收到 Digital Ocean 一封邮件(Abuse Complaint), 这个应该咋处理啊?

今天收到一封邮件，我在DO上配置了一个SS代理，翻墙用的。用了一年多了，一直平安无事，这次是怎么了? 我贴一下邮件内容(很长...)， 我应该怎么处理一下，怎么回复啊，是因为SS的密码泄漏了而被人用来攻击了么?

Support Request Posted on 02/19/15 at 12:42 UTC
Please review the following abuse complaint and provide us with a resolution:

******************************
You appear to be running an open recursive resolver at IP address 我的IP地址 that participated in an attack against a customer of ours, generating large UDP responses to spoofed queries, with those responses becoming fragmented because of their size.

Please consider reconfiguring your resolver in one or more of these ways:

- To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in "allow-query"; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
- To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in "allow-query" for the server overall but setting "allow-query" to "any" for each zone)
- To rate-limit responses to individual source IP addresses (such as by using DNS Response Rate Limiting or iptables rules)

More information on this type of attack and what each party can do to mitigate it can be found here: http://www.us-cert.gov/ncas/alerts/TA13-088A

If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.

Example DNS responses from your resolver during this attack are given below.
Date/timestamps (far left) are UTC.

2015-02-19 04:33:56.305717 IP (tos 0x0, ttl 56, id 33341, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.2894: 65264 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823d 2000 3811 a96b 80c7 b3e6 E....=..8..k....
0x0010: d092 2c28 0035 0b4e 0fff 3992 fef0 8180 ..,(.5.N..9.....
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7b00 2f03 6e73 3108 7370 6163 ....{./.ns1.spac
0x0050: 6577 ew
2015-02-19 04:33:56.479486 IP (tos 0x0, ttl 56, id 33342, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.52563: 49998 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823e 2000 3811 a96a 80c7 b3e6 E....>..8..j....
0x0010: d092 2c28 0035 cd53 0fff b32e c34e 8180 ..,(.5.S.....N..
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7b00 2f03 6e73 3108 7370 6163 ....{./.ns1.spac
0x0050: 6577 ew
2015-02-19 04:33:57.652575 IP (tos 0x0, ttl 56, id 33343, offset 0, flags [+], proto UDP (17), length 1500) 我的IP地址.53 > 208.146.44.x.13219: 27099 28/0/1 pidarastik.ru. SOA[|domain]
0x0000: 4500 05dc 823f 2000 3811 a969 80c7 b3e6 E....?..8..i....
0x0010: d092 2c28 0035 33a3 0fff b262 69db 8180 ..,(.53....bi...
0x0020: 0001 001c 0000 0001 0a70 6964 6172 6173 .........pidaras
0x0030: 7469 6b02 7275 0000 ff00 01c0 0c00 0600 tik.ru..........
0x0040: 0100 0001 7a00 2f03 6e73 3108 7370 6163 ....z./.ns1.spac
0x0050: 6577 ew

(The final octet of our customer's IP address is masked in the above output because some automatic parsers become confused when multiple IP addresses are included. The value of that octet is "40".)

-John
President
Nuclearfallout, Enterprises, Inc. (NFOservers.com)

(We're sending out so many of these notices, and seeing so many auto-responses, that we can't go through this email inbox effectively. If you have follow-up questions, please contact us at noc@nfoe.net.)
******************************

Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.