Troubleshooting instance is not available for Alibaba Cloud yum tool and outbound port 80.

I received a message from Alibaba Cloud/a letter from the station reminding me that an online resource was invaded by a virus. Check the alarm details, log in to the server, and confirm that you are infected with DDG mining virus, and the invasion point is redis. Because of the complicated virus behavior, it is difficult to completely delete the changes to the system, so we decided to reset the instance and then redeploy the service.

After resetting the instance, yum was found to be unavailable. Prompt yum connection has timed out. The destination host of the connection is Alibaba Cloud's yum source (IP address 233. * is the external network address), and the protocol is HTTP.

Further tests show that DNS resolution is normal, curl accesses the internal network port 80 normally, Curl accesses the external network port 80 all overtime, and 8080/443 accesses the external network part with non-port 80 normally.

Iptables of the inspected machine is not enabled, and the outbound direction of Alibaba Cloud Security Group is not limited. Then submit a work order and contact Alibaba Cloud.

After-sales customer service replied in the work order that a large number of web attacks had been detected on the machine before, and Alibaba Cloud had blocked the outbound specific port of this instance. After the problem has been eliminated in the work order, the customer service will manually lift the ban in advance.

This prohibition will not be reflected in the security group. You can view ban records in Yundun Security Management Console. This console can also be accessed from the account icon-Security Control-Punishment list in the upper right corner of Alibaba Cloud console. In addition, the penalty notice will also be sent by mail in the station (I don't know if there is a short message), so it is very necessary to check the mail in the station in time.

As a RAM user, it is difficult to maintain the login status. At the same time, the main account is not reasonable in setting the notification method, and is not familiar with the detection notification mechanism in Alibaba Cloud, which leads to a long investigation time.

Alibaba Cloud Yum's outbound port is forbidden to invade.