我日 板瓦工因为垃圾邮件被封了

2016-10-12 19:14:58 +08:00
 whx20202

就装了 SS + KCPTUN

刚 unsuspend 不到 2 分钟 连上去什么都没查呢又被封了

这个怎么破?

1737 次点击
所在节点    VPS
24 条回复
sutra
2016-10-12 19:22:55 +08:00
有安全缺陷吧?然后被人利用了。
DesignerSkyline
2016-10-12 19:24:39 +08:00
自己手动编译安装还是一键脚本,如果是后者那很正常啊
whx20202
2016-10-12 19:28:32 +08:00
@DesignerSkyline 一件脚本,但是那个是 91 云的
在 git 上也有分支,不至于吧
whx20202
2016-10-12 19:30:12 +08:00
@DesignerSkyline 用的 91yun
loading
2016-10-12 19:34:05 +08:00
自己不看安装脚本就敢直接跑的都是大神!
kuretru
2016-10-12 19:54:40 +08:00
用过 91yun 的某速 一键脚本 。安装的时候就发现 比以前官方的安装脚本多装了一个软件 并且该软件具有 100 多个依赖 安装完成后就发现 ss 被用来发垃圾邮件。 随后重装系统 ,在脚本中去除那个软件包后安装一切正常也能正常使用
emberzhang
2016-10-12 20:07:40 +08:00
@kuretru 91 那个不是加密的吗,怎么看到内容的
kuretru
2016-10-12 20:10:57 +08:00
@emberzhang https://github.com/91yun/serverspeeder/blob/master/serverspeeder-all.sh
49 行 yum install -y redhat-lsb curl net-tools redhat-lsb 那个包
whx20202
2016-10-12 20:18:33 +08:00
@kuretru 有可能啊! 我就装了这个 不好用 我就没用。。。后悔
realsteve
2016-10-12 20:20:46 +08:00
@kuretru 看不出这行的软件有什么问题啊
a342191555
2016-10-12 20:36:55 +08:00
检查一下是不是你本机的客户端开了允许局域网连接,然后本地代理端口又是常见的类似 1080 一类,同时本地机器直接暴露在公网上的。这就导致你直接向公网开放了一个 SOCKS 代理…
whx20202
2016-10-12 22:06:43 +08:00
@a342191555 也有可能 不过我一般监听都是 127.0.0.1 开在外网的都设置密码了
Trim21
2016-10-12 22:11:11 +08:00
我见到之前有一个类似的事情,是本地中毒了,一检测到代理就通过那个端口发邮件
a342191555
2016-10-12 22:15:45 +08:00
@whx20202 我当时也碰到了,当时我的做法大概是这样的:
1 、在 VPS 的路由表上丢弃所有发送到 25 等端口的包(这个 VPS 不做发件服务器用)
2 、服务端跑在前台,检查是从哪个 IP 地址尝试往外发送垃圾邮件的
3 、(查到是我本地电脑外发时候)在本地电脑上用 wireshark 抓 tcp.port==1080 的包,对比找到元凶
Vicer
2016-10-12 22:19:59 +08:00
whx20202
2016-10-12 23:27:07 +08:00
@Vicer 你现在给的是靠谱的吧?
Vicer
2016-10-12 23:51:59 +08:00
@whx20202 我也不知道锐速官方靠不靠谱,毕竟不开源。但绝对比 91 靠谱
zrj766
2016-10-12 23:59:02 +08:00
一直在用 91 的没发现有啥问题。
whx20202
2016-10-13 07:59:46 +08:00
Hello,

Please note that all our services are self-managed. While we invest heavily into making sure all our equipment and networks are kept in the best possible shape, we do not manage or offer support for customer's applications. In other words, we do not assist with installing and configuring applications, troubleshooting, recovering from backups, etc. - these are the sole responsibility of the Customer. I can confirm that currently we are not experiencing any service interruptions; all our equipment and network are functioning normally.

Having said that, here is a way to investigate this issue:
1. Download a full snapshot of your suspended VPS by using KiwiVM. We recommend using a linux machine to download and open the snapshot. Snapshot can be downloaded with wget (download button is actually a link that you can copy+paste into console).
2. Unpack the snapshot into a local directory (tar -zxf <SNAPSHOT_FILENAME>)
3. Navigate to /var/log folder
4. Open shadowsocks.log with a text viewer.

In shadowsocks.log you will see all connections going through shadowsocks.

From this log you will see that your home IP address is most likely the source of abuse through Shadowsocks.

Most common causes of the problem:

1) Virus or trojan on your home PC
2) A modified (infected) shadowsocks client is being used
3) Someone on your network has access to your PC or wifi router and is able to send spam

Solutions:

1) Scan your PC for viruses
2) Download a shadowsocks distribution from a reliable source, for example, from KiwiVM's Shadowsocks page
3) Make sure you do not allow anyone else on your home network to connect/hack into your PC

Hope this helps.

Daniel Clay
Bandwagon Host / IT7 Networks

*** Tip of the day *** Diagnose network-related issues at http://ping.pe/
----------------------------------------------
Ticket ID: #119573
Subject: VPS suspended due to spam
Status: Answered
Ticket URL: https://bandwagonhost.com/viewticket.php?tid=119573&c=xSOO7qws
whx20202
2016-10-13 08:00:24 +08:00
我日 客服说是我的 SS 出了问题 还是客户端

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/312312

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX