VPS被暂停,请大家帮忙看下客服的答复是什么意思

2012-05-10 20:41:56 +08:00
 ZCX
晚上收到邮件说VPS被暂停,Suspension Reason: Hacking
提交Ticket询问客服,得到了这么一篇答复,不太明白什么意思,请大家帮忙

your Server with the IP: 199.195.142.253 has attacked one of our server/partner on the service:
"regbot" on Time: Thu, 10 May 2012 13:14:19 +0200. The time is from the Server of the blocklist-user (so, please check it +-10 minutes, when the time is false).

The IP was automatically blocked for a while time. To block an IP, it needs most 3 failed Logins (ssh, imap....), one match for "invalid user" or a 5xx-Error-Code (eg.
Blacklist on mail...)! The Server-Owner can set the limits and not blocklist.de!


Please check the machine behind the IP 199.195.142.253 (199.195.142.253) and fix the problem.
Search for AS-Number/IPs from you, look at https://www.blocklist.de/en/search.html?as=17139

You can parse this Mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
You found more Information about X-Arf under http://www.x-arf.org/specification.html

This mail will be sent again after one day if more attacks are recognized.
In the attachment of this mail you can find the original protocols of our systems.

To pause this message for one week, you can insert the IP and E-Mailaddress to our Blocklist.
If more attacks of your network are recognized after the pause of seven days, the block will
be canceled and you will get new reports.

https://www.blocklist.de/en/insert.html?ip=199.195.142.253&email=admin@quickweb.co.nz

We found your address in the Whois-Data from the IP under the SearchString "abuse-mailbox"
Answer us to rewrite the address (to abuse-quiet or a special address) for all upcoming reports.

He has registered automatically on a honeypot Wiki/Forum/Blog-System....
At the site there is a notice that all postings and registrations will be reported.
He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
http://blog.blocklist.de/2011/03/14/erlauterung-der-einzelnen-dienste-badbots-apacheddos-postfix/#regbots

If the IP a Tor-Server: http://blog.blocklist.de/tor-server-owner/



Kind Regards,

Joe Selly
QuickWeb Admin Staff

QuickWeb Hosting Solutions
VPS HOSTING IN 12 CITIES WORLDWIDE!
Follow us on Twitter: http://twitter.com/quickwebhosting

Private and Confidential
This electronic ticket/message and any files transmitted with it are intended solely to be viewed by YOU or your representative and may contain information that is confidential or privileged
8189 次点击
所在节点    问与答
11 条回复
lfzyx
2012-05-10 21:05:13 +08:00
垃圾邮件?
ZCX
2012-05-10 21:05:45 +08:00
@lfzyx 我看了半天也没明白是什么意思
vaan
2012-05-10 21:13:57 +08:00
简单翻一下:

你拥有的IP地址为“99.195.142.253”的VPS,在2012年5月10日下午1点14分(时间上可能有10分钟上下的误差,这个时间由blocklist服务器提供),攻击了我们的regbot节点。

这个IP已经被自动封锁了一段时间。而三次登陆ssh、imap、或者其他什么的失败,比如无效用户或者5XX错误等等,都会封锁IP。而这些设置,都可以由blocklist服务器设定。

请检查你的VPS并解决这个问题,如果你想查看AS,请访问https://www.blocklist.de/en/search.html?as=17139

你能用X-ARF工具(地址:http://www.x-arf.org/tools.html )分析这份邮件,更多信息,请看:http://www.x-arf.org/specification.html

如果一天后出现更多的攻击,那么您会再收到这份邮件,附件里有我们系统的协议。

想在一周内不收到这邮件,你可以把IP地址和邮箱提交给我们的Blocklist服务器。如果一周内还有攻击,那么这个封锁将会取消并再次发给你新的报告邮件。

我们发现你的VPS在发垃圾邮件…

也就是说,你的VPS攻击了(可能是群发垃圾邮件)他们的其他节点,进后台面板看看流量有没有异常,估计是root被破解被人用发垃圾邮件了…
eerie
2012-05-10 21:14:37 +08:00
就地一段有用吧
你都跑了些啥程序啊
可不可能被当作跳板了
binux
2012-05-10 21:21:05 +08:00
我收过一次,因为开了给squid,deny all没有设置对,被当作跳板了。

我收到这个邮件的马上改好了,立即回复了一份邮件,说明了原因,并且保证以后不会再有这样的问题,就没事了。
虽然我不是一上来就被封的,看到记录似乎有被重启(squid被我监控拉起了。。)。你之前是否还有收到过类似邮件但没有处理?
ZCX
2012-05-10 21:22:46 +08:00
@vaan 我现在都已经无法登录SSH和后台控制面板了
ZCX
2012-05-10 21:23:30 +08:00
@eerie 就安装了LNMP一键包,还没跑网站,PPTP+OPENVPN
ZCX
2012-05-10 21:23:57 +08:00
@binux 今天第一次收到,直接被封,崩溃...
vaan
2012-05-10 21:28:48 +08:00
@ZCX 那就发tk吧…
ZCX
2012-05-10 21:29:53 +08:00
@vaan 收到这条超长的TK以后,就再也没有回复了
vaan
2012-05-10 21:45:14 +08:00
@ZCX 那就坐等其他人解答了要……我在自己的节点上基本是投诉其他人,部分网站太擦边球…

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/35393

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX