مشکل abuse

[salem]

با سلام و خسته نباشید خدمت اساتید و دوستان عزیز یدونه وی پی اس لینوکسی داریم هر روز abuse میاد اگر حل نکنیم وی پی اس قطع خواهد شد . چیکار کنم تا مشکل حل بشه ؟

Details:
An IP address () under your control appears to have attacked one of our customers as part of a coordinated DDoS botnet. We manually reviewed the captures from this attack and do not believe that your IP address was spoofed, based on the limited number of distinct hosts attacking us, the identicality of many attacking IP addresses to ones we've seen in the past, and the non-random distribution of IP addresses.

It is likely that this host is one of the following, from the responses that others have sent us:

- A compromised DVR, such as a "Hikvision" brand device (ref: http://www.coresecurity.com/advisori...ulnerabilities)
- A compromised IPMI device, such as one made by Supermicro (possibly because it uses the default U/P of ADMIN/ADMIN or because its password was found through an exploit described at http://arstechnica.com/security/2014...dvisory-warns/)
- A compromised router, such as one made by China Telecom which still allows a default admin username and password; one by Netis, with its built-in internet-accessible backdoor (http://blog.trendmicro.com/trendlabs...en-backdoor/); or one running an old AirOS version with its exposed administrative interface
- A compromised Xerox-branded device
- Some other compromised standalone device
- A compromised webhost, such as one running a vulnerable version of WordPress, phpMyAdmin, or zPanel
- A compromised client, such as one running a vulnerable web browser susceptible to a Java exploit
- A server with an insecure password that was brute-forced, such as through SSH or RDP

The actual attack consisted of packets with specific distinguishing characteristics. This is example traffic from the IP address, as put out by the "tcpdump" utility and captured by our router during the attack.

Date/timestamps (at the very left) are UTC.

2017-03-07 16:34:46.975091 IP (tos 0x28, ttl 50, id 64017, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa11 4000 3211 34dd 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975105 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975140 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975146 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975726 IP (tos 0x28, ttl 50, id 64020, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa14 4000 3211 34da 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975728 IP (tos 0x28, ttl 50, id 64020, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa14 4000 3211 34da 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU

[nimafire]

سلام
دوست عزیز افاق هاستینگ از سال 2007 میلادی به صورت حرفه ای در زمینه مدیریت سرور های لینوکسی فعالیت میکند

برطرف سازی مشکلات ایجاد شده
نصب کنترل پنل ها
نصب مجازی سازها
بهینه سازی و برطرف سازی مشکلات سیستم عامل ها
ارائه راهکار های فنی و امنیتی حرفه ای به جهت مدیریت سرور
بروز رسانی نرم افزار ها و سرویس ها
کانفیگ سرور ارسال ایمیل
نصب انواع وب سرویس و بهینه سازی دقیق آن Apache,Nginx,...
و ...

پکیج های متنوعی برای ارائه خدمات به شما در نظر گرفته ایم که میتوانید لیست کامل آن ها را از لینک زیر مشاهده فرمایید

http://clients.afaghhosting.net/cart.php?gid=18

[Mr.Pouria]

با سلام و خسته نباشید خدمت اساتید و دوستان عزیز یدونه وی پی اس لینوکسی داریم هر روز abuse میاد اگر حل نکنیم وی پی اس قطع خواهد شد . چیکار کنم تا مشکل حل بشه ؟

Details:
An IP address () under your control appears to have attacked one of our customers as part of a coordinated DDoS botnet. We manually reviewed the captures from this attack and do not believe that your IP address was spoofed, based on the limited number of distinct hosts attacking us, the identicality of many attacking IP addresses to ones we've seen in the past, and the non-random distribution of IP addresses.

It is likely that this host is one of the following, from the responses that others have sent us:

- A compromised DVR, such as a "Hikvision" brand device (ref: http://www.coresecurity.com/advisori...ulnerabilities)
- A compromised IPMI device, such as one made by Supermicro (possibly because it uses the default U/P of ADMIN/ADMIN or because its password was found through an exploit described at http://arstechnica.com/security/2014...dvisory-warns/)
- A compromised router, such as one made by China Telecom which still allows a default admin username and password; one by Netis, with its built-in internet-accessible backdoor (http://blog.trendmicro.com/trendlabs...en-backdoor/); or one running an old AirOS version with its exposed administrative interface
- A compromised Xerox-branded device
- Some other compromised standalone device
- A compromised webhost, such as one running a vulnerable version of WordPress, phpMyAdmin, or zPanel
- A compromised client, such as one running a vulnerable web browser susceptible to a Java exploit
- A server with an insecure password that was brute-forced, such as through SSH or RDP

The actual attack consisted of packets with specific distinguishing characteristics. This is example traffic from the IP address, as put out by the "tcpdump" utility and captured by our router during the attack.

Date/timestamps (at the very left) are UTC.

2017-03-07 16:34:46.975091 IP (tos 0x28, ttl 50, id 64017, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa11 4000 3211 34dd 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975105 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975140 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975146 IP (tos 0x28, ttl 50, id 64019, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa13 4000 3211 34db 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975726 IP (tos 0x28, ttl 50, id 64020, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa14 4000 3211 34da 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU
2017-03-07 16:34:46.975728 IP (tos 0x28, ttl 50, id 64020, offset 0, flags [DF], proto UDP (17), length 44)
.59704 > 74.91.113.x.53: 19535 updateA [b2&3=0x4c44] [19288a] [18755q] [17478n] [21827au][|domain]
0x0000: 4528 002c fa14 4000 3211 34da 5266 0b77 E(.,..@.2.4.Rf.w
0x0010: 4a5b 7172 e938 0035 0018 9b3e 4c4f 4c44 J[qr.8.5...>LOLD
0x0020: 4943 4b58 4446 5543 4b59 4f55 ICKXD****YOU

در بخش درخواست سرویس سوال کردید این بخش کسی کمک نمیکنه

بهتره در بخش پرسش و پاسخ تاپیک بزنید

[arc1o0]

سلام

سرور شما هک شده و برای اتک زدن ازش استفاده میشه و جوین به یک شبکه روبات اتک شده، پیدا کردن بک دور و رفع مشکل به این سادگی ها نیست

پیشنهاد من این هست که از دیتاهاتون بکاپ بگیرید و سرور رو به شکل کامل از اول نصب و راه اندازی کنید، زمان و انرژی و هزینه کمتری برای شما خواهد داشت.

- - - Updated - - -

سلام

سرور شما هک شده و برای اتک زدن ازش استفاده میشه و جوین به یک شبکه روبات اتک شده، پیدا کردن بک دور و رفع مشکل به این سادگی ها نیست

پیشنهاد من این هست که از دیتاهاتون بکاپ بگیرید و سرور رو به شکل کامل از اول نصب و راه اندازی کنید، زمان و انرژی و هزینه کمتری برای شما خواهد داشت.