V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
jmania
V2EX  ›  问与答

前几天刚买的buyvm的vps,昨天刚装好系统,装了ssh, nginx, python,刚刚收到了2封邮件

  •  
  •   jmania · 2013-02-06 23:34:11 +08:00 · 3341 次点击
    这是一个创建于 4319 天前的主题,其中的信息可能已经有所发展或是发生改变。
    第一封
    Hello cao jia,

    We have detected an inbound ICMP DDoS attack. A nullroute has been applied to protect our network.

    Target IP: 209.141.34.81
    Protocol: ICMP
    Packets Per Second: 69985
    Null-Route Date: 2013-02-06 06:27:43

    Null routes last for 60 minutes from the time they were added. If the attack continues once the nullroute expires, a new
    nullroute will be applied and the timer reset.

    If you wish to purchase a DDoS protected IP address, you may do so by:

    1) Logging into https://my.frantech.ca
    2) View the details for this server
    3) Click upgrade and purchase the amount of IP addresses you're interested in

    Filtered IP's cost $3.00/month per IP.

    Thanks,

    BuyVM


    第二封
    *** This is an automated message, please do not respond. If you need assistance, login to http://my.frantech.ca and open a support ticket.

    cao;

    This ticket is notification that your service with us (209.141.34.81) is now suspended for the following TOS/AUP infractions:

    - Network Abuse

    As this is your first offense, no further administrative action will be taken. Upon your reply to this ticket, the service will be reactivated and you will have 24 hours to resolve this issue. Please be aware that further abuse reports after this time frame will constitute a second offense, resulting in suspension and a TOS/AUP Violation Fine.

    Logs of the abuse follow:

    /var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD Compromised: external 209.141.34.81 Port 22 55 hosts.
    /var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Found 209.141.34.81 0 times in database within the last 12 hours
    /var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 55 hosts
    /var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD Compromised: external 209.141.34.81 Port 22 38 hosts.
    /var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Found 209.141.34.81 1 times in database within the last 12 hours
    /var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 38 hosts
    /var/log/messages:Feb 6 09:36:20 darknet.superb.net Darknet: 209.141.34.81 exceeded connection attempt threshold to tcp:22 92 times in a 30 minute period
    1 条回复    1970-01-01 08:00:00 +08:00
    lookhi
        1
    lookhi  
       2013-02-07 10:49:29 +08:00
    ICMP DDoS attack ?
    谁这么无聊?还ICMP DDOS
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   6015 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 28ms · UTC 02:13 · PVG 10:13 · LAX 18:13 · JFK 21:13
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.