Remove and Block Aliyun

Before you install your proxy app on Aliyun ECS, you should do something to block the aliyun’s built-in services.

rm -rf /etc/motd &>/dev/null 
rm -fr /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null 
rm -rf /lib/systemd/system/aliyun.service &>/dev/null 
mkdir /usr/local/{aegis,cloudmonitor,qcloud} 
killall -9 sgagent &>/dev/null 
killall -9 barad_agent &>/dev/null 
killall -9 aliyun_assist_update &>/dev/null 
killall -9 aliyun_assist_update &>/dev/null 
killall -9 AliSecureCheckAdvanced &>/dev/null 
killall -9 CmsGoAgent.linux-amd64 &>/dev/null 
kill -9 `pidof YDLive` &>/dev/null 
kill -9 `pidof YDService` &>/dev/null 
kill -9 `pidof wrapper` &>/dev/null 
kill -9 `pidof AliYunDun` &>/dev/null 
kill -9 `pidof AliYunDunUpdate` &>/dev/null

Don’t forget to enable your firewall to block the untrust access.

I am using the ufw to controll the firewall rules.

apt install ufw
ufw enable
vi /etc/default/ufw  # make sure IPV6=yes is actived
ufw default deny incoming  # default deny all incoming connecttion
ufw default allow outgoing # default allow all outgoing connection
ufw allow 22/tcp # this is very important, don't forget this.

after you do some basic configurations with the ufw, you should block all Aliyun’s IPs.

vi /etc/ufw/before.rules

find ** # End required lines** , add the following contents into it.

-A ufw-before-input -s 140.205.201.0/24 -j DROP
-A ufw-before-input -s 140.205.201.0/28 -j DROP
-A ufw-before-input -s 140.205.201.16/29 -j DROP
-A ufw-before-input -s 140.205.201.32/28 -j DROP
-A ufw-before-input -s 140.205.225.0/24 -j DROP
-A ufw-before-input -s 140.205.225.192/29 -j DROP
-A ufw-before-input -s 140.205.225.200/30 -j DROP
-A ufw-before-input -s 140.205.225.184/29 -j DROP
-A ufw-before-input -s 140.205.225.183/32 -j DROP
-A ufw-before-input -s 140.205.225.206/32 -j DROP
-A ufw-before-input -s 140.205.225.205/32 -j DROP
-A ufw-before-input -s 140.205.225.195/32 -j DROP
-A ufw-before-input -s 140.205.225.204/32 -j DROP
-A ufw-before-input -s 106.11.224.0/26 -j DROP
-A ufw-before-input -s 106.11.224.64/26 -j DROP
-A ufw-before-input -s 106.11.224.128/26 -j DROP
-A ufw-before-input -s 106.11.224.192/26 -j DROP
-A ufw-before-input -s 106.11.222.64/26 -j DROP
-A ufw-before-input -s 106.11.222.128/26 -j DROP
-A ufw-before-input -s 106.11.222.192/26 -j DROP
-A ufw-before-input -s 106.11.223.0/26 -j DROP
-A ufw-before-input -s 112.124.127.224 -j DROP
-A ufw-before-input -s 112.124.127.44 -j DROP
-A ufw-before-input -s 112.124.127.64 -j DROP
-A ufw-before-input -s 112.124.127.53 -j DROP
-A ufw-before-input -s 120.26.216.168 -j DROP
-A ufw-before-input -s 120.26.64.126 -j DROP
-A ufw-before-input -s 121.43.107.174 -j DROP
-A ufw-before-input -s 121.43.107.176 -j DROP
-A ufw-before-input -s 121.41.117.242 -j DROP
-A ufw-before-input -s 121.40.130.38 -j DROP
-A ufw-before-input -s 121.41.112.148 -j DROP
-A ufw-before-input -s 115.29.112.222 -j DROP
-A ufw-before-input -s 115.28.203.70 -j DROP
-A ufw-before-input -s 42.96.189.63 -j DROP
-A ufw-before-input -s 115.29.113.101 -j DROP
-A ufw-before-input -s 120.27.40.113 -j DROP
-A ufw-before-input -s 115.28.171.22 -j DROP
-A ufw-before-input -s 115.28.189.208 -j DROP
-A ufw-before-input -s 121.42.196.232 -j DROP
-A ufw-before-input -s 115.28.26.13 -j DROP
-A ufw-before-input -s 120.27.47.144 -j DROP
-A ufw-before-input -s 120.27.47.33 -j DROP
-A ufw-before-input -s 112.126.74.55 -j DROP
-A ufw-before-input -s 182.92.148.207 -j DROP
-A ufw-before-input -s 182.92.1.233 -j DROP
-A ufw-before-input -s 112.126.73.56 -j DROP
-A ufw-before-input -s 123.56.138.37 -j DROP
-A ufw-before-input -s 123.57.10.133 -j DROP
-A ufw-before-input -s 112.126.75.174 -j DROP
-A ufw-before-input -s 182.92.157.118 -j DROP
-A ufw-before-input -s 112.126.75.221 -j DROP
-A ufw-before-input -s 182.92.69.212 -j DROP
-A ufw-before-input -s 10.153.174.11 -j DROP
-A ufw-before-input -s 10.153.175.147 -j DROP
-A ufw-before-input -s 10.153.175.146 -j DROP
-A ufw-before-input -s 110.75.0.0/16 -j DROP
-A ufw-before-input -s 42.120.0.0/16 -j DROP

don’f forget reload your firewall with ufw.

ufw reload

Now you can do anything you want.