这是一个创建于 4562 天前的主题,其中的信息可能已经有所发展或是发生改变。
晚上收到邮件说VPS被暂停,Suspension Reason: Hacking
提交Ticket询问客服,得到了这么一篇答复,不太明白什么意思,请大家帮忙
your Server with the IP: 199.195.142.253 has attacked one of our server/partner on the service:
"regbot" on Time: Thu, 10 May 2012 13:14:19 +0200. The time is from the Server of the blocklist-user (so, please check it +-10 minutes, when the time is false).
The IP was automatically blocked for a while time. To block an IP, it needs most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist.de!
Please check the machine behind the IP 199.195.142.253 (199.195.142.253) and fix the problem.
Search for AS-Number/IPs from you, look at https://www.blocklist.de/en/search.html?as=17139
You can parse this Mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
You found more Information about X-Arf under http://www.x-arf.org/specification.html
This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.
To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.
https://www.blocklist.de/en/[email protected]
We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.
He has registered automatically on a honeypot Wiki/Forum/Blog-System....
At the site there is a notice that all postings and registrations will be reported.
He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
http://blog.blocklist.de/2011/03/14/erlauterung-der-einzelnen-dienste-badbots-apacheddos-postfix/#regbots
If the IP a Tor-Server: http://blog.blocklist.de/tor-server-owner/
Kind Regards,
Joe Selly
QuickWeb Admin Staff
QuickWeb Hosting Solutions
VPS HOSTING IN 12 CITIES WORLDWIDE!
Follow us on Twitter: http://twitter.com/quickwebhosting
Private and Confidential
This electronic ticket/message and any files transmitted with it are intended solely to be viewed by YOU or your representative and may contain information that is confidential or privileged
提交Ticket询问客服,得到了这么一篇答复,不太明白什么意思,请大家帮忙
your Server with the IP: 199.195.142.253 has attacked one of our server/partner on the service:
"regbot" on Time: Thu, 10 May 2012 13:14:19 +0200. The time is from the Server of the blocklist-user (so, please check it +-10 minutes, when the time is false).
The IP was automatically blocked for a while time. To block an IP, it needs most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist.de!
Please check the machine behind the IP 199.195.142.253 (199.195.142.253) and fix the problem.
Search for AS-Number/IPs from you, look at https://www.blocklist.de/en/search.html?as=17139
You can parse this Mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
You found more Information about X-Arf under http://www.x-arf.org/specification.html
This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.
To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.
https://www.blocklist.de/en/[email protected]
We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.
He has registered automatically on a honeypot Wiki/Forum/Blog-System....
At the site there is a notice that all postings and registrations will be reported.
He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
http://blog.blocklist.de/2011/03/14/erlauterung-der-einzelnen-dienste-badbots-apacheddos-postfix/#regbots
If the IP a Tor-Server: http://blog.blocklist.de/tor-server-owner/
Kind Regards,
Joe Selly
QuickWeb Admin Staff
QuickWeb Hosting Solutions
VPS HOSTING IN 12 CITIES WORLDWIDE!
Follow us on Twitter: http://twitter.com/quickwebhosting
Private and Confidential
This electronic ticket/message and any files transmitted with it are intended solely to be viewed by YOU or your representative and may contain information that is confidential or privileged
 |
1
lfzyx 2012-05-10 21:05:13 +08:00
垃圾邮件?
|
 |
3
vaan 2012-05-10 21:13:57 +08:00
简单翻一下:
你拥有的IP地址为“99.195.142.253”的VPS,在2012年5月10日下午1点14分(时间上可能有10分钟上下的误差,这个时间由blocklist服务器提供),攻击了我们的regbot节点。 这个IP已经被自动封锁了一段时间。而三次登陆ssh、imap、或者其他什么的失败,比如无效用户或者5XX错误等等,都会封锁IP。而这些设置,都可以由blocklist服务器设定。 请检查你的VPS并解决这个问题,如果你想查看AS,请访问https://www.blocklist.de/en/search.html?as=17139 你能用X-ARF工具(地址:http://www.x-arf.org/tools.html )分析这份邮件,更多信息,请看:http://www.x-arf.org/specification.html 如果一天后出现更多的攻击,那么您会再收到这份邮件,附件里有我们系统的协议。 想在一周内不收到这邮件,你可以把IP地址和邮箱提交给我们的Blocklist服务器。如果一周内还有攻击,那么这个封锁将会取消并再次发给你新的报告邮件。 我们发现你的VPS在发垃圾邮件… 也就是说,你的VPS攻击了(可能是群发垃圾邮件)他们的其他节点,进后台面板看看流量有没有异常,估计是root被破解被人用发垃圾邮件了… |
 |
4
eerie 2012-05-10 21:14:37 +08:00
就地一段有用吧
你都跑了些啥程序啊 可不可能被当作跳板了 |
 |
5
binux 2012-05-10 21:21:05 +08:00
我收过一次,因为开了给squid,deny all没有设置对,被当作跳板了。
我收到这个邮件的马上改好了,立即回复了一份邮件,说明了原因,并且保证以后不会再有这样的问题,就没事了。 虽然我不是一上来就被封的,看到记录似乎有被重启(squid被我监控拉起了。。)。你之前是否还有收到过类似邮件但没有处理? |
Select Language