前几天刚买的buyvm的vps,昨天刚装好系统,装了ssh, nginx, python,刚刚收到了2封邮件
jmania · 2013-02-06 23:34:11 +08:00 · 3218 次点击这是一个创建于 4111 天前的主题,其中的信息可能已经有所发展或是发生改变。
第一封
Hello cao jia,
We have detected an inbound ICMP DDoS attack. A nullroute has been applied to protect our network.
Target IP: 209.141.34.81
Protocol: ICMP
Packets Per Second: 69985
Null-Route Date: 2013-02-06 06:27:43
Null routes last for 60 minutes from the time they were added. If the attack continues once the nullroute expires, a new
nullroute will be applied and the timer reset.
If you wish to purchase a DDoS protected IP address, you may do so by:
1) Logging into https://my.frantech.ca
2) View the details for this server
3) Click upgrade and purchase the amount of IP addresses you're interested in
Filtered IP's cost $3.00/month per IP.
Thanks,
BuyVM
第二封
*** This is an automated message, please do not respond. If you need assistance, login to http://my.frantech.ca and open a support ticket.
cao;
This ticket is notification that your service with us (209.141.34.81) is now suspended for the following TOS/AUP infractions:
- Network Abuse
As this is your first offense, no further administrative action will be taken. Upon your reply to this ticket, the service will be reactivated and you will have 24 hours to resolve this issue. Please be aware that further abuse reports after this time frame will constitute a second offense, resulting in suspension and a TOS/AUP Violation Fine.
Logs of the abuse follow:
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD Compromised: external 209.141.34.81 Port 22 55 hosts.
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Found 209.141.34.81 0 times in database within the last 12 hours
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 55 hosts
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD Compromised: external 209.141.34.81 Port 22 38 hosts.
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Found 209.141.34.81 1 times in database within the last 12 hours
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 38 hosts
/var/log/messages:Feb 6 09:36:20 darknet.superb.net Darknet: 209.141.34.81 exceeded connection attempt threshold to tcp:22 92 times in a 30 minute period
Hello cao jia,
We have detected an inbound ICMP DDoS attack. A nullroute has been applied to protect our network.
Target IP: 209.141.34.81
Protocol: ICMP
Packets Per Second: 69985
Null-Route Date: 2013-02-06 06:27:43
Null routes last for 60 minutes from the time they were added. If the attack continues once the nullroute expires, a new
nullroute will be applied and the timer reset.
If you wish to purchase a DDoS protected IP address, you may do so by:
1) Logging into https://my.frantech.ca
2) View the details for this server
3) Click upgrade and purchase the amount of IP addresses you're interested in
Filtered IP's cost $3.00/month per IP.
Thanks,
BuyVM
第二封
*** This is an automated message, please do not respond. If you need assistance, login to http://my.frantech.ca and open a support ticket.
cao;
This ticket is notification that your service with us (209.141.34.81) is now suspended for the following TOS/AUP infractions:
- Network Abuse
As this is your first offense, no further administrative action will be taken. Upon your reply to this ticket, the service will be reactivated and you will have 24 hours to resolve this issue. Please be aware that further abuse reports after this time frame will constitute a second offense, resulting in suspension and a TOS/AUP Violation Fine.
Logs of the abuse follow:
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD Compromised: external 209.141.34.81 Port 22 55 hosts.
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Found 209.141.34.81 0 times in database within the last 12 hours
/var/log/messages:Feb 6 09:15:32 sonar.superb.net nfsen[25857]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 55 hosts
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD Compromised: external 209.141.34.81 Port 22 38 hosts.
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Found 209.141.34.81 1 times in database within the last 12 hours
/var/log/messages:Feb 6 09:20:33 sonar.superb.net nfsen[25917]: SCSD: Sending email to : Abuse - 209.141.34.81 connecting to port 22 on 38 hosts
/var/log/messages:Feb 6 09:36:20 darknet.superb.net Darknet: 209.141.34.81 exceeded connection attempt threshold to tcp:22 92 times in a 30 minute period
 |
1
lookhi 2013-02-07 10:49:29 +08:00
ICMP DDoS attack ?
谁这么无聊?还ICMP DDOS |
Select Language