V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX  ›  zijian  ›  全部回复第 8 页 / 共 31 页
回复总数  610
1 ... 4  5  6  7  8  9  10  11  12  13 ... 31  
2014-05-03 19:33:42 +08:00
回复了 chenluois 创建的主题 天津 滨海新区有比较靠谱的互联网公司吗?
我就在塘沽,Twitter上也回复过你,这边我就知道有58和搜狐视频。
2014-04-14 11:58:28 +08:00
回复了 hewigovens 创建的主题 分享创造 GhostTile,隐藏 Dock 上运行 App 的小工具
@hewigovens keyboard maestro 你试试
2014-04-14 09:08:26 +08:00
回复了 ainopara 创建的主题 macOS 有没有办法自定义 notification 的点击动作?
kayboard maestro?
2014-04-13 16:42:06 +08:00
回复了 JoyNeop 创建的主题 macOS 中国人开发的免费 Mac apps 没一个好鸟……
楼主你还不快上,弥补这个领域的空白,呵呵。
2014-04-04 21:58:10 +08:00
回复了 sd4399340 创建的主题 问与答 有专注于 Mac 的论坛或者博客一类的吗
2014-04-04 16:26:22 +08:00
回复了 acthtml 创建的主题 Apple Apple 6 月 2 日发布会,你们期望发生点什么。
macbook pro 大降价
2014-04-04 15:33:25 +08:00
回复了 razios 创建的主题 macOS Byword 的 publish 内购这功能好用不?
对,分开买,非常不厚道,我买了mac版的,效果还行。
2014-04-04 15:21:20 +08:00
回复了 axuahui 创建的主题 macOS MacPaw 家的 Hider 2 上架了!现在半价优惠 9.99 刀
@axuahui 玩儿法有评测,两周后我们会和官方搞一个Hider 2的Giveaway
2014-03-28 14:03:59 +08:00
回复了 won 创建的主题 北京 房价开始下跌,大家怎么看
有可能是ZF要刺激居民购房
2014-03-27 09:00:23 +08:00
回复了 MrMario 创建的主题 macOS Stacksocial 的一个免费 Bundle,内含 7 款 APP(仅限于 Mac OSX)
X-Mirage和Bits 必入~
2014-03-27 08:59:32 +08:00
回复了 Sunya 创建的主题 分享发现 1Password 这货又来五折促销了..
正常,这么大的软件项目必须要作促销活动才能维持销量
2014-03-22 12:53:12 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
@764664 嗯 確實因為自己的疏忽,沒有理睬他們的通知,這檯服務器是我用來做測試用的
2014-03-22 12:49:41 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
@a2z 嗯 謝謝 我已經和他們解釋了,就說自己不會任何hack技術
2014-03-22 12:46:01 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
@a2z 那還能找他們回復我的賬戶嗎?
2014-03-22 12:14:40 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
We have noticed suspicious activity from 162.243.149.107 aimed at one of our servers.
Please investigate this host and disable whichever exploit or malware is causing this activity.
For more information or questions please refer to our website located at http://www.abuse.bz/

Here are our raw logs:
==
[2014-03-21 01:12:17 CET] [Timestamp: 1395360738] [10502896.956902] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.225.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56231 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:13:19 CET] [Timestamp: 1395360800] [10502958.855909] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.206.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50640 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:28:26 CET] [Timestamp: 1395361707] [10503866.019311] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.230.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52781 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:29:07 CET] [Timestamp: 1395361748] [10503906.972359] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48438 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:54:18 CET] [Timestamp: 1395366859] [10509018.004304] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.160.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51430 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:56:38 CET] [Timestamp: 1395366998] [10509157.619023] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.167.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41525 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:04:23 CET] [Timestamp: 1395367463] [10509622.740358] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=78.41.201.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=44663 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:49:06 CET] [Timestamp: 1395370147] [10512305.808307] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.229.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60979 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:26:08 CET] [Timestamp: 1395372369] [10514528.410242] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.133.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54742 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:46:17 CET] [Timestamp: 1395373578] [10515737.432167] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.129.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54989 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:55:17 CET] [Timestamp: 1395374117] [10516276.329147] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.165.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55148 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:09 CET] [Timestamp: 1395374169] [10516328.251299] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.226.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39662 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:15 CET] [Timestamp: 1395374176] [10516334.771017] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.197.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46791 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 05:01:22 CET] [Timestamp: 1395374482] [10516641.835433] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.224.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45822 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:02 CET] [Timestamp: 1395379083] [10521242.515018] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.166.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36702 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:53 CET] [Timestamp: 1395379133] [10521292.751364] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=195.20.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37720 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 07:31:23 CET] [Timestamp: 1395383484] [10525643.720661] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.204.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51268 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
2014-03-22 12:14:12 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
This email is from the IT Security Team at Utah State University.

This email describes suspicious and/or malicious network activity
that appears to be sourced from your network. We have included
IP Addresses as well as description, documentation, log snippets,
and other useful information about this event.

Please review this information and/or forward to the responsible person.

Thank you.

USU Network Security Team
Utah State University Information Technology
4410 Old Main Hill
Logan, UT 84322-4410
(435)797-1804

IP/CIDR Address: 162.243.149.107

Description:
162.243.149.107 scanned 129.123.0.0/16 for TCP/8080.

Log Snippet (Timestamps are MDT or GMT -0600):
Date flow start Duration Src IP Addr Src Pt Dst IP Addr Dst Pt Flags Packets Bytes Proto
2014-03-21 00:01:35.518 0.000 162.243.149.107 54186 129.123.199.242 8080 ....S. 1 40 6
2014-03-21 00:01:43.461 0.000 162.243.149.107 44448 129.123.192.79 8080 ....S. 1 40 6
2014-03-21 00:01:49.975 0.000 162.243.149.107 35538 129.123.9.61 8080 ....S. 1 40 6
2014-03-21 00:01:51.348 0.000 162.243.149.107 52877 129.123.196.24 8080 ....S. 1 40 6
2014-03-21 00:01:55.954 0.000 162.243.149.107 35187 129.123.190.237 8080 ....S. 1 40 6
2014-03-21 00:02:33.003 0.000 162.243.149.107 49553 204.113.91.120 8080 ....S. 1 40 6
2014-03-21 00:02:33.163 0.000 162.243.149.107 48751 129.123.123.2 8080 ....S. 1 40 6
2014-03-21 00:02:40.513 0.000 162.243.149.107 41920 129.123.197.7 8080 ....S. 1 40 6
2014-03-21 00:02:41.530 0.000 162.243.149.107 56188 129.123.192.252 8080 ....S. 1 40 6
2014-03-21 00:02:42.892 0.000 162.243.149.107 37651 129.123.193.155 8080 ....S. 1 40 6
2014-03-21 00:03:04.538 0.000 162.243.149.107 47344 129.123.194.226 8080 ....S. 1 40 6
2014-03-21 00:03:47.055 0.000 162.243.149.107 40401 204.113.91.74 8080 ....S. 1 40 6
2014-03-21 00:03:50.385 0.060 162.243.149.107 53694 129.123.44.61 8080 ...RS. 2 80 6
2014-03-21 00:03:50.411 0.000 129.123.44.61 8080 162.243.149.107 53694 .A..S. 1 44 6
2014-03-21 00:08:47.203 0.000 162.243.149.107 50176 129.123.198.93 8080 ....S. 1 40 6
2014-03-21 00:09:24.956 0.000 162.243.149.107 50326 129.123.124.234 8080 ....S. 1 40 6
2014-03-21 00:09:27.489 0.000 162.243.149.107 58694 129.123.194.248 8080 ....S. 1 40 6
2014-03-21 00:09:28.011 0.000 162.243.149.107 57072 129.123.194.210 8080 ....S. 1 40 6
2014-03-21 00:09:29.571 0.000 162.243.149.107 45935 129.123.197.155 8080 ....S. 1 40 6
2014-03-21 00:09:33.720 0.000 162.243.149.107 51744 204.113.91.102 8080 ....S. 1 40 6
2014-03-21 00:09:49.379 0.000 162.243.149.107 56471 129.123.193.71 8080 ....S. 1 40 6
2014-03-21 00:10:25.112 0.000 162.243.149.107 40316 129.123.196.105 8080 ....S. 1 40 6
2014-03-21 00:10:48.854 0.000 162.243.149.107 41611 129.123.197.144 8080 ....S. 1 40 6
2014-03-21 00:10:55.181 0.000 162.243.149.107 52034 129.123.6.127 8080 ....S. 1 40 6
2014-03-21 00:11:03.626 0.000 162.243.149.107 60301 129.123.6.118 8080 ....S. 1 40 6
2014-03-21 00:11:29.760 0.000 162.243.149.107 35350 129.123.144.26 8080 ....S. 1 40 6
2014-03-21 00:11:48.487 0.000 162.243.149.107 39401 129.123.192.112 8080 ....S. 1 40 6
2014-03-21 00:11:49.782 0.000 162.243.149.107 57839 129.123.198.2 8080 ....S. 1 40 6
2014-03-21 00:11:53.511 0.000 162.243.149.107 38133 129.123.198.136 8080 ....S. 1 40 6
2014-03-21 00:11:53.867 0.000 162.243.149.107 37319 129.123.192.193 8080 ....S. 1 40 6
2014-03-21 00:11:56.838 0.000 162.243.149.107 46309 129.123.199.175 8080 ....S. 1 40 6
2014-03-21 00:34:25.287 0.000 162.243.149.107 56388 129.123.194.146 8080 ....S. 1 40 6
2014-03-21 00:34:26.495 0.000 162.243.149.107 36881 129.123.123.148 8080 ....S. 1 40 6
2014-03-21 00:34:29.941 0.000 162.243.149.107 43752 129.123.198.104 8080 ....S. 1 40 6
2014-03-21 00:34:54.575 0.000 162.243.149.107 52018 129.123.47.237 8080 ....S. 1 40 6
2014-03-21 00:34:58.348 0.000 162.243.149.107 54173 129.123.193.205 8080 ....S. 1 40 6
2014-03-21 00:35:16.607 0.000 162.243.149.107 34493 204.113.91.75 8080 ....S. 1 40 6
2014-03-21 00:35:20.663 0.000 162.243.149.107 43534 204.113.91.27 8080 ....S. 1 40 6
2014-03-21 00:35:21.487 0.000 162.243.149.107 55875 129.123.6.162 8080 ....S. 1 40 6
2014-03-21 00:35:38.251 0.000 162.243.149.107 56618 129.123.197.93 8080 ....S. 1 40 6
2014-03-21 00:35:55.060 0.000 162.243.149.107 53639 129.123.199.125 8080 ....S. 1 40 6
2014-03-21 00:36:02.278 0.000 162.243.149.107 35218 129.123.199.230 8080 ....S. 1 40 6
2014-03-21 00:36:14.170 0.000 162.243.149.107 41974 129.123.192.249 8080 ....S. 1 40 6
2014-03-21 00:36:45.131 0.000 162.243.149.107 33579 129.123.195.241 8080 ....S. 1 40 6
2014-03-21 00:37:42.490 0.000 162.243.149.107 59077 129.123.41.212 8080 ....S. 1 40 6
2014-03-21 00:37:47.779 0.000 162.243.149.107 34653 129.123.196.199 8080 ....S. 1 40 6
2014-03-21 00:37:55.391 0.000 162.243.149.107 49662 129.123.196.7 8080 ....S. 1 40 6
2014-03-21 00:38:02.218 0.000 162.243.149.107 57254 204.113.91.70 8080 ....S. 1 40 6
2014-03-21 00:38:07.456 0.000 162.243.149.107 45466 129.123.68.69 8080 ....S. 1 40 6
2014-03-21 00:38:09.532 0.000 162.243.149.107 57929 129.123.6.176 8080 ....S. 1 40 6
2014-03-21 00:38:21.860 0.000 162.243.149.107 36596 129.123.193.10 8080 ....S. 1 40 6

Whois data for 162.243.149.107 at time of email:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=162.243.149.107?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 162.243.0.0 - 162.243.255.255
CIDR: 162.243.0.0/16
OriginAS: AS14061, AS62567, AS46652
NetName: DIGITALOCEAN-7
NetHandle: NET-162-243-0-0-1
Parent: NET-162-0-0-0-0
NetType: Direct Allocation
Comment: http://www.digitalocean.com
Comment: Simple Cloud Hosting
RegDate: 2013-09-06
Updated: 2013-09-06
Ref: http://whois.arin.net/rest/net/NET-162-243-0-0-1

OrgName: Digital Ocean, Inc.
OrgId: DO-13
Address: 270 Lafayette St
Address: Suite 1105
City: New York
StateProv: NY
PostalCode: 10012
Country: US
RegDate: 2012-05-14
Updated: 2013-12-12
Ref: http://whois.arin.net/rest/org/DO-13

OrgAbuseHandle: URETS-ARIN
OrgAbuseName: Uretsky, Ben
OrgAbusePhone: +1-646-397-8051
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/URETS-ARIN

OrgTechHandle: URETS-ARIN
OrgTechName: Uretsky, Ben
OrgTechPhone: +1-646-397-8051
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/URETS-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
2014-03-22 12:13:22 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
162.243.149.107 was observed probing caltech.edu for security holes. It
has been blocked at our border routers. It may be compromised.

For more info contact [email protected]
Please include the entire subject line of the original message

Blake

(time zone of log is PDT, which is UTC-07:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
0320.23:01:48.420 162.243.149.107 46152 131.215.135.191 8080 6 2
0320.23:02:10.853 162.243.149.107 57528 131.215.154.0 8080 6 1
0320.23:01:25.882 162.243.149.107 53225 134.4.235.178 8080 6 1
0320.23:01:26.134 162.243.149.107 59304 131.215.153.101 8080 6 1
0320.23:01:26.328 162.243.149.107 39040 134.4.121.68 8080 6 1
0320.23:01:24.727 162.243.149.107 53630 131.215.82.97 8080 6 1
0320.23:01:24.919 162.243.149.107 42822 134.4.162.162 8080 6 1
0320.23:01:25.624 162.243.149.107 40470 134.4.220.73 8080 6 1
0320.23:01:26.776 162.243.149.107 54059 131.215.80.189 8080 6 1
0320.23:01:24.864 162.243.149.107 54581 131.215.146.113 8080 6 1
0320.23:01:26.208 162.243.149.107 53385 134.4.151.55 8080 6 1
0320.23:01:26.720 162.243.149.107 52704 131.215.2.61 8080 6 1
0320.23:01:27.745 162.243.149.107 36567 134.4.146.2 8080 6 1
0320.23:01:25.183 162.243.149.107 36047 131.215.5.217 8080 6 1
0320.23:01:25.505 162.243.149.107 35974 134.4.242.118 8080 6 1
0320.23:01:25.824 162.243.149.107 45020 134.4.22.99 8080 6 1
0320.23:01:26.721 162.243.149.107 58952 131.215.36.159 8080 6 1
0320.23:01:26.848 162.243.149.107 36200 134.4.82.140 8080 6 1
0320.23:02:13.449 162.243.149.107 51692 192.12.19.147 8080 6 2
0320.23:01:30.871 162.243.149.107 56782 134.4.94.105 8080 6 1
2014-03-22 12:12:57 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
We have detected abuse from the IP address 162.243.149.107. See below for how we obtained your email address in case it is wrong. We would appreciate if you would investigate and take action as appropriate.

** THIS IP ADDRESS IS NULL ROUTED on our entire network, including peering and transit, for a period of time not exceeding 24 hours from the date and time of this email. YOU ARE NOT REQUIRED to reply to this email unless you need more information.

You can see more information on this incident by reviewing the data at http://darknet.superb.net/ip/162.243.149.107 and log lines are given below. Please ask if you require any further information.

You may contact us at [email protected]
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by an automated process.)

The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information they provide derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email ([email protected]). Information about the Abuse Contact Database can be found here:
http://abusix.com/global-reporting/abuse-contact-db

abusix.com is neither responsible nor liable for the content or accuracy of this message.

Note: Local timezone is -0400 (EDT)
/var/log/messages:Mar 21 03:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 11 times in a 30 minute period
/var/log/messages:Mar 21 03:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 04:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 19 times in a 30 minute period
/var/log/messages:Mar 21 04:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 14 times in a 30 minute period
/var/log/messages:Mar 21 05:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 07:47:25 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
2014-03-22 12:12:34 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
We have blocked someone from your IP space for abuse. Reason: Port_Scanning. Log lines are below. Time zone is UTC.

2014-03-21T06:02:00+00:00 slurp 1395381719.608702 - - - - - - - - tcp Scan::Address_Scan 162.243.149.107 scanned at least 52 unique hosts on port 8080/tcp in 0m30s remote 162.243.149.107 - 8080 - slurp4-8 Notice::ACTION_LOG 3600.000000 F - - - - -

I am writing to inform you so that you can take whatever action is necessary to prevent this user from doing this again. We would be happy to discuss further if you would like. Please feel free to respond to this email to follow up.
2014-03-22 12:12:11 +08:00
回复了 zijian 创建的主题 VPS DO 账号被封,貌似主机被黑了
Please review the following abuse complaint and provide us with a resolution:

******************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Date : 12-03-2014 10:54:06 hs
Send to: [email protected]
============================================================

You are receiving this message because you are listed as the contact for the IP 162.243.149.107 on the RIPE ().
This message is intended for the person responsible for computer security at your site. If this is not the correct address, please forward this message to the appropriate party.

Incident Number: TN-632445/2014
===========================================

Dear Administrator,

We have detected a recent scan probe in our servers. This security incident seems to be originated from an IP address registered to your network.
Here follows the log records regarding such incidente.

Timezone in UTC.

###begin###

2014-03-11 14:36:24 pass TCP from 162.243.149.107:36327 to 143.106.XXX.204:9090
2014-03-11 14:37:49 pass TCP from 162.243.149.107:33004 to 143.106.XXX.219:9090
2014-03-11 14:38:36 pass TCP from 162.243.149.107:42971 to 143.106.XXX.228:9090
2014-03-11 14:38:53 pass TCP from 162.243.149.107:42789 to 143.106.XXX.247:9090
2014-03-11 14:39:02 pass TCP from 162.243.149.107:50509 to 143.106.XXX.203:9090
2014-03-11 14:39:34 pass TCP from 162.243.149.107:35213 to 143.106.XXX.240:9090
2014-03-11 14:40:53 pass TCP from 162.243.149.107:52631 to 143.106.XXX.220:9090
2014-03-11 14:41:14 pass TCP from 162.243.149.107:36356 to 143.106.XXX.204:9090
2014-03-11 14:42:22 pass TCP from 162.243.149.107:41720 to 143.106.XXX.251:9090
2014-03-11 14:43:15 pass TCP from 162.243.149.107:60097 to 143.106.XXX.232:9090
[...]
2014-03-11 16:33:56 pass TCP from 162.243.149.107:48371 to 143.106.XXX.253:443
2014-03-11 16:34:01 pass TCP from 162.243.149.107:44165 to 143.106.XXX.206:443
2014-03-11 16:34:02 pass TCP from 162.243.149.107:47445 to 143.106.XXX.240:443
2014-03-11 16:34:02 pass TCP from 162.243.149.107:47445 to 143.106.XXX.240:443
2014-03-11 16:34:03 pass TCP from 162.243.149.107:50362 to 143.106.XXX.227:443
2014-03-11 16:34:10 pass TCP from 162.243.149.107:34954 to 143.106.XXX.254:443
2014-03-11 16:34:18 pass TCP from 162.243.149.107:43724 to 143.106.XXX.238:443
2014-03-11 16:34:18 pass TCP from 162.243.149.107:43724 to 143.106.XXX.238:443
2014-03-11 16:34:20 pass TCP from 162.243.149.107:55631 to 143.106.XXX.202:443
2014-03-11 16:34:31 pass TCP from 162.243.149.107:47474 to 143.106.XXX.201:443

###end###

We are asking for your help in order to identify who did chose conections and what was his/her purpose.
You should investigate this suspicious activity because it could mean that your network has been compromised and is being used as a launch point for attacks, or someone of your legitimate users are doing hacking activities.
We would like to inform that we maintain a database with all incident reporting and tracking of State University of Campinas and we need your response as soon as possible to resolve this entry.
1 ... 4  5  6  7  8  9  10  11  12  13 ... 31  
关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5229 人在线   最高记录 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 32ms · UTC 08:39 · PVG 16:39 · LAX 00:39 · JFK 03:39
Developed with CodeLauncher
♥ Do have faith in what you're doing.