这是一个创建于 3782 天前的主题,其中的信息可能已经有所发展或是发生改变。
发现服务器远程不了,然后登上管理后台提示
Reason: Network abuse: Mass Mailing
More details: We have detected a large number of outgoing SMTP connections originating from this server. This usually means that the server is sending out spam.
Reason: Network abuse: Mass Mailing
More details: We have detected a large number of outgoing SMTP connections originating from this server. This usually means that the server is sending out spam.
How to resolve: This usually happens when your server is rooted/hacked. Make sure you install clean OS immediately after resuming service, otherwise the issue will repeat.
服务器被黑了然后滥用发送邮件,跟本无从下手,想问问大家知道这种情况应该如何解决吗?
PS:能不重装就不重装吧。。在此献上自己的膝盖。。。
Reason: Network abuse: Mass Mailing
More details: We have detected a large number of outgoing SMTP connections originating from this server. This usually means that the server is sending out spam.
Reason: Network abuse: Mass Mailing
More details: We have detected a large number of outgoing SMTP connections originating from this server. This usually means that the server is sending out spam.
How to resolve: This usually happens when your server is rooted/hacked. Make sure you install clean OS immediately after resuming service, otherwise the issue will repeat.
服务器被黑了然后滥用发送邮件,跟本无从下手,想问问大家知道这种情况应该如何解决吗?
PS:能不重装就不重装吧。。在此献上自己的膝盖。。。
 | 1 qqerqqer 2015-08-14 09:39:01 +08:00 @HanSonJ 我觉得还是重新的好。因为你不知道黑你服务器的人在你的服务器干了什么,清理起来是费时费力,最后还不能保证服务器完全的安全(PS:服务器远程不了很有可能是因为.ssh文件夹已经被删除了) |
 | 2 GG668v26Fd55CP5W 2015-08-14 09:42:15 +08:00 via iPhone 备份好数据,重装 |
 | 4 crazycen 2015-08-14 09:56:09 +08:00 linux一但被黑,危险程度比windows被黑的要高,导出数据重装吧。 |
 | 5 Ryans 2015-08-14 09:58:50 +08:00 Linux 一旦被黑,还是重装吧,你根本不知道哪些关键的命令被替换了 chkrootkit 这些也不敢保证 |
 | 7 HanSonJ OP |
 | 8 Busy 2015-08-14 10:17:22 +08:00 如果时间预算足够,还是先找出哪里出问题导致被root吧 否则就算你导出数据后重装,也只是又一个轮回而已 |
 | 9 bingwenshi 2015-08-14 10:20:35 +08:00 重装之后,认真配置好防火墙,除了web80端口外,其他都禁掉,22端口也只白名单允许你自己的IP访问,或者使用VPN才能访问也行 |
 | 10 adrianzhang 2015-08-14 10:40:43 +08:00  1 白天的话比较难,因为要迅速恢复运营,晚上的话可以先观察,做个网络连接切片脚本(准备观察对方从哪儿来的等等),建立nc通道(给自己留后门),然后干掉他需要的服务,例如SMTP,等待对方上钩。找到对方源以后,修改本机的root密码,建立iptables必要服务双向(进出双向加固),关闭其他所有。看是否其仍然能通过服务打进来。这样做的目的,是要找出服务方面的漏洞,用于重装后加固。拿到必要信息后,重装,iptables加固,不仅双向,而且屏蔽源IP,并且给自己留好后门。 |
 | 11 xuhaotian 2015-08-14 11:32:29 +08:00 via iPhone 我也遇到过 解决方法: 换22到其他端口 封掉所有其他端口 登陆三次错误自动封IP,记得叫fail2ban 从此再没发生过 |
Select Language