سلام دوستان
از طرف سرور برام یه ایمیل اومده که منظورشو دقیق نفهمیدم و نمیدونم باید چیکار کنم، لطفا اگه میشه زودتر منو رهنمائی کنید که 24 ساعت فرصت داده تا به مشکل رسیده گی بشه !؟؟

ABUSE TYPE: OTHER
URGENCY: HIGH (24hours notice)
IP: 85.17.21.198

Dear customer,

We received a complaint regarding an IP assigned to you. Please see the complaint at the bottom of this e-mail. We urge you to take appropriate action to prevent future complaints.

PLEASE NOTIFY US WITHIN 24 HOURS WITH TAKEN ACTiONS. FAILURE TO DO SO WILL RESULT IN AN IP BLOCK OF THE MENTIONED IP.

LeaseWeb Security Response Team (LSRT)

***** ADDITIONAL INFORMATION BY LSRT *****

******************************************

******************************************
ORIGINAL COMPLAINT BELOW
******************************************

Dear abuse team,

please help to close these offending portals sites(1) so far.

status: As of 2011-10-06 2147 CEST
Missused or defaced Server for contact: abuse@leaseweb.com - Clean MX - realtime

(for full uri, please scroll to the right end ...

This information has been generated out of our comprehensive real time database, tracking worldwide portals URI's

most likely also affected pages for these ip may be found via passive dns
please have a look on these other domains correlated to these ip
example: see BFK edv-consulting GmbH - Sicherheit

If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2011-10-06 21:28:04 CEST |218924 |defaced_site |85.17.21.198 |saffroncorm.com |http://saffroncorm.com
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case


yours

Gerhard W. Recher
(Geschäftsführer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 München

GSM: ++49 171 4802507

Handelsregister München: HRB 124497

w3: http://www.clean-mx.de
e-Mail: mailto:abuse@clean-mx.de
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abu...-mx.de.pub.asc, Dear abuse team,

please help to close these offending portals sites(1) so far.

status: As of 2011-10-06 2147 CEST
Missused or defaced Server for contact: abuse@leaseweb.com - Clean MX - realtime

(for full uri, please scroll to the right end ...

This information has been generated out of our comprehensive real time database, tracking worldwide portals URI's

most likely also affected pages for these ip may be found via passive dns
please have a look on these other domains correlated to these ip
example: see BFK edv-consulting GmbH - Sicherheit

If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2011-10-06 21:28:04 CEST |218924 |defaced_site |85.17.21.198 |saffroncorm.com |http://saffroncorm.com
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case


yours

Gerhard W. Recher
(Geschäftsführer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 München

GSM: ++49 171 4802507

Handelsregister München: HRB 124497

w3: http://www.clean-mx.de
e-Mail: mailto:abuse@clean-mx.de
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abu...-mx.de.pub.asc,