这是什么情况啊?管理员要我备份然后删掉自己的镜像,fremont节点的被攻击了么?

2012-09-04 21:49:43 +08:00
 goofansu
IP addresses from your networks tried
to relay mail through my server without permission. After examining the log,
they are suspected to be compromised botnet computers.

The connection log is attached below for your reference. Each line lists the
date, time, time zone, attacker IP, attacker's network name (as found in
WHOIS), local IP, and local TCP port number of a relay attempt. To prevent
this mail from getting too big in size, only 15 relay attempts from each
attacker IP are included.

If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to TCP port 25 of local IP at the time logged, and
I suspect that they also connected to TCP port 25 of many other IPs.

Please notify the owners of those botnet computers so that they can take
appropriate action to clean their computers, before even more severe incidents,
like data leakage and DDoS, arise. This also helps prevent the botnets from
taking up your network bandwidth.

Full internet email headers of the first relay attempts from those IPs,
logged on local IP which they tried to abuse, is also attached below for
your reference.

Chih-Cherng Chin

*** The victims might also need to change passwords on a clean computer
*** for their online accounts.

---- connection log (time zone is UTC; sent to abuse@linode.com) ----
date => time => TZ => attacker IP => network name => local IP => local TCP port#
-------------------------------------------------------------------------------
2012-09-03 23:07:15 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:22 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:29 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:41 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:49 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:50 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:57 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:42 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:48 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:52 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:59 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
1214 次点击
所在节点    Linode
2 条回复
Livid
2012-09-04 22:05:41 +08:00
Because:

1. Your machine is used for attacking.

2. Your root password or something is compromised, so it's better to start over.
goofansu
2012-09-05 05:14:47 +08:00
@Livid 谢谢。看来得根据linode得安全文档进行下设置了。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/46900

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX