为什么我的VPS需要重装系统啊?

[meteormatt]

VPS警告紧急通知 [Abuse Alert] 207746.meteormatt.taobao.com
2 封邮件
vps alinux <*@gmail.com> 2011年7月19日 上午9:43
收件人: *@gmail.com
meteormatt，你好

现收到BurstNET 对你的VPS（184.82.232.12）发出的警告。具体内容如下。请尽快reload重装系统。处理完毕告知我。我好通知官主恢复你的VPS。否则官方会一直冻结你的VPS。

谢谢你的配合。



---------- Forwarded message ----------
From: <abuse@burst.net>
Date: 2011/7/19
Subject: [Abuse Alert] 207746.meteormatt.taobao.com
To: oneleaf@gmail.com


Dear BurstNET Customer,

We have received a report of suspicious network activity involving a system under your management. Details have been included at the end of this message.

Please investigate the claim and immediately let us know what you find. Be sure to include details of actions taken to prevent further abuse.

We look forward to your prompt response.

Note: If this is a critical matter or additional reports are received, we may need to immediately deactivate the system until the matter can be addressed.

Sincerely,

BurstNET Abuse Department
BurstNET BASIC POLICY & SERVICE GUIDELINES (AUP)
https://www.burst.net/policy/terms.shtml [US]
http://burstnet.eu/policy/terms.shtml [EU]

-----------------------------------------------------------------------
*** If an adequate response is not received within 24 hours,
service may be suspended and a $50.00 fee will be assessed.
-----------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


==============================================================
You are receiving this message because you are listed as the
contact for the IP 184.82.232.12 on the ARIN Whois Database
(http://www.arin.net/whois/arinwhois.html).

This message is intended for the person responsible for
computer security at your site. If this is not the correct
address, please forward this message to the appropriate party.
==============================================================
Incident number: TN-1490/2011
=============================

Dear Administrator,

We have detected a recent scan probe in our servers. This
security incident seems to be originated from an IP address
registered to your network.

Here follows the log records regarding such incidente.
Timezone in UTC.


###begin###

2011-07-13 15:55:08 tcp from 184.82.232.12:53506 to 143.106.71.0:22
2011-07-13 15:55:08 tcp from 184.82.232.12:53523 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53537 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53554 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53572 to 143.106.71.0:22
2011-07-13 15:55:09 tcp from 184.82.232.12:53591 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53608 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53627 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53651 to 143.106.71.0:22
2011-07-13 15:55:10 tcp from 184.82.232.12:53666 to 143.106.71.0:22
[...]
2011-07-13 16:17:31 tcp from 184.82.232.12:50948 to 143.106.71.0:22
2011-07-13 16:17:31 tcp from 184.82.232.12:50951 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:50970 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:50980 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51000 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51078 to 143.106.71.0:22
2011-07-13 16:17:32 tcp from 184.82.232.12:51083 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51086 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51094 to 143.106.71.0:22
2011-07-13 16:17:33 tcp from 184.82.232.12:51098 to 143.106.71.0:22

###end###


We are asking for your help in order to identify who did
chose conections and what was his/her purpose.

You should investigate this suspicious activity because
it could mean that your network has been compromised and
is being used as a launch point for attacks, or someone
of your legitimate users are doing hacking activities.

We would like to inform that we maintain a database with all
incident reporting and tracking of State University of Campinas
and we need your response as soon as possible to resolve this
entry.

Thank you for your cooperation.


Best regards,
Computer Security Incident Response Team - CSIRT
State University of Campinas - Unicamp
Information and Communication Technology Office - CCUEC
Information Technology Security Team - GSTI
GnuPG Public Key: http://www.security.unicamp.br/security.asc
Contact: +55 19 3521-2289 ou INOC-DBA: 1251830
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAk4kepMACgkQ/UMb1l3gm8Kj9wCeITnG4w/rTvsdHvW8Jlu7VOil
wYYAoPCPYD7PPUswjgOl4x2Ldzc6oHK9
=ohQU
-----END PGP SIGNATURE-----


Meteor <*@gmail.com> 2011年7月19日 下午7:18
收件人: vps alinux <*@gmail.com>
可是我没有乱用啊.

[levee]

你的IP184.82.232.12从事了网络攻击被人家追踪到了，所以供应商burst.net给你发来了警告信。如果你自己没乱用的话，那就应该是你的VPS被入侵后，被人当作了网络攻击的跳板。检查一下服务器的日志，看看有些什么异常的情况。重装系统也不失为一种简单、快速的解决办法。

[meteormatt]

你的IP184.82.232.12从事了网络攻击被人家追踪到了，所以供应商burst.net给你发来了警告信。如果你自己没乱用的话，那就应该是你的VPS被入侵后，被人当作了网络攻击的跳板。检查一下服务器的日志，看看有些什么异常的情况。重装系统也不失为一种简单、快速的解决办法。

唉,
以前的数据都没了.

[bestam]

84最近封锁很厉害 恶心！！！！！！！！！111