softlayer 被投诉,ip已经被停用,怎么办?
真是搞不懂,怎么说我的服务器在攻击别人的站呢?被投诉了,还列举了一大堆的证据!怎么回事啊?要怎么解决啊?找softlayer技术,他说他们没法解决!晕死了大家帮忙看看,这只是其中一点点东西:
Ticket Contents:
Employee Response - 2010-Aug-09 10:23 (GMT-0600)
SoftLayer Security has received the following HACKING / MALICIOUS ACTIVITY complaint in reference to an IP hosted on your server. A copy of the complaint is listed below or attached to this ticket for your review. Please disable or remove this activity immediately as it is direct abuse of the network services and a violation of your TOS and AUP. Failure to resolve this issue in an expeditious manner could lead to service interruption for this server. Please update this ticket with resolution to this issue. We thank you in advance for your quick action and cooperation.
Regards,
SoftLayer Security Team
Please rate this response
Worst Best
1 2 3 4 5
Employee Response - 2010-Aug-09 10:23 (GMT-0600)
Looks like your customer with IP 67.228.94.234 is doing ssh attacks to my server.
Please take care about
Best Regards
here some logfile output Date
Mon Aug 9 11:45:02 CEST 2010
Aug 9 00:43:44 81-89-97-101 sshd: Invalid user alyssa from 67.228.94.234 Aug 9 00:43:44 81-89-97-101 sshd: error: PAM: User not known to the underlying authentication module for illegal user alyssa from 67.228.94.234-static.reverse.softlayer.com
Aug 9 00:43:44 81-89-97-101 sshd: Failed keyboard-interactive/pam for invalid user alyssa from 67.228.94.234 port 39379 ssh2 Aug 9 02:39:00 81-89-97-101 sshd: Invalid user ann from 67.228.94.234 Aug 9 02:39:00 81-89-97-101 sshd: error: PAM: User not known to the underlying authentication module for illegal user ann from 67.228.94.234-static.reverse.softlayer.com
Aug 9 02:39:00 81-89-97-101 sshd: Failed keyboard-interactive/pam for invalid user ann from 67.228.94.234 port 52336 ssh2 Aug 9 04:11:39 81-89-97-101 sshd: Invalid user assh from 67.228.94.234 Aug 9 04:11:40 81-89-97-101 sshd: error: PAM: User not known to the underlying authentication module for illegal user assh from 67.228.94.234-static.reverse.softlayer.com
Aug 9 04:11:40 81-89-97-101 sshd: Failed keyboard-interactive/pam for invalid user assh from 67.228.94.234 port 57007 ssh2 Aug 9 11:13:36 81-89-97-101 sshd: Invalid user clark from 67.228.94.234 Aug 9 11:13:36 81-89-97-101 sshd: error: PAM: User not known to the underlying authentication module for illegal user clark from 67.228.94.234-static.reverse.softlayer.com
Aug 9 11:13:36 81-89-97-101 sshd: Failed keyboard-interactive/pam for invalid user clark from 67.228.94.234 port 53369 ssh2 Aug 9 11:31:39 81-89-97-101 sshd: Invalid user clint from 67.228.94.234 Aug 9 11:31:39 81-89-97-101 sshd: error: PAM: User not known to the underlying authentication module for illegal user clint from 67.228.94.234-static.reverse.softlayer.com
Aug 9 11:31:39 81-89-97-101 sshd: Failed keyboard-interactive/pam for invalid user clint from 67.228.94.234 port 41680 ssh2
Dear Sir/Madam,
We have detected abuse from the IP address 67.228.94.234, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.
Log lines are given below, but please ask if you require any further information.
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)
Note: Local timezone is +0300 (EEST)
Aug 9 04:27:30 cybershells sshd: Invalid user arias from 67.228.94.234 Aug 9 04:27:31 cybershells sshd: error: PAM: User not known to the underlying authentication module for illegal user arias from 67.228.94.234-static.reverse.softlayer.com
Aug 9 04:27:31 cybershells sshd: Failed keyboard-interactive/pam for invalid user arias from 67.228.94.234 port 36389 ssh2 Aug 9 05:59:31 cybershells sshd: Invalid user barbara from 67.228.94.234 Aug 9 05:59:31 cybershells sshd: error: PAM: User not known to the underlying authentication module for illegal user barbara from 67.228.94.234-static.reverse.softlayer.com
Aug 9 05:59:31 cybershells sshd: Failed keyboard-interactive/pam for invalid user barbara from 67.228.94.234 port 35412 ssh2 Aug 9 13:57:03 cybershells sshd: Invalid user craig from 67.228.94.234 Aug 9 13:57:04 cybershells sshd: error: PAM: User not known to the underlying authentication module for illegal user craig from 67.228.94.234-static.reverse.softlayer.com
Aug 9 13:57:04 cybershells sshd: Failed keyboard-interactive/pam for invalid user craig from 67.228.94.234 port 56894 ssh2
--
This message has bee
Please rate this response
Worst Best
1 2 3 4 5 pam?是大家说的那个漏洞嘛,难道你被黑啦。
回复 2# 的帖子
那个是pma ipmi登陆进去看看/tmp下面是不是有个dd_ssh? 你直接回复他,我的服务器被黑了,我全部格式话了重装就完了。 原帖由 杯具 于 2010-8-23 00:45 发表 http://www.hostloc.com/images/common/back.gif你直接回复他,我的服务器被黑了,我全部格式话了重装就完了。
那得真正有重装才行,他们可以看到记录的。
跟softlayer好好沟通后都很容易解决的。
回复 4# 的帖子
怎么登录啊?回复 5# 的帖子
重装后 就可以恢复使用了? - -"独立IP? 被肉鸡了。。
页:
[1]