>留言</div>
</div>
<div class="sidebar">
<div class="box animated fadeInRight">
<div class="subbox">
<img src="//davidz.cn/static/blog/img/avator.jpg" height=300 width=300></img>
<p>DavidZ</p>
<span>凡事都要留几分</span>
<dl>
<dd><a href="https://github.com/DavidZhang73" target="_blank"><span
class=" iconfont icon-github"></span></a></dd>
<dd><a href="https://twitter.com/david731998" target="_blank"><span
class=" iconfont icon-twitter"></span></a></dd>
<dd><a href="https://stackoverflow.com/users/12693553/davidz" target="_blank"><span
class=" iconfont icon-stack-overflow"></span></a></dd>
</dl>
</div>
<ul>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>
<div class="box sticky animated fadeInRight faster">
<div id="toc" class="subbox">
<h4>目录</h4>
<ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#发现"><span class="toc-number">1.</span> <span class="toc-text">¶发现</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#处理"><span class="toc-number">2.</span> <span class="toc-text">¶处理</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#小想法"><span class="toc-number">3.</span> <span class="toc-text">¶小想法</span></a></li></ol>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="back-to-top" class="animated fadeIn faster">
<div class="flow"></div>
<span class="percentage animated fadeIn faster">0%</span>
<span class="iconfont icon-top02 animated fadeIn faster"></span>
</div><!-- hexo-inject:begin --><!-- hexo-inject:end -->
</body>
<footer>
<p class="copyright" id="copyright">
&copy; 2020
<span class="gradient-text">
DavidZ
</span>.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme
<span class="gradient-text">
<a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</span>
<small><a href="https://github.com/TriDiamond/hexo-theme-obsidian/blob/master/CHANGELOG.md" title="v1.4.3" target="_blank" rel="noopener">v1.4.3</a></small>
</p>
</footer>
<script type="text/javascript" src="https://cdn.bootcss.com/mathjax/2.7.6/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script>
MathJax.Hub.Config({
"HTML-CSS": {
preferredFont: "TeX",
availableFonts: ["STIX", "TeX"],
linebreaks: {
automatic: true
},
EqnChunk: (MathJax.Hub.Browser.isMobile ? 10 : 50)
},
tex2jax: {
inlineMath: [
["$", "$"],
["\\(", "\\)"]
],
processEscapes: true,
ignoreClass: "tex2jax_ignore|dno",
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
},
TeX: {
noUndefined: {
attributes: {
mathcolor: "red",
mathbackground: "#FFEEEE",
mathsize: "90%"
}
},
Macros: {
href: "{}"
}
},
messageStyle: "none"
});
</script>
<script>
function initialMathJax() {
MathJax.Hub.Queue(function () {
var all = MathJax.Hub.getAllJax(),
i;
// console.log(all);
for (i = 0; i < all.length; i += 1) {
all[i].SourceElement().parentNode.className += ' has-jax';
}
});
}
function reprocessMathJax() {
if (typeof MathJax !== 'undefined') {
MathJax.Hub.Queue(["Typeset", MathJax.Hub]);
}
}
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.css">
<script src="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="/js/plugin.js"></script>
<script src="/js/obsidian.js"></script>
<script src="/js/jquery.truncate.js"></script>
<script src="/js/search.js"></script>
<script src="//cdn.bootcss.com/typed.js/2.0.10/typed.min.js"></script>
<script src="//cdn.bootcss.com/blueimp-md5/2.12.0/js/md5.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/js/social-share.min.js"></script>
<script src="https://cdn.bootcss.com/codemirror/5.48.4/codemirror.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/javascript/javascript.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/css/css.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/xml/xml.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/htmlmixed/htmlmixed.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/clike/clike.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/php/php.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/shell/shell.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/python/python.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/cmake/cmake.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/powershell/powershell.min.js"></script>
<script src="/js/busuanzi.min.js"></script>
<script>
$(document).ready(function () {
if ($('span[id^="busuanzi_"]').length) {
initialBusuanzi();
}
});
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/default-skin/default-skin.min.css">
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.js"></script>
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe-ui-default.min.js"></script>
<!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
<!-- Background of PhotoSwipe.
It's a separate element as animating opacity is faster than rgba(). -->
<div class="pswp__bg"></div>
<!-- Slides wrapper with overflow:hidden. -->
<div class="pswp__scroll-wrap">
<!-- Container that holds slides.
PhotoSwipe keeps only 3 of them in the DOM to save memory.
Don't modify these 3 pswp__item elements, data is added later on. -->
<div class="pswp__container">
<div class="pswp__item"></div>
<div class="pswp__item"></div>
<div class="pswp__item"></div>
</div>
<!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
<div class="pswp__ui pswp__ui--hidden">
<div class="pswp__top-bar">
<!-- Controls are self-explanatory. Order can be changed. -->
<div class="pswp__counter"></div>
<button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
<button class="pswp__button pswp__button--share" title="Share"></button>
<button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
<button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
<!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
<!-- element will get class pswp__preloader--active when preloader is running -->
<div class="pswp__preloader">
<div class="pswp__preloader__icn">
<div class="pswp__preloader__cut">
<div class="pswp__preloader__donut"></div>
</div>
</div>
</div>
</div>
<div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
<div class="pswp__share-tooltip"></div>
</div>
<button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
</button>
<button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
</button>
<div class="pswp__caption">
<div class="pswp__caption__center"></div>
</div>
</div>
</div>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="//www.googletagmanager.com/gtag/js?id=UA-157733505-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-157733505-1');
</script>
<script>
function initialTyped () {
var typedTextEl = $('.typed-text');
if (typedTextEl && typedTextEl.length > 0) {
var typed = new Typed('.typed-text', {
strings: ["凡事都要留几分", "颜值是第一生产力"],
typeSpeed: 90,
loop: true,
loopCount: Infinity,
backSpeed: 20,
});
}
}
if ($('.article-header') && $('.article-header').length) {
$(document).ready(function () {
initialTyped();
});
}
</script>
</html>

27
search.xml
View File

@ -3,6 +3,33 @@
<entry>
<title>Kinsing - &quot;寄生&quot;于 Docker 的病毒</title>
<link href="/kinsing-virus/"/>
<url>/kinsing-virus/</url>
<content type="html"><![CDATA[<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p><h2 id="发现"><a class="header-anchor" href="#发现">¶</a>发现</h2><p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/netdata.png" alt="netdata"></p><p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p><p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p><p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/portainer.png" alt="portainer"></p><p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p><p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/process.png" alt="进程"></p><p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。第二个是 cron这个是定时脚本我猜应该是病毒定时检查一下运行情况第三个好像是个守护进程第四个应该是用于容器保持第五个在网上能搜到是个<a href="https://www.baidu.com/s?wd=kdevtmpfsi" target="_blank" rel="noopener">挖矿的程序</a>。</p><p>无聊的我还简单看了看这个脚本的服务器 IP</p><p><img src="//davidz.cn/static/blog/2020-02-10-kinsing-virus/ip.png" alt="ip"></p><p>难道是俄罗斯大佬???</p><p>这个时候我突然想起来,前几天为了调试<a href="https://certbot.eff.org/" target="_blank" rel="noopener">certbot</a>的 Dockerfile, 我直接打开了 Docker 的<a href="https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option" target="_blank" rel="noopener">远程访问</a>,在默认的情况下是没有任何加密措施的。</p><p>这样,就真相大白了,这个病毒通过未加密的接口,在我的服务器上运行了挖矿的容器来盈利,同时也占用了服务器全部的 CPU😢.</p><h2 id="处理"><a class="header-anchor" href="#处理">¶</a>处理</h2><p>Kinsing 病毒还是很良心的(至少我遇到的这个是),把自己”关“在了容器里面,反正后来我也没有在别的地方发现相关文件。</p><p>所以处理起来也简单,</p><ol><li>删掉容器和镜像</li><li>关闭 Docker 远程访问即可。如果不想关闭的话也可以<a href="https://docs.docker.com/engine/security/https/" target="_blank" rel="noopener">用 https 的方式加密</a>。</li></ol><h2 id="小想法"><a class="header-anchor" href="#小想法">¶</a>小想法</h2><p>其实这个 Kinsing 病毒实现起来还是很简单的,</p><ol><li>扫描全网的 2375 这个默认端口</li><li>用 Docker API 连接并部署容器</li><li>执行脚本运行挖矿程序</li></ol><p><s>突然有一个邪恶的想法,一台机器一天就算 1 毛钱好啦</s>,哈哈哈,但是违法的事情不能做呀😄。</p><p>大家一定要注意呀,时刻谨记服务器安全,不要随意开放服务器端口。</p>]]></content>
<categories>
<category> DevOps </category>
</categories>
<tags>
<tag> Shell </tag>
<tag> Docker </tag>
</tags>
</entry>
<entry>
<title>Windows 包管理器 - Scoop</title>
<link href="/windows-package-manager-scoop/"/>

7
sitemap.xml
View File

@ -1,6 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://blog.davidz.cn/kinsing-virus/</loc>
<lastmod>2020-02-10T09:20:49.000Z</lastmod>
</url>
<url>
<loc>https://blog.davidz.cn/whoami/</loc>

461
tags/Docker/index.html Normal file
View File

@ -0,0 +1,461 @@
<!DOCTYPE html>
<html lang="zh-CN" class="loading">
<head>
<!-- hexo-inject:begin --><!-- hexo-inject:end --><meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>Tag: Docker - Blog</title>
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="google" content="notranslate" />
<meta name="keywords" content="Developer, Python, C++, JavaScript, Java,">
<meta name="description" content="DavidZ&#39;s Blog,">
<meta name="author" content="DavidZ">
<link rel="alternative" href="atom.xml" title="Blog" type="application/atom+xml">
<link rel="icon" href="/img/favicon.png">
<link href="https://fonts.loli.net/css?family=Roboto+Mono|Rubik&display=swap" rel="stylesheet">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1429596_nzgqgvnmkjb.css">
<link rel="stylesheet" href="//cdn.bootcss.com/animate.css/3.7.2/animate.min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/css/share.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/codemirror.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/theme/dracula.css">
<link rel="stylesheet" href="/css/obsidian.css">
<link rel="stylesheet" href="/css/ball-atom.min.css">
<meta name="generator" content="Hexo 4.2.0"><!-- hexo-inject:begin --><!-- hexo-inject:end --></head>
<body class="loading">
<!-- hexo-inject:begin --><!-- hexo-inject:end --><div class="loader">
<div class="la-ball-atom la-2x">
<div></div>
<div></div>
<div></div>
<div></div>
</div>
</div>
<span id="config-title" style="display:none">Blog</span>
<div id="loader"></div>
<div class="nav">
<ul id="menu-menu" class="menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false">ARCHIVES</a>
</li>
</ul>
<p class="copyright" id="copyright">
&copy; 2020 DavidZ.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme <a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</p>
</div>
<div id="container">
<div class="search-box">
<form class="site-search-form">
<span class="iconfont icon-search"></span>
<input type="text" id="local-search-input" class="st-search-input" />
<div class="iconfont icon-cross search-box-close"></div>
</form>
<div class="search-scrollable">
<div id="local-search-result" class="local-search-result-cls" data-initialise="首次搜索,正在载入索引文件,请稍后……"
data-start="输入关键词搜索。" data-empty="没有找到内容,请尝试更换检索词。">
<span>输入关键词搜索。</span>
</div>
</div>
</div>
<div id="header">
<div>
<div class="logo animated fadeInDown">
<img src="/img/favicon.png" alt="">
<a class="image-logo" href="/"></a>
</div>
<ul id="menu-menu" class="menu text-menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false" class="menu-link">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false" class="menu-link">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false" class="menu-link">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false" class="menu-link">ARCHIVES</a>
</li>
<li class="animated fadeInDown search-bar iconfont icon-search"></li>
</ul>
<div class="iconfont icon-menu switchmenu gradient-text animated fadeInDown"></div>
</div>
</div>
<div id="screen">
<div id="mark">
<div class="cover animated fadeIn" style="
animation-delay: 900ms;
animation-duration: 2.8s;
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.56), #100e17),
url(/img/cover.jpg);">
</div>
</div>
<div id="post0" class="else">
<p class="animated fadeInDown">
<a href="/categories/DevOps"><b>
</b>DEVOPS<b></b></a>
二月 10, 2020
</p>
<h3 class="post-title animated fadeInDown">
<a href="/kinsing-virus/" title="Kinsing - &quot;寄生&quot;于 Docker 的病毒" class="posttitle">Kinsing - &quot;寄生&quot;于 Docker 的病毒</a></h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
2k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
2 mins.
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Shell/" rel="tag">Shell</a></li></ul>
<div class="md-content animated fadeIn">
<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p>
<p></p>
<p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p>
<p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p>
<p></p>
<p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p>
<p></p>
<p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。...</p>
<span class="read-more"><a href="/kinsing-virus/" title="查看全文" class="posttitle">查看全文</a>
<b class="iconfont icon-arrow-right- gradient-text"></b></span>
</div>
</div>
</div>
<div class="screen-gradient-after">
<div class="screen-gradient-content">
<div class="screen-gradient-content-inside">
<div class="bold-underline-links screen-gradient-sponsor">
<p>
<span class="typed-text"></span>
</p>
</div>
</div>
</div>
</div>
<div id="primary">
</div>
</div>
<div id="preview"></div>
<div id="back-to-top" class="animated fadeIn faster">
<div class="flow"></div>
<span class="percentage animated fadeIn faster">0%</span>
<span class="iconfont icon-top02 animated fadeIn faster"></span>
</div><!-- hexo-inject:begin --><!-- hexo-inject:end -->
</body>
<footer>
<p class="copyright" id="copyright">
&copy; 2020
<span class="gradient-text">
DavidZ
</span>.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme
<span class="gradient-text">
<a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</span>
<small><a href="https://github.com/TriDiamond/hexo-theme-obsidian/blob/master/CHANGELOG.md" title="v1.4.3" target="_blank" rel="noopener">v1.4.3</a></small>
</p>
</footer>
<script type="text/javascript" src="https://cdn.bootcss.com/mathjax/2.7.6/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script>
MathJax.Hub.Config({
"HTML-CSS": {
preferredFont: "TeX",
availableFonts: ["STIX", "TeX"],
linebreaks: {
automatic: true
},
EqnChunk: (MathJax.Hub.Browser.isMobile ? 10 : 50)
},
tex2jax: {
inlineMath: [
["$", "$"],
["\\(", "\\)"]
],
processEscapes: true,
ignoreClass: "tex2jax_ignore|dno",
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
},
TeX: {
noUndefined: {
attributes: {
mathcolor: "red",
mathbackground: "#FFEEEE",
mathsize: "90%"
}
},
Macros: {
href: "{}"
}
},
messageStyle: "none"
});
</script>
<script>
function initialMathJax() {
MathJax.Hub.Queue(function () {
var all = MathJax.Hub.getAllJax(),
i;
// console.log(all);
for (i = 0; i < all.length; i += 1) {
all[i].SourceElement().parentNode.className += ' has-jax';
}
});
}
function reprocessMathJax() {
if (typeof MathJax !== 'undefined') {
MathJax.Hub.Queue(["Typeset", MathJax.Hub]);
}
}
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.css">
<script src="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="/js/plugin.js"></script>
<script src="/js/obsidian.js"></script>
<script src="/js/jquery.truncate.js"></script>
<script src="/js/search.js"></script>
<script src="//cdn.bootcss.com/typed.js/2.0.10/typed.min.js"></script>
<script src="//cdn.bootcss.com/blueimp-md5/2.12.0/js/md5.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/js/social-share.min.js"></script>
<script src="https://cdn.bootcss.com/codemirror/5.48.4/codemirror.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/javascript/javascript.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/css/css.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/xml/xml.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/htmlmixed/htmlmixed.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/clike/clike.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/php/php.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/shell/shell.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/python/python.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/cmake/cmake.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/powershell/powershell.min.js"></script>
<script src="/js/busuanzi.min.js"></script>
<script>
$(document).ready(function () {
if ($('span[id^="busuanzi_"]').length) {
initialBusuanzi();
}
});
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/default-skin/default-skin.min.css">
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.js"></script>
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe-ui-default.min.js"></script>
<!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
<!-- Background of PhotoSwipe.
It's a separate element as animating opacity is faster than rgba(). -->
<div class="pswp__bg"></div>
<!-- Slides wrapper with overflow:hidden. -->
<div class="pswp__scroll-wrap">
<!-- Container that holds slides.
PhotoSwipe keeps only 3 of them in the DOM to save memory.
Don't modify these 3 pswp__item elements, data is added later on. -->
<div class="pswp__container">
<div class="pswp__item"></div>
<div class="pswp__item"></div>
<div class="pswp__item"></div>
</div>
<!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
<div class="pswp__ui pswp__ui--hidden">
<div class="pswp__top-bar">
<!-- Controls are self-explanatory. Order can be changed. -->
<div class="pswp__counter"></div>
<button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
<button class="pswp__button pswp__button--share" title="Share"></button>
<button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
<button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
<!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
<!-- element will get class pswp__preloader--active when preloader is running -->
<div class="pswp__preloader">
<div class="pswp__preloader__icn">
<div class="pswp__preloader__cut">
<div class="pswp__preloader__donut"></div>
</div>
</div>
</div>
</div>
<div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
<div class="pswp__share-tooltip"></div>
</div>
<button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
</button>
<button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
</button>
<div class="pswp__caption">
<div class="pswp__caption__center"></div>
</div>
</div>
</div>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="//www.googletagmanager.com/gtag/js?id=UA-157733505-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-157733505-1');
</script>
<script>
function initialTyped () {
var typedTextEl = $('.typed-text');
if (typedTextEl && typedTextEl.length > 0) {
var typed = new Typed('.typed-text', {
strings: ["凡事都要留几分", "颜值是第一生产力"],
typeSpeed: 90,
loop: true,
loopCount: Infinity,
backSpeed: 20,
});
}
}
if ($('.article-header') && $('.article-header').length) {
$(document).ready(function () {
initialTyped();
});
}
</script>
</html>

461
tags/Shell/index.html Normal file
View File

@ -0,0 +1,461 @@
<!DOCTYPE html>
<html lang="zh-CN" class="loading">
<head>
<!-- hexo-inject:begin --><!-- hexo-inject:end --><meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>Tag: Shell - Blog</title>
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="google" content="notranslate" />
<meta name="keywords" content="Developer, Python, C++, JavaScript, Java,">
<meta name="description" content="DavidZ&#39;s Blog,">
<meta name="author" content="DavidZ">
<link rel="alternative" href="atom.xml" title="Blog" type="application/atom+xml">
<link rel="icon" href="/img/favicon.png">
<link href="https://fonts.loli.net/css?family=Roboto+Mono|Rubik&display=swap" rel="stylesheet">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1429596_nzgqgvnmkjb.css">
<link rel="stylesheet" href="//cdn.bootcss.com/animate.css/3.7.2/animate.min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/css/share.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/codemirror.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/codemirror/5.48.4/theme/dracula.css">
<link rel="stylesheet" href="/css/obsidian.css">
<link rel="stylesheet" href="/css/ball-atom.min.css">
<meta name="generator" content="Hexo 4.2.0"><!-- hexo-inject:begin --><!-- hexo-inject:end --></head>
<body class="loading">
<!-- hexo-inject:begin --><!-- hexo-inject:end --><div class="loader">
<div class="la-ball-atom la-2x">
<div></div>
<div></div>
<div></div>
<div></div>
</div>
</div>
<span id="config-title" style="display:none">Blog</span>
<div id="loader"></div>
<div class="nav">
<ul id="menu-menu" class="menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false">ARCHIVES</a>
</li>
</ul>
<p class="copyright" id="copyright">
&copy; 2020 DavidZ.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme <a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</p>
</div>
<div id="container">
<div class="search-box">
<form class="site-search-form">
<span class="iconfont icon-search"></span>
<input type="text" id="local-search-input" class="st-search-input" />
<div class="iconfont icon-cross search-box-close"></div>
</form>
<div class="search-scrollable">
<div id="local-search-result" class="local-search-result-cls" data-initialise="首次搜索,正在载入索引文件,请稍后……"
data-start="输入关键词搜索。" data-empty="没有找到内容,请尝试更换检索词。">
<span>输入关键词搜索。</span>
</div>
</div>
</div>
<div id="header">
<div>
<div class="logo animated fadeInDown">
<img src="/img/favicon.png" alt="">
<a class="image-logo" href="/"></a>
</div>
<ul id="menu-menu" class="menu text-menu">
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/whoami/" title="ABOUT" external="false" class="menu-link">ABOUT</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/categories/" title="CATEGORIES" external="false" class="menu-link">CATEGORIES</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/tags/" title="TAGS" external="false" class="menu-link">TAGS</a>
</li>
<li class="animated fadeInDown menu-item menu-item-type-post_type menu-item-object-page">
<a href="/archives/" title="ARCHIVES" external="false" class="menu-link">ARCHIVES</a>
</li>
<li class="animated fadeInDown search-bar iconfont icon-search"></li>
</ul>
<div class="iconfont icon-menu switchmenu gradient-text animated fadeInDown"></div>
</div>
</div>
<div id="screen">
<div id="mark">
<div class="cover animated fadeIn" style="
animation-delay: 900ms;
animation-duration: 2.8s;
background-image:
radial-gradient(ellipse closest-side, rgba(0, 0, 0, 0.56), #100e17),
url(/img/cover.jpg);">
</div>
</div>
<div id="post0" class="else">
<p class="animated fadeInDown">
<a href="/categories/DevOps"><b>
</b>DEVOPS<b></b></a>
二月 10, 2020
</p>
<h3 class="post-title animated fadeInDown">
<a href="/kinsing-virus/" title="Kinsing - &quot;寄生&quot;于 Docker 的病毒" class="posttitle">Kinsing - &quot;寄生&quot;于 Docker 的病毒</a></h3>
<p class="post-count animated fadeInDown">
<span>
<b class="iconfont icon-text2"></b> <i>文章字数</i>
2k
</span>
<span>
<b class="iconfont icon-timer__s"></b> <i>阅读约需</i>
2 mins.
</span>
</p>
<ul class="animated fadeInDown post-tags-list" itemprop="keywords"><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Docker/" rel="tag">Docker</a></li><li class="animated fadeInDown post-tags-list-item"><a class="animated fadeInDown post-tags-list-link" href="/tags/Shell/" rel="tag">Shell</a></li></ul>
<div class="md-content animated fadeIn">
<p>2020 年开年不顺2019 新型冠状病毒肺炎爆发,从年三十居家隔离到了正月十五,没想到自己的服务器也”感染“上了病毒 - Kinsing(进程的名字,姑且这样称呼)。</p>
<p></p>
<p>偶然看了看服务器状态,发现 CPU 占用一直保持在 100%上下,有些蹊跷。</p>
<p>难道是我的博客访问量<s>暴增</s>???那是当然不可能的,然后我去看了看<a href="https://github.com/portainer/portainer" target="_blank" rel="noopener">Portainer</a>看了看,果然,</p>
<p></p>
<p>这个随机名称的容器就是 Kinsing 基于 Ubuntu 的容器CPU 占用 100%。</p>
<p></p>
<p>简单看了看容器里面的进程表,第一个运行了一个 shell 脚本,这个病毒就是这个脚本下载启动的关键,我打开看了看,<s>也没看懂</s>,大概是下载了几个可执行文件。...</p>
<span class="read-more"><a href="/kinsing-virus/" title="查看全文" class="posttitle">查看全文</a>
<b class="iconfont icon-arrow-right- gradient-text"></b></span>
</div>
</div>
</div>
<div class="screen-gradient-after">
<div class="screen-gradient-content">
<div class="screen-gradient-content-inside">
<div class="bold-underline-links screen-gradient-sponsor">
<p>
<span class="typed-text"></span>
</p>
</div>
</div>
</div>
</div>
<div id="primary">
</div>
</div>
<div id="preview"></div>
<div id="back-to-top" class="animated fadeIn faster">
<div class="flow"></div>
<span class="percentage animated fadeIn faster">0%</span>
<span class="iconfont icon-top02 animated fadeIn faster"></span>
</div><!-- hexo-inject:begin --><!-- hexo-inject:end -->
</body>
<footer>
<p class="copyright" id="copyright">
&copy; 2020
<span class="gradient-text">
DavidZ
</span>.
Powered by <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a>
Theme
<span class="gradient-text">
<a href="https://github.com/TriDiamond/hexo-theme-obsidian" title="Obsidian" target="_blank" rel="noopener">Obsidian</a>
</span>
<small><a href="https://github.com/TriDiamond/hexo-theme-obsidian/blob/master/CHANGELOG.md" title="v1.4.3" target="_blank" rel="noopener">v1.4.3</a></small>
</p>
</footer>
<script type="text/javascript" src="https://cdn.bootcss.com/mathjax/2.7.6/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script>
MathJax.Hub.Config({
"HTML-CSS": {
preferredFont: "TeX",
availableFonts: ["STIX", "TeX"],
linebreaks: {
automatic: true
},
EqnChunk: (MathJax.Hub.Browser.isMobile ? 10 : 50)
},
tex2jax: {
inlineMath: [
["$", "$"],
["\\(", "\\)"]
],
processEscapes: true,
ignoreClass: "tex2jax_ignore|dno",
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
},
TeX: {
noUndefined: {
attributes: {
mathcolor: "red",
mathbackground: "#FFEEEE",
mathsize: "90%"
}
},
Macros: {
href: "{}"
}
},
messageStyle: "none"
});
</script>
<script>
function initialMathJax() {
MathJax.Hub.Queue(function () {
var all = MathJax.Hub.getAllJax(),
i;
// console.log(all);
for (i = 0; i < all.length; i += 1) {
all[i].SourceElement().parentNode.className += ' has-jax';
}
});
}
function reprocessMathJax() {
if (typeof MathJax !== 'undefined') {
MathJax.Hub.Queue(["Typeset", MathJax.Hub]);
}
}
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.css">
<script src="//cdn.bootcss.com/gitalk/1.5.0/gitalk.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="/js/plugin.js"></script>
<script src="/js/obsidian.js"></script>
<script src="/js/jquery.truncate.js"></script>
<script src="/js/search.js"></script>
<script src="//cdn.bootcss.com/typed.js/2.0.10/typed.min.js"></script>
<script src="//cdn.bootcss.com/blueimp-md5/2.12.0/js/md5.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/js/social-share.min.js"></script>
<script src="https://cdn.bootcss.com/codemirror/5.48.4/codemirror.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/javascript/javascript.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/css/css.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/xml/xml.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/htmlmixed/htmlmixed.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/clike/clike.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/php/php.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/shell/shell.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/python/python.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/cmake/cmake.min.js"></script>
<script src="//cdn.bootcss.com/codemirror/5.48.4/mode/powershell/powershell.min.js"></script>
<script src="/js/busuanzi.min.js"></script>
<script>
$(document).ready(function () {
if ($('span[id^="busuanzi_"]').length) {
initialBusuanzi();
}
});
</script>
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/photoswipe/4.1.3/default-skin/default-skin.min.css">
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe.min.js"></script>
<script src="//cdn.bootcss.com/photoswipe/4.1.3/photoswipe-ui-default.min.js"></script>
<!-- Root element of PhotoSwipe. Must have class pswp. -->
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">
<!-- Background of PhotoSwipe.
It's a separate element as animating opacity is faster than rgba(). -->
<div class="pswp__bg"></div>
<!-- Slides wrapper with overflow:hidden. -->
<div class="pswp__scroll-wrap">
<!-- Container that holds slides.
PhotoSwipe keeps only 3 of them in the DOM to save memory.
Don't modify these 3 pswp__item elements, data is added later on. -->
<div class="pswp__container">
<div class="pswp__item"></div>
<div class="pswp__item"></div>
<div class="pswp__item"></div>
</div>
<!-- Default (PhotoSwipeUI_Default) interface on top of sliding area. Can be changed. -->
<div class="pswp__ui pswp__ui--hidden">
<div class="pswp__top-bar">
<!-- Controls are self-explanatory. Order can be changed. -->
<div class="pswp__counter"></div>
<button class="pswp__button pswp__button--close" title="Close (Esc)"></button>
<button class="pswp__button pswp__button--share" title="Share"></button>
<button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>
<button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>
<!-- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->
<!-- element will get class pswp__preloader--active when preloader is running -->
<div class="pswp__preloader">
<div class="pswp__preloader__icn">
<div class="pswp__preloader__cut">
<div class="pswp__preloader__donut"></div>
</div>
</div>
</div>
</div>
<div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
<div class="pswp__share-tooltip"></div>
</div>
<button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
</button>
<button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
</button>
<div class="pswp__caption">
<div class="pswp__caption__center"></div>
</div>
</div>
</div>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="//www.googletagmanager.com/gtag/js?id=UA-157733505-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-157733505-1');
</script>
<script>
function initialTyped () {
var typedTextEl = $('.typed-text');
if (typedTextEl && typedTextEl.length > 0) {
var typed = new Typed('.typed-text', {
strings: ["凡事都要留几分", "颜值是第一生产力"],
typeSpeed: 90,
loop: true,
loopCount: Infinity,
backSpeed: 20,
});
}
}
if ($('.article-header') && $('.article-header').length) {
$(document).ready(function () {
initialTyped();
});
}
</script>
</html>

2
tags/index.html
View File

@ -63,7 +63,7 @@
<div class="set">
<h1>标签</h1>
<div class="tagcloud">
<a href="/tags/ANU/" style="font-size: 16px; color: #0ed2f7">ANU</a> <a href="/tags/Ada/" style="font-size: 16px; color: #0ed2f7">Ada</a> <a href="/tags/Cpp/" style="font-size: 16px; color: #0ed2f7">Cpp</a> <a href="/tags/Microsoft/" style="font-size: 16px; color: #0ed2f7">Microsoft</a> <a href="/tags/Open-Source/" style="font-size: 16px; color: #0052d4">Open-Source</a> <a href="/tags/Others/" style="font-size: 16px; color: #0ed2f7">Others</a> <a href="/tags/Terminal/" style="font-size: 16px; color: #0ed2f7">Terminal</a>
<a href="/tags/ANU/" style="font-size: 16px; color: #0ed2f7">ANU</a> <a href="/tags/Ada/" style="font-size: 16px; color: #0ed2f7">Ada</a> <a href="/tags/Cpp/" style="font-size: 16px; color: #0ed2f7">Cpp</a> <a href="/tags/Docker/" style="font-size: 16px; color: #0ed2f7">Docker</a> <a href="/tags/Microsoft/" style="font-size: 16px; color: #0ed2f7">Microsoft</a> <a href="/tags/Open-Source/" style="font-size: 16px; color: #0052d4">Open-Source</a> <a href="/tags/Others/" style="font-size: 16px; color: #0ed2f7">Others</a> <a href="/tags/Shell/" style="font-size: 16px; color: #0ed2f7">Shell</a> <a href="/tags/Terminal/" style="font-size: 16px; color: #0ed2f7">Terminal</a>
</div>
</div>

6
windows-package-manager-scoop/index.html
View File

@ -368,9 +368,9 @@ scoop list
</dl>
</div>
<ul>
<li><a href="/">5 <p>文章</p></a></li>
<li><a href="/categories">4 <p>分类</p></a></li>
<li><a href="/tags">7 <p>标签</p></a></li>
<li><a href="/">6 <p>文章</p></a></li>
<li><a href="/categories">5 <p>分类</p></a></li>
<li><a href="/tags">9 <p>标签</p></a></li>
</ul>
</div>