Aliyun account purchase: what should I do if my Aliyun account is stolen?
If you are scared to open this article because you saw "remote login reminder", "password changed" or received an inexplicable fee deduction text message, please take a deep breath first.
Listen to me, now is not the time to clap your thighs and regret it. The golden self-rescue time that hackers leave you may only be a short ten minutes.
Once Aliyun account is stolen, it not only means that your server, database, domain name and other core digital assets are at risk of being emptied or sold maliciously, but also, more deadly, hackers may use your bound Alipay and credit card to carry out high and crazy deductions, and even use your enterprise qualification to do illegal activities.
Don't panic, follow the following "three-step" emergency rescue process, we will minimize the loss and take back the control step by step.
Purchase with an Alibaba Cloud account
The first step: race against time! Perform "one-click emergency freeze"
The first thing a hacker does after getting the account is usually to modify the binding phone and mailbox in an attempt to lock you out completely. At this time, if you go through the conventional password retrieval process, you will often get stuck in the endless loop of "verification code sent to hacker's mobile phone.
So, we're in no hurry to get it back, first
Freeze
It makes everyone unable to move.
Route 1: Official Customer Service Phone (Fastest and Most Direct)
Immediately call Aliyun's official customer service number: 95187.
After dialing, directly switch to the manual service, or select "account security/emergency freeze" according to the voice prompt ".
Tell customer service: "My account has been stolen, now apply for emergency restriction of login (account freezing)!"
After checking your identity information (such as registered ID number, business license, bound Alipay, etc.), the customer service will instantly lock the account online.
Path 2: Freeze online independent complaints
Purchase with an Alibaba Cloud account
If you are temporarily unable to contact by phone, or the hacker has not had time to modify your verification information, log on to Aliyun official website immediately.
Security Center or Grievance Page
.
Real life experience tips: in the extreme case of not being able to pass the binding mobile phone verification, directly click * * "submit a complaint" * * in the lower left corner. Aliyun will open a green channel to forcibly report the loss and freeze the account by uploading ID cards, scanning faces or manually reviewing enterprise qualifications.
Step 2: Hold tight the purse! Cut off the chain of funds deduction
After the account is stolen, the most painful thing is the loss of funds. Hackers often maliciously open high-configuration servers to "mine" or purchase high-value cloud services. If you don't cut off the payment source in time, your bank card may be maxed out instantly.
1. Alipay unbinds or turns off automatic deduction
Since many people's Aliyun is directly bound to Alipay, you need to do the following on your mobile phone Alipay:
Open Alipay App and click "my" settings "" payment settings "" secret-free payment/automatic deduction ".
Find "Aliyun" or related contracted services in the list and click "Close Service" decisively ".
2. Bank card loss or limit
If you bind a bank card or credit card in Aliyun and turn it on
Automatic recharge, immediately log in to the corresponding online banking App, the card's
Online payment limit lowered to 0
, or call the bank directly for temporary loss reporting.
Step 3: Comprehensive investigation, recapture of sovereignty and post-disaster reconstruction
When the account is successfully frozen and the chain of funds is cut off, you can finally catch your breath. Next, we need to unfreeze the account through official channels and start cleaning up the "backdoor" left by hackers ".
1. Completely clean the login credentials
After getting the account back, the first thing is
Change password
. The new password must follow the combination of "uppercase letters + lowercase letters + numbers + special symbols" and be no less than 12 characters in length.
2. Check and clean up the "hacking back door" (core focus)
Many friends thought that everything would be fine if they changed the password, but it was stolen the next day. Why? Because the hacker left a back door! Be sure to check the following three places:
RAM access control (sub-account): Hackers like to create a sub-account with high permissions under the stolen account.
Purchase with an Alibaba Cloud account
(AK/SK), so that even if you change the password of the main account, he can still control your server with the sub-account. Check the RAM console, find unfamiliar users and keys, and delete them immediately!
Security group rules: Check the security group of your ECS server to see if hackers have quietly released some strange IP ports (such as 22, 3389, or mining ports).
Operation logs: In Aliyun's "Operation Audit (ActionTrail)", pull out the logs in recent days to see what resources hackers have moved and whether Trojan horses have been planted in your server.
Avoiding the pit summary: how to prevent the "tragedy" from happening again in the future?
After a thrilling theft, we must grow wise. As a past person, I 'd like to give you some life-saving advice:
MFA (multi-factor authentication) must be turned on: this is the most cost-effective means of anti-theft. Bind virtual MFA (such as mobile phone login audit App) in Aliyun. After logging in, changing the password and deleting data, you must not only enter the password, but also enter the 6-digit verification code dynamically generated on the mobile phone. Hackers are anxious even if they get your password.
Never write dead AccessKey in clear text in the code: many programmers directly transfer the code with Aliyun key to public platforms such as GitHub, which is equivalent to hanging the home key on the public screen.
Regular snapshots and backups: data is priceless. in case hackers delete all the data in extreme situations, with snapshots, you can be revived in a few minutes.
Finally summed up in one sentence
Theft is not terrible, it is speed. Make a phone call
95187
Freeze your account and go to Alipay to turn off the automatic deduction. After these two steps are completed, you have already won 90% of the hackers.
Go and check your account security settings quickly, don't wait for something to regret!
Purchase with an Alibaba Cloud account
