Linode 各机房速度测试
› http://www.linode.com/speedtest/
这是什么情况啊?管理员要我备份然后删掉自己的镜像,fremont节点的被攻击了么?
goofansu · 2012-09-04 21:49:43 +08:00 · 1203 次点击这是一个创建于 4290 天前的主题,其中的信息可能已经有所发展或是发生改变。
IP addresses from your networks tried
to relay mail through my server without permission. After examining the log,
they are suspected to be compromised botnet computers.
The connection log is attached below for your reference. Each line lists the
date, time, time zone, attacker IP, attacker's network name (as found in
WHOIS), local IP, and local TCP port number of a relay attempt. To prevent
this mail from getting too big in size, only 15 relay attempts from each
attacker IP are included.
If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to TCP port 25 of local IP at the time logged, and
I suspect that they also connected to TCP port 25 of many other IPs.
Please notify the owners of those botnet computers so that they can take
appropriate action to clean their computers, before even more severe incidents,
like data leakage and DDoS, arise. This also helps prevent the botnets from
taking up your network bandwidth.
Full internet email headers of the first relay attempts from those IPs,
logged on local IP which they tried to abuse, is also attached below for
your reference.
Chih-Cherng Chin
*** The victims might also need to change passwords on a clean computer
*** for their online accounts.
---- connection log (time zone is UTC; sent to [email protected]) ----
date => time => TZ => attacker IP => network name => local IP => local TCP port#
-------------------------------------------------------------------------------
2012-09-03 23:07:15 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:22 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:29 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:41 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:49 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:50 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:57 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:42 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:48 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:52 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:59 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
to relay mail through my server without permission. After examining the log,
they are suspected to be compromised botnet computers.
The connection log is attached below for your reference. Each line lists the
date, time, time zone, attacker IP, attacker's network name (as found in
WHOIS), local IP, and local TCP port number of a relay attempt. To prevent
this mail from getting too big in size, only 15 relay attempts from each
attacker IP are included.
If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to TCP port 25 of local IP at the time logged, and
I suspect that they also connected to TCP port 25 of many other IPs.
Please notify the owners of those botnet computers so that they can take
appropriate action to clean their computers, before even more severe incidents,
like data leakage and DDoS, arise. This also helps prevent the botnets from
taking up your network bandwidth.
Full internet email headers of the first relay attempts from those IPs,
logged on local IP which they tried to abuse, is also attached below for
your reference.
Chih-Cherng Chin
*** The victims might also need to change passwords on a clean computer
*** for their online accounts.
---- connection log (time zone is UTC; sent to [email protected]) ----
date => time => TZ => attacker IP => network name => local IP => local TCP port#
-------------------------------------------------------------------------------
2012-09-03 23:07:15 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:22 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:07:29 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:41 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:49 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:17:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:50 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:36:57 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:42 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:48 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:43:56 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:43 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:52 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
2012-09-03 23:45:59 UTC 50.116.5.219 LINODE-US 149.154.153.133 25
 |
1
Livid MOD  1
Because:
1. Your machine is used for attacking. 2. Your root password or something is compromised, so it's better to start over. |
Select Language