bwh1 上 Sony 黑客活动?

2017-05-29 10:54:57 +08:00
 tongtongqiang
This service is currently suspended. There is 1 outstanding issue:
Reason: Hacked/rooted server
More details: We have detected hacking activity on this server
Additional information:


To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity. The time stamps are approximate from our logs. The actual timing of the events depend on the signature matched. It is very likely to have occurred both before, during and following the times listed.

Approximate Time Range (UTC), IP Address, Reason
2017-05-27 03:27 ~ 2017-05-27 03:57 (UTC), 138.123.178.101, Account Takeover Attempts

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP 443.

Please take the necessary measures to correct the malicious activity from the above-listed IP addresses as soon as possible to avoid any further disruptions. If we were to remove any of these IP addresses from the blacklist and subsequent abusive activity is detected, the IP address will be promptly blacklisted again.


We thank you for your prompt attention to this matter. If you require assistance or additional information please contact snei-noc-abuse@am.sony.com and include the IP address in question.

Thank you

P.S. If you would prefer an individual email for each IP address on this list, please let us know.


How to resolve: The server has been compromised. Make sure you install clean OS immediately after resuming service, otherwise the issue will repeat.
You can unsuspend a service 3 times in one calendar year.
Remaining unsuspensions for this server: 3

I understand the issue and ready to resolve it right away
By clicking the button above you agree to take all measures to prevent future TOS violations.
You also acknowledge that after 3 suspensions this server will be disabled until January 1, 2018.
2143 次点击
所在节点    问与答
1 条回复
ARCWelder
2017-05-29 12:48:27 +08:00
ssh 被爆破了或者 SS 被扫出来用作代理池了,就是你的机器被用于 DDoS 索尼的服务。如果没有什么重要的东西建议重装

还有,谷歌翻译是个好东西,如果你看不懂英语的话。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/364546

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX