hasancc/remove_vserver_trojan

## remove_vserver_trojan
#!/bin/sh

# remove malware
rm -f /boot/Ip*
rm -f /boot/.Ip*
rm -f /boot/..Ip*
rm -f /usr/.Ip*
rm -f /tmp/29*
rm -f /.my*
rm -f /etc/rc2.d/S55Ip*
rm -f /etc/rc3.d/S55Ip*
rm -f /etc/rc4.d/S55Ip*
rm -f /etc/rc5.d/S55Ip*
rm -f /var/lib/update-rc.d/IptabLex

# block IPs in firewall
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -s 222.184.0.0/16 -j DROP
iptables -I INPUT -s 222.185.0.0/16 -j DROP
iptables -I INPUT -s 222.186.0.0/16 -j DROP
iptables -I INPUT -s 222.187.0.0/16 -j DROP
iptables -I INPUT -s 222.188.0.0/16 -j DROP
iptables -I INPUT -s 222.189.0.0/16 -j DROP
iptables -I INPUT -s 222.190.0.0/16 -j DROP
iptables -I INPUT -s 222.191.0.0/16 -j DROP
iptables -I INPUT -s 59.0.0.0/8 -j DROP
iptables -I INPUT -s 119.0.0.0/8 -j DROP
iptables -I INPUT -s 162.221.12.0/22 -j DROP
iptables -I INPUT -s 218.0.0.0/8 -j DROP
iptables -I INPUT -s 23.239.192.0/19 -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 64344 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -I OUTPUT -d 222.184.0.0/16 -j DROP
iptables -I OUTPUT -d 222.185.0.0/16 -j DROP
iptables -I OUTPUT -d 222.186.0.0/16 -j DROP
iptables -I OUTPUT -d 222.187.0.0/16 -j DROP
iptables -I OUTPUT -d 222.188.0.0/16 -j DROP
iptables -I OUTPUT -d 222.189.0.0/16 -j DROP
iptables -I OUTPUT -d 222.190.0.0/16 -j DROP
iptables -I OUTPUT -d 222.191.0.0/16 -j DROP
iptables -I OUTPUT -d 59.0.0.0/8 -j DROP
iptables -I OUTPUT -d 119.0.0.0/8 -j DROP
iptables -I OUTPUT -d 162.221.12.0/22 -j DROP
iptables -I OUTPUT -d 218.0.0.0/8 -j DROP
iptables -I OUTPUT -d 23.239.192.0/19 -j DROP
iptables -P OUTPUT ACCEPT
iptables -L -v -n
	#!/bin/sh

	# remove malware
	rm -f /boot/Ip*
	rm -f /boot/.Ip*
	rm -f /boot/..Ip*
	rm -f /usr/.Ip*
	rm -f /tmp/29*
	rm -f /.my*
	rm -f /etc/rc2.d/S55Ip*
	rm -f /etc/rc3.d/S55Ip*
	rm -f /etc/rc4.d/S55Ip*
	rm -f /etc/rc5.d/S55Ip*
	rm -f /var/lib/update-rc.d/IptabLex

	# block IPs in firewall
	iptables -P INPUT ACCEPT
	iptables -F
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -I INPUT -s 222.184.0.0/16 -j DROP
	iptables -I INPUT -s 222.185.0.0/16 -j DROP
	iptables -I INPUT -s 222.186.0.0/16 -j DROP
	iptables -I INPUT -s 222.187.0.0/16 -j DROP
	iptables -I INPUT -s 222.188.0.0/16 -j DROP
	iptables -I INPUT -s 222.189.0.0/16 -j DROP
	iptables -I INPUT -s 222.190.0.0/16 -j DROP
	iptables -I INPUT -s 222.191.0.0/16 -j DROP
	iptables -I INPUT -s 59.0.0.0/8 -j DROP
	iptables -I INPUT -s 119.0.0.0/8 -j DROP
	iptables -I INPUT -s 162.221.12.0/22 -j DROP
	iptables -I INPUT -s 218.0.0.0/8 -j DROP
	iptables -I INPUT -s 23.239.192.0/19 -j DROP
	iptables -A INPUT -p tcp --dport 21 -j ACCEPT
	iptables -A INPUT -p tcp --dport 64344 -j ACCEPT
	iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	iptables -A INPUT -p tcp --dport 81 -j ACCEPT
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -I OUTPUT -d 222.184.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.185.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.186.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.187.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.188.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.189.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.190.0.0/16 -j DROP
	iptables -I OUTPUT -d 222.191.0.0/16 -j DROP
	iptables -I OUTPUT -d 59.0.0.0/8 -j DROP
	iptables -I OUTPUT -d 119.0.0.0/8 -j DROP
	iptables -I OUTPUT -d 162.221.12.0/22 -j DROP
	iptables -I OUTPUT -d 218.0.0.0/8 -j DROP
	iptables -I OUTPUT -d 23.239.192.0/19 -j DROP
	iptables -P OUTPUT ACCEPT
	iptables -L -v -n