全球主机交流论坛

标题: 拜拜了五毛机 [打印本页]

作者: 秋上书 时间: 2020-9-6 06:50
标题: 拜拜了五毛机
刚给我发的邮件然后我就赶紧登上去看看一看被封了，好气啥也没干直接删了

По факту обнаружения вредоносной активности с вашего IP адреса, в соответствии пунктам  2.3 и 2.4 Приложения 1 к Договору публичной оферты ваш сервер будет остановлен и заблокирован.
Во избежание блокировки просим устранить указанные далее нарушения в течение суток.

Пожалуйста, ознакомьтесь с инцидентом:
Лог копировать сюда или ссылка на SBL
----
Kind regards,
Ruvds abuse team.
---- Пересылаемое сообщение от [email protected] (root) ---
Отправитель: [email protected] (root)
Получатель: [email protected]
Тема: attacks from your network to my server
Дата: 05.09.2020 19:59:05 (Europe/Moscow)

Dear support/abuse/whatever team/or to whom it may concern,

I've been running this server (tectus.net / 85.183.147.115) a while now and I've
allways been tolerant to some script kiddies trying to breach into it using port
22 (ssh).

But after some time it began to anoy me and now I will report each of these
incidents to your distribution lists for further action.

Below is the jwhois output from the delinquent using the IP 45.143.94.92 at
2020-09-05 18:58:06 (GMT+1) from where I got your contact details:

--------------------------------------------------------------------------------
[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%    To receive output for a database update, use the "-B" flag.

% Information related to '45.143.94.0 - 45.143.94.255'

% Abuse contact for '45.143.94.0 - 45.143.94.255' is '[email protected]'

inetnum:       45.143.94.0 - 45.143.94.255
netname:       RU-RUVDS-20191211
country:       RU
org:          ORG-MFL16-RIPE
admin-c:       RVS268-RIPE
tech-c:       RVS268-RIPE
status:       ASSIGNED PA
mnt-by:       IP-RIPE
mnt-routes:    MNT-RETN
mnt-domains: MNT-RETN
created:       2019-12-11T11:28:12Z
last-modified:  2019-12-11T11:28:32Z
source:       RIPE

organisation: ORG-MFL16-RIPE
org-name:    MT FINANCE LLC
org-type:    OTHER
address:       Glinischevskiy per., 3, kom. 226
address:       125009 Moscow
address:       Russia
abuse-c:       RVS268-RIPE
mnt-ref:       IP-RIPE
mnt-by:       IP-RIPE
created:       2018-10-16T15:38:35Z
last-modified:  2018-10-16T15:39:37Z
source:       RIPE # Filtered

role:          RU VDS Support
address:       Glinischevskiy per., 3, kom. 226
address:       125009 Moscow
address:       Russia
abuse-mailbox:  [email protected]
admin-c:       YB1456-RIPE
tech-c:       YB1456-RIPE
nic-hdl:       RVS268-RIPE
mnt-by:       IP-RIPE
created:       2018-10-16T15:38:36Z
last-modified:  2018-10-16T15:39:16Z
source:       RIPE # Filtered

% Information related to '45.143.94.0/24AS9002'

route:       45.143.94.0/24
descr:       RU-RUVDS
origin:       AS9002
mnt-by:       MNT-RETN
created:       2019-12-11T12:50:36Z
last-modified:  2019-12-11T12:50:36Z
source:       RIPE

% This query was served by the RIPE Database Query Service version 1.97.2
(HEREFORD)

--------------------------------------------------------------------------------

The reason why I'm sending you this mail, is the following /var/log/secure log
entry of my server:
--------------------------------------------------------------------------------
Sep 5 18:58:06 pluto sshd[22231]: Failed password for root from 45.143.94.92 port
40726 ssh2
--------------------------------------------------------------------------------

So could you please give the above mentioned user of your network a warning, block
the ip traffic to my server, or do whatever else is needed to stop me sending you
these messages.

Thanks
[email protected]

---- Конец пересылаемого сообщения ---

作者: 19100791 时间: 2020-9-6 06:51
我早扔了

作者: 秋上书 时间: 2020-9-6 06:58

19100791 发表于 2020-9-6 06:51
我早扔了

一直用着还挺好我用的也少几天才用一次

然后就给封了真是搞不懂

作者: shaoyedrl 时间: 2020-9-6 07:00
要真的是无辜的 pp争议解决把钱找回来吧

作者: 秋上书 时间: 2020-9-6 07:07

shaoyedrl 发表于 2020-9-6 07:00
要真的是无辜的 pp争议解决把钱找回来吧

以后要是有三毛再买余额先留着吧反正用掉的钱也用过机器了

作者: wifitry 时间: 2020-9-6 07:12
似乎你不是第一个

作者: 秋上书 时间: 2020-9-6 07:33

wifitry 发表于 2020-9-6 07:12
似乎你不是第一个

是啥真的是也没看明白咋会儿反正直接封了

作者: lylcyndi 时间: 2020-9-6 07:40
好像给你写原因了

作者: 秋上书 时间: 2020-9-6 07:47

lylcyndi 发表于 2020-9-6 07:40
好像给你写原因了

是的主要是没看懂最主要的是我特么啥都没干上面就一个魔法

作者: 013 时间: 2020-9-6 07:51
用的有一键脚本？vps用的默认密码？没修改ssh 22端口？

作者: lin1866 时间: 2020-9-6 07:53
爆破或者被爆破了

作者: KuYeHQ 时间: 2020-9-6 08:04
他家密码确实容易被爆破组，不知道是不是这样

作者: 八级大狂风 时间: 2020-9-6 08:46
我的三毛也是被DD了

作者: miaojunhao 时间: 2020-9-6 09:52
密码复杂一点！

作者: laogui 时间: 2020-9-6 11:04
干啥被封了？

作者: 秋上书 时间: 2020-9-6 20:20

laogui 发表于 2020-9-6 11:04
干啥被封了？

不知道干啥上面就一个魔法然后给我发个邮件我上号看机器被封了邮件就看出个有违法活动

作者: llmwxt 时间: 2020-9-6 20:26
提示: 作者被禁止或删除内容自动屏蔽

作者: 369 时间: 2020-9-6 20:26
年付的？

欢迎光临全球主机交流论坛 (https://sunk.eu.org/)