问:收到说信息说我的服务器有对外攻击请帮检查下。我检查没有发现异常,收到说信息说我的服务器有对外攻击请帮检查下
答:您好,是我司发送给您的吗,您可以把您收到的对外攻击的信息提供下,并提供下正确远程密码,如需我司协助排查,会扣除一次金牌服务,您也可以重新提交正确工单类型:【云服务器】–【系统设置】–【服务器负载高/意外重启/带宽跑高/异常现象排查】非常感谢您长期对我司的支持!
问:您好: 我司收到投诉 127.0.0.1 服务器对外攻击网络。服务器可能被黑,请全面查杀病毒或重装系统处理。请尽快处理以确保服务器数据安全性,如再次收到对外攻击投诉将关停服务器,请立即检查处理下,谢谢!投诉详情附后。
电话:邮箱:网址:www.west.cn
邮件事务 / MAIL-6465TCP port 1433 from IP 127.0.0.1
Attention!TCP port 1433 (MS SQL) activity is from IP 127.0.0.1. The scan was on ASBR of at 14:54:34 GMT. More than 60 IP have been in 60 seconds. See the log below.This may mean that the host 127.0.0.1 (or a host a NAT with IP 127.0.0.1) is compromised.Please take and check the for or this to of the IP 127.0.0.1.This was automatically and sent to abuse E-Mail based on WHOIS information.Here is the log (timestamps are GMT):
14:51:39: 127.0.0.1 => 127.0.0.1:1433
14:51:41: 127.0.0.1 => 127.0.0.1:1433
14:51:42: 127.0.0.1 => 127.0.0.1:1433
14:51:42: 127.0.0.1 => 127.0.0.1:1433
14:51:49: 127.0.0.1 => 127.0.0.1:1433
14:51:49: 127.0.0.1 => 127.0.0.1:1433
14:51:50: 127.0.0.1 => 127.0.0.1:1433
14:51:50: 127.0.0.1 => 127.0.0.1:1433
14:51:50: 127.0.0.1 => 127.0.0.1:1433
14:51:50: 127.0.0.1 => 127.0.0.1:1433
14:51:50: 127.0.0.1 => 127.0.0.1:1433
14:51:52: 127.0.0.1 => 127.0.0.1:1433
14:51:52: 127.0.0.1 => 127.0.0.1:1433
14:51:53: 127.0.0.1 => 127.0.0.1:1433
14:51:53: 127.0.0.1 => 127.0.0.1:1433
14:51:56: 127.0.0.1 => 127.0.0.1:1433
14:51:56: 127.0.0.1 => 127.0.0.1:1433
14:51:59: 127.0.0.1 => 127.0.0.1:1433
14:51:59: 127.0.0.1 => 127.0.0.1:1433
14:51:59: 127.0.0.1 => 127.0.0.1:1433
14:52:00: 127.0.0.1 => 127.0.0.1:1433
14:52:01: 127.0.0.1 => 127.0.0.1:1433
14:52:02: 127.0.0.1 => 127.0.0.1:1433
14:52:02: 127.0.0.1 => 127.0.0.1:1433
14:52:02: 127.0.0.1 => 127.0.0.1:1433
14:52:02: 127.0.0.1 => 127.0.0.1:1433
14:52:03: 127.0.0.1 => 127.0.0.1:1433
14:52:05: 127.0.0.1 => 127.0.0.1:1433
14:52:05: 127.0.0.1 => 127.0.0.1:1433
14:52:05: 127.0.0.1 => 127.0.0.1:1433
14:52:05: 127.0.0.1 => 127.0.0.1:1433
14:52:08: 127.0.0.1 => 127.0.0.1:1433
14:52:08: 127.0.0.1 => 127.0.0.1:1433
14:52:09: 127.0.0.1 => 127.0.0.1:1433
14:52:09: 127.0.0.1 => 127.0.0.1:1433
14:52:09: 127.0.0.1 => 127.0.0.1:1433
14:52:10: 127.0.0.1 => 127.0.0.1:1433
14:52:10: 127.0.0.1 => 127.0.0.1:1433
14:52:10: 127.0.0.1 => 127.0.0.1:1433
14:52:13: 127.0.0.1 => 127.0.0.1:1433
14:52:13: 127.0.0.1 => 127.0.0.1:1433
14:52:13: 127.0.0.1 => 127.0.0.1:1433
14:52:14: 127.0.0.1 => 127.0.0.1:1433
14:52:14: 127.0.0.1 => 127.0.0.1:1433
14:52:14: 127.0.0.1 => 127.0.0.1:1433
14:52:15: 127.0.0.1 => 127.0.0.1:1433
14:52:15: 127.0.0.1 => 127.0.0.1:1433
14:52:16: 127.0.0.1 => 127.0.0.1:1433
14:52:17: 127.0.0.1 => 127.0.0.1:1433
14:52:17: 127.0.0.1 => 127.0.0.1:1433
14:52:18: 127.0.0.1 => 127.0.0.1:1433
14:52:18: 127.0.0.1 => 127.0.0.1:1433
14:52:18: 127.0.0.1 => 127.0.0.1:1433
14:52:20: 127.0.0.1 => 127.0.0.1:1433
14:52:20: 127.0.0.1 => 127.0.0.1:1433
14:52:20: 127.0.0.1 => 127.0.0.1:1433
14:52:22: 127.0.0.1 => 127.0.0.1:1433
14:52:23: 127.0.0.1 => 127.0.0.1:1433
14:52:24: 127.0.0.1 => 127.0.0.1:1433
14:52:24: 127.0.0.1 => 127.0.0.1:1433
14:52:24: 127.0.0.1 => 127.0.0.1:1433
14:52:26: 127.0.0.1 => 127.0.0.1:1433
14:52:27: 127.0.0.1 => 127.0.0.1:1433
14:52:28: 127.0.0.1 => 127.0.0.1:1433
14:52:28: 127.0.0.1 => 127.0.0.1:1433
14:52:28: 127.0.0.1 => 127.0.0.1:1433
14:52:28: 127.0.0.1 => 127.0.0.1:1433
14:52:30: 127.0.0.1 => 127.0.0.1:1433
14:52:31: 127.0.0.1 => 127.0.0.1:1433
14:52:33: 127.0.0.1 => 127.0.0.1:1433
14:52:36: 127.0.0.1 => 127.0.0.1:1433
14:52:37: 127.0.0.1 => 127.0.0.1:1433
[Created via e-mail from: NETIS <scanreport@netis.ru>]添加评论
问:服务器密码
答:您好,查看是有攻击的,这边无法核实哪些是异常进程,您可以下载一个服务器安全狗或者云锁扫描下是否存在木马文件,如无法扫描出来,建议只有备份好需要的数据重装下系统,非常感谢您长期对我司的支持!
问:能否帮我操作下呢 划掉一次金牌服务的资格
答:您好,抱歉,经分析排查无法找到发包应用,建议您重装系统 ,非常感谢您长期对我司的支持!
问:您好,现在我这个ip 无法的打开了吗
答:您好,查看到服务器仍没有重装,当前查看到服务器卡死,可能是服务器死机。
问:正在重装
答:您好,重装后参考https://www.west.cn/faq/list.asp?unid=853 进行安全设置,同时安装安全软件扫描服务器。
扫描完成后进行恢复操作https://www.west.cn/faq/list.asp?unid=608 。非常感谢您长期对我司的支持!
西部数码(west.cn)是经工信部、ICANN、CNNIC认证审批,持有ISP、云牌照、IDC、CDN、顶级域名注册商等全业务资质的正规老牌服务商,自成立至今20余年专注于域名注册、虚拟主机、云服务器、企业邮箱、企业建站等互联网基础服务!
截止目前,已经为超过2000万个域名提供了注册、解析等服务,是中国五星级域名注册注册商!已为超过50万个网站提供了高速稳定的云托管服务,获评中国最受用户喜欢云主机服务商。
西部数码提供全方位7X24H专业售后支撑,域名注册特价1元起,高速稳定云主机45元起,更多详情请浏览西部数码官网:https://www.west.cn/