我在11月份用他家的服务器采集了一个网站,然后被采集的网站给服务器发送了abuse,服务器封了,他们说会提前给发送邮件提醒(outlook邮箱),但是我没收到。
我把程序改了ua,而且设置那个网站为黑名单了,所以后续根本不可能再访问那个网站了。
结果12月中旬来了两个abuse,服务器又直接关了,依然没收到邮件提醒。
我给raksmart对方回复,网站我已经改了,而且ua根本不可能继续是11月份的,记录里面的信息根本就不对,对方给服务器解封了。
结果今天服务器又突然关机了,依然没收到邮件,然后又多了一个abuse,内容依然是跟11月份的一模一样。
现在raksmart给回复了:您好,已經給您解封,查看已經多次給您解封,麻煩您調整一下業務,如果還有投訴的話這邊無法給您解除封堵。
想问下大家,现在这种应该怎么解决,raksmart的做法是否正确。
下面是abuse内容
Dear Provider,
I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP directed at our clients’ servers.
As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.
I've collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link.
<pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>Url: [stockphotoadviser.com/.env]
Headers: [array (
'BN-Client-Port' => '42270',
'Connection' => 'close',
'BN-TP-Proto' => 'https',
'Host' => 'stockphotoadviser.com',
'Accept-Encoding' => 'gzip',
'BN-Frontend' => 'waf-https',
'Referer' => 'https://stockphotoadviser.com/',
'BN-X-Forwarded-Port' => '',
'X-Forwarded-Port' => '443',
'BN-TP-Dstip' => '185.255.40.45',
'User-Agent' => 'GoFrameHTTPClient v1.15.3',
'BN-X-Forwarded-Proto' => '',
'X-Forwarded-Proto' => 'https',
'BN-TP-Dstport' => '443',
'BN-X-Forwarded-For' => '',
Matched: [
ModSecurity id: [930130] revision [1]
msg [Restricted File Access Attempt]
match [Matched "Operator PmFromFile' with parameterrestricted-files.data' against variable REQUEST_FILENAME' (Value:/.env' )]
logdata [Matched Data: /.env found within REQUEST_FILENAME: /.env]
severity [CRITICAL]
Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.
Thank you for helping us make the Internet a safer place!
Regards,
George Egri
CEO at BitNinja.io
BitNinja.io @ BusinessInsider UK
BitNinja.io hits the WHIR.com
BitNinja @ CodeMash conference |
发表于 2021-12-26 09:05:30
楼主
发表于 2021-12-26 09:20:51