收到 linode 发给我消息了
Hello,
We have received a report of malicious activity originating from your Linode. We ask that you investigate this matter as soon as you are able. Once you have completed your investigation, kindly reply to this ticket with the answers to the following questions:
1) What was the source of the issue?
2) What steps did you take to resolve this issue?
3) What steps did you take to prevent this from occurring again?
Being as this activity is in violation of our Terms of Service, we ask that you reply within the next 24 hours. If we do not receive a reply within that time, we may temporarily disrupt service to your Linode in order to prevent further malicious activity.
-------------------------------------------------------------------
I think my Linode is compromised. How can I tell?
-------------------------------------------------------------------
If you believe that your Linode has been compromised, you can start troubleshooting by auditing the following log files and writable directories:
- /var/log/auth.log : Check this log file for signs of unauthorized access and brute-force attempts. Use the ‘ last ’ command to cross reference recent account logins with this file.
- /tmp : This directory is often used by malicious parties to store files
- Web server logs: There may be a vulnerable script or web application. The location of these log files depends on your web server (apache, nginx, etc.) configuration.
- ps aux : Use this command to audit running processes for foreign processes
-------------------------------------------------------------------
My Linode is compromised. What do I do now?
-------------------------------------------------------------------
If you discover that your Linode is compromised, we strongly suggest that you redeploy. It is often very difficult to determine the full scope of a vulnerable system. We have a guide that can assist you with redeploying your server that you can find linked below:
https://www.linode.com/docs/security/recovering-from-a-system-compromise/During this process, please continue to keep us updated, and let us know if you have any questions.
Regards,
Matt W.
Linode Support
Hello,
I just wanted to reach out and see if you had any new information for us regarding this issue. In order to properly resolve this issue we're going to need responses to the three questions below:
1) What was the source of the issue?
2) What steps did you take to resolve this issue?
3) What steps did you take to prevent this from occurring again?
At this point network restrictions have been placed on this Linode to prevent this malicious activity from continuing to occur.
You will need to use the Linode LISH console to access the Linode and address the issue at this point. To see more information on what the LISH console is and how to use it you can reference the documentation below:
https://www.linode.com/docs/networking/using-the-linode-shell-lish/Let us know if you have any questions or there's anything that we can assist you with today.
Thanks,
Matt Watts
Linode Support Team
现在我该怎么做,他们好像说已经限制我服务器的网络了,我该怎么回复? 我服务器上并没有部署 wordpress,他们建议重新 deploy,但是服务器上有数据库,现在网络限制了,我没办法把数据弄出来