ppscoir
October 9th, 2013, 18:30
سلام خطا چیه برای من میل زدن و الان چیکار کنم و چطور مقابله کنم
سرورم کامل غیر فعال شده و هتزنر هست
Complaint Details
Submission Time:05/10/13 16:14
Product:Dedicated Server - D7-360-11995
IP Address:88.150.229.251
Hello,
This is a notification of unauthorized use of systems or networks.
On October 04, 2013, a total of 1 IP addresses from your networks tried to relay mail through my server without permission. After examining the log, they are suspected to be compromised botnet computers.
The connection log is attached below for your reference. Each line lists the date, time, time zone, attacker IP, attacker's network name (as found in WHOIS), local IP, and local TCP port number of a relay attempt. To prevent this mail from getting too big in size, only 15 relay attempts from each attacker IP are included.
If you regularly collect IP traffic information of your network, you will see the IPs listed connected to TCP port 25 of local IP at the time logged, and I suspect that they also connected to TCP port 25 of many other IPs.
Please notify the owners of those botnet computers so that they can take appropriate action to clean their computers, before even more severe incidents, like data leakage and DDoS, arise. This also helps prevent the botnets from taking up your network bandwidth.
Full internet email headers of the first relay attempts from those IPs, logged on local IP which they tried to abuse, is also attached below for your reference.
Chih-Cherng Chin
Daily Botnet Statistics
Daily Botnet Statistics (http://botnet-tracker.blogspot.com/)
*** Cyber Security Open Data:
*** Browse Daily Botnet Statistics: suspected bots ip (http://botnet-tracker.blogspot.com/search/label/suspected%20bots%20ip)
*** follow the link within posts to download IP lists of suspected
*** infected computers. Use them to create more effective defenses,
*** discover latest trends of cyber attacks, etc.
---- connection log (time zone is UTC; sent to abuse@redstation.com) ---- date => time => TZ => attacker IP => network name => local IP => local TCP port#
-------------------------------------------------------------------------------
2013-10-04 23:22:00 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:22:11 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:22:21 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:32 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:45 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:58 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:37:12 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:34 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:43 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:56 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:39:06 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:10 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:22 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:32 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:44 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
---- internet email headers ----
Received: from [88.150.229.251] (helo=h88-150-229-251.host.redstation.co.uk)
by mta198.cellfone.kwik.to with smtp (Exim 4.80.1)
(envelope-from ehyrnkddnzb@yahoogroups.com)
id 1VSFHb-0008R0-PP; Fri, 04 Oct 2013 23:59:44 +0000
Received: from dns2.kimo.com ([61.56.128.141]) by 88.150.229.251 with SMTP id kjzssyyacktk;
Fri, 04 Oct 2013 18:54:33 -0500
From: "binzbwcmyp@googlegroups.com" ehyrnkddnzb@yahoogroups.com
Reply-To: "binzbwcmyp@googlegroups.com" ehyrnkddnzb@yahoogroups.com
Subject: Re: ¬K.ÃĦAhigh¤@¦¸¦-¤W°_§ÉÄ~Äòhigh
To: sohai_sohai@hotmail.com
Message-ID: 8213.876x5lq739665j
X-Mailer: The Bat! (v1.52f) Business
Date: Sat, 05 Oct 2013 03:54:33 +0400
Organization: The Bat! (v1.52f) Business
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_347_udll_o2xnbr6f.6o001m56
سرورم کامل غیر فعال شده و هتزنر هست
Complaint Details
Submission Time:05/10/13 16:14
Product:Dedicated Server - D7-360-11995
IP Address:88.150.229.251
Hello,
This is a notification of unauthorized use of systems or networks.
On October 04, 2013, a total of 1 IP addresses from your networks tried to relay mail through my server without permission. After examining the log, they are suspected to be compromised botnet computers.
The connection log is attached below for your reference. Each line lists the date, time, time zone, attacker IP, attacker's network name (as found in WHOIS), local IP, and local TCP port number of a relay attempt. To prevent this mail from getting too big in size, only 15 relay attempts from each attacker IP are included.
If you regularly collect IP traffic information of your network, you will see the IPs listed connected to TCP port 25 of local IP at the time logged, and I suspect that they also connected to TCP port 25 of many other IPs.
Please notify the owners of those botnet computers so that they can take appropriate action to clean their computers, before even more severe incidents, like data leakage and DDoS, arise. This also helps prevent the botnets from taking up your network bandwidth.
Full internet email headers of the first relay attempts from those IPs, logged on local IP which they tried to abuse, is also attached below for your reference.
Chih-Cherng Chin
Daily Botnet Statistics
Daily Botnet Statistics (http://botnet-tracker.blogspot.com/)
*** Cyber Security Open Data:
*** Browse Daily Botnet Statistics: suspected bots ip (http://botnet-tracker.blogspot.com/search/label/suspected%20bots%20ip)
*** follow the link within posts to download IP lists of suspected
*** infected computers. Use them to create more effective defenses,
*** discover latest trends of cyber attacks, etc.
---- connection log (time zone is UTC; sent to abuse@redstation.com) ---- date => time => TZ => attacker IP => network name => local IP => local TCP port#
-------------------------------------------------------------------------------
2013-10-04 23:22:00 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:22:11 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:22:21 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:32 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:45 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:36:58 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:37:12 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:34 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:43 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:38:56 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:39:06 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:10 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:22 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:32 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
2013-10-04 23:59:44 UTC 88.150.229.251 RSDEDI-KHJMBPBN 198.35.45.96 25
---- internet email headers ----
Received: from [88.150.229.251] (helo=h88-150-229-251.host.redstation.co.uk)
by mta198.cellfone.kwik.to with smtp (Exim 4.80.1)
(envelope-from ehyrnkddnzb@yahoogroups.com)
id 1VSFHb-0008R0-PP; Fri, 04 Oct 2013 23:59:44 +0000
Received: from dns2.kimo.com ([61.56.128.141]) by 88.150.229.251 with SMTP id kjzssyyacktk;
Fri, 04 Oct 2013 18:54:33 -0500
From: "binzbwcmyp@googlegroups.com" ehyrnkddnzb@yahoogroups.com
Reply-To: "binzbwcmyp@googlegroups.com" ehyrnkddnzb@yahoogroups.com
Subject: Re: ¬K.ÃĦAhigh¤@¦¸¦-¤W°_§ÉÄ~Äòhigh
To: sohai_sohai@hotmail.com
Message-ID: 8213.876x5lq739665j
X-Mailer: The Bat! (v1.52f) Business
Date: Sat, 05 Oct 2013 03:54:33 +0400
Organization: The Bat! (v1.52f) Business
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_347_udll_o2xnbr6f.6o001m56