V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Linode 各机房速度测试
http://www.linode.com/speedtest/
goofansu
V2EX  ›  Linode

这是什么情况啊?管理员要我备份然后删掉自己的镜像,fremont节点的被攻击了么?

  •  
  •   goofansu · 2012-09-04 21:49:43 +08:00 · 1280 次点击
    这是一个创建于 4465 天前的主题,其中的信息可能已经有所发展或是发生改变。
    IP addresses from your networks tried
    to relay mail through my server without permission. After examining the log,
    they are suspected to be compromised botnet computers.

    The connection log is attached below for your reference. Each line lists the
    date, time, time zone, attacker IP, attacker's network name (as found in
    WHOIS), local IP, and local TCP port number of a relay attempt. To prevent
    this mail from getting too big in size, only 15 relay attempts from each
    attacker IP are included.

    If you regularly collect IP traffic information of your network, you will see
    the IPs listed connected to TCP port 25 of local IP at the time logged, and
    I suspect that they also connected to TCP port 25 of many other IPs.

    Please notify the owners of those botnet computers so that they can take
    appropriate action to clean their computers, before even more severe incidents,
    like data leakage and DDoS, arise. This also helps prevent the botnets from
    taking up your network bandwidth.

    Full internet email headers of the first relay attempts from those IPs,
    logged on local IP which they tried to abuse, is also attached below for
    your reference.

    Chih-Cherng Chin

    *** The victims might also need to change passwords on a clean computer
    *** for their online accounts.

    ---- connection log (time zone is UTC; sent to [email protected]) ----
    date => time => TZ => attacker IP => network name => local IP => local TCP port#
    -------------------------------------------------------------------------------
    2012-09-03 23:07:15 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:07:22 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:07:29 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:17:41 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:17:49 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:17:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:36:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:36:50 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:36:57 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:43:42 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:43:48 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:43:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:45:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:45:52 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2012-09-03 23:45:59 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
    2 条回复    1970-01-01 08:00:00 +08:00
    Livid
        1
    Livid  
    MOD
       2012-09-04 22:05:41 +08:00   ❤️ 1
    Because:

    1. Your machine is used for attacking.

    2. Your root password or something is compromised, so it's better to start over.
    goofansu
        2
    goofansu  
    OP
       2012-09-05 05:14:47 +08:00
    @Livid 谢谢。看来得根据linode得安全文档进行下设置了。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3243 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 13:08 · PVG 21:08 · LAX 05:08 · JFK 08:08
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.