当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 4 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : 为什么我的VPS需要重装系统啊?
帖子发表于 : 2011-07-19 19:36 
头像

注册: 2008-02-24 14:15
帖子: 693
地址: 江苏
系统: Ubuntu
送出感谢: 17
接收感谢: 0 次
引用:
VPS警告紧急通知 [Abuse Alert] 207746.meteormatt.taobao.com
2 封邮件
vps alinux <*@gmail.com> 2011年7月19日 上午9:43
收件人: *@gmail.com
meteormatt,你好

现收到BurstNET 对你的VPS(184.82.232.12)发出的警告。具体内容如下。请尽快reload重装系统。处理完毕告知我。我好通知官主恢复你的VPS。否则官方会一直冻结你的VPS。

谢谢你的配合。



---------- Forwarded message ----------
From: <abuse@burst.net>
Date: 2011/7/19
Subject: [Abuse Alert] 207746.meteormatt.taobao.com
To: oneleaf@gmail.com


Dear BurstNET Customer,

We have received a report of suspicious network activity involving a system under your management. Details have been included at the end of this message.

Please investigate the claim and immediately let us know what you find. Be sure to include details of actions taken to prevent further abuse.

We look forward to your prompt response.

Note: If this is a critical matter or additional reports are received, we may need to immediately deactivate the system until the matter can be addressed.

Sincerely,

BurstNET Abuse Department
BurstNET BASIC POLICY & SERVICE GUIDELINES (AUP)
https://www.burst.net/policy/terms.shtml [US]
http://burstnet.eu/policy/terms.shtml [EU]

-----------------------------------------------------------------------
*** If an adequate response is not received within 24 hours,
service may be suspended and a $50.00 fee will be assessed.
-----------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


==============================================================
You are receiving this message because you are listed as the
contact for the IP 184.82.232.12 on the ARIN Whois Database
(http://www.arin.net/whois/arinwhois.html).

This message is intended for the person responsible for
computer security at your site. If this is not the correct
address, please forward this message to the appropriate party.
==============================================================
Incident number: TN-1490/2011
=============================

Dear Administrator,

We have detected a recent scan probe in our servers. This
security incident seems to be originated from an IP address
registered to your network.

Here follows the log records regarding such incidente.
Timezone in UTC.


###begin###

2011-07-13 15:55:08 tcp from 184.82.232.12:53506 to 143.106.71.0:22
2011-07-13 15:55:08 tcp from 184.82.232.12:53523 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53537 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53554 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53572 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53591 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53608 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53627 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53651 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53666 to 143.106.71.0:22
[...]
2011-07-13 16:17:31 tcp from 184.82.232.12:50948 to 143.106.71.0:22
2011-07-13 16:17:31 tcp from 184.82.232.12:50951 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:50970 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:50980 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51000 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51078 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51083 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51086 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51094 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51098 to 143.106.71.0:22

###end###


We are asking for your help in order to identify who did
chose conections and what was his/her purpose.

You should investigate this suspicious activity because
it could mean that your network has been compromised and
is being used as a launch point for attacks, or someone
of your legitimate users are doing hacking activities.

We would like to inform that we maintain a database with all
incident reporting and tracking of State University of Campinas
and we need your response as soon as possible to resolve this
entry.

Thank you for your cooperation.


Best regards,
Computer Security Incident Response Team - CSIRT
State University of Campinas - Unicamp
Information and Communication Technology Office - CCUEC
Information Technology Security Team - GSTI
GnuPG Public Key: http://www.security.unicamp.br/security.asc
Contact: +55 19 3521-2289 ou INOC-DBA: 1251830
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAk4kepMACgkQ/UMb1l3gm8Kj9wCeITnG4w/rTvsdHvW8Jlu7VOil
wYYAoPCPYD7PPUswjgOl4x2Ldzc6oHK9
=ohQU
-----END PGP SIGNATURE-----


Meteor <*@gmail.com> 2011年7月19日 下午7:18
收件人: vps alinux <*@gmail.com>
可是我没有乱用啊.


附件:
7月19日情况1.jpg
7月19日情况1.jpg [ 428.02 KiB | 被浏览 2207 次 ]



_________________

怀念以前的老台式机。可惜现在租的地方没条件用了。目前只能用笔记本和手机了。


页首
 用户资料  
 
2 楼 
 文章标题 : Re: 为什么我的VPS需要重装系统啊?
帖子发表于 : 2011-07-20 11:14 

注册: 2009-10-03 23:31
帖子: 3030
送出感谢: 1
接收感谢: 14
你的IP184.82.232.12从事了网络攻击被人家追踪到了,所以供应商burst.net给你发来了警告信。如果你自己没乱用的话,那就应该是你的VPS被入侵后,被人当作了网络攻击的跳板。检查一下服务器的日志,看看有些什么异常的情况。重装系统也不失为一种简单、快速的解决办法。


页首
 用户资料  
 
3 楼 
 文章标题 : Re: 为什么我的VPS需要重装系统啊?
帖子发表于 : 2011-07-21 18:20 
头像

注册: 2008-02-24 14:15
帖子: 693
地址: 江苏
系统: Ubuntu
送出感谢: 17
接收感谢: 0 次
levee 写道:
你的IP184.82.232.12从事了网络攻击被人家追踪到了,所以供应商burst.net给你发来了警告信。如果你自己没乱用的话,那就应该是你的VPS被入侵后,被人当作了网络攻击的跳板。检查一下服务器的日志,看看有些什么异常的情况。重装系统也不失为一种简单、快速的解决办法。

唉,
以前的数据都没了.


_________________

怀念以前的老台式机。可惜现在租的地方没条件用了。目前只能用笔记本和手机了。


页首
 用户资料  
 
4 楼 
 文章标题 : Re: 为什么我的VPS需要重装系统啊?
帖子发表于 : 2011-07-25 0:26 

注册: 2011-06-29 9:44
帖子: 7
送出感谢: 0 次
接收感谢: 0 次
84最近封锁很厉害 恶心!!!!!!!!!111


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 4 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译