共计 5664 个字符,预计需要花费 15 分钟才能阅读完成。
我的搬瓦工(只允许 ssh 证书登录 ) 突然出现了这个 email spam 的问题,被临时暂停了。可以随时回复,但怕又马上触发,又要把暂停。每次扣 100 分,一年允许 2000 分。。。
上面东西太多,无法重装。但想问问 mjj 们,有没有碰上类似问题,怎么处理好。
1651629692.370260 Ctnsu62XBwlK5ffVvi 80.252.216.70 58246 104.47.74.33 25 1 actix.com [email protected] [email protected] Wed, 04 May 2022 01:01:32 +0300 "Canada Pharmacy" <[email protected]> <[email protected]> – "Canada Pharmacy" <[email protected]> <[email protected]> – Try REAL sexual performance. Buy from our store. – – – 250 2.6.0 <[email protected]> [InternalId=103349798043862, Hostname=VI1P194MB0656.EURP194.PROD.OUTLOOK.COM] 8013 bytes in 0.212, 36.771 KB/sec Queued mail for delivery -> 250 2.1.5 104.47.74.33,80.252.216.70 – F Fyp3hA2SW20ZMqIkJg F
1651629692.087956 CQz3VY32O5JklkIidj 80.252.216.70 46586 104.47.18.225 25 1 asbd.com.au [email protected] [email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:34 +0300 "CanadaPharmacy" <[email protected]> <[email protected]> – "CanadaPharmacy" <[email protected]> <[email protected]> – You like hot girls, but want to make it longer? Try our shop! – – – 250 2.6.0 <[email protected]> [InternalId=3715146711274, Hostname=DB9P195MB1635.EURP195.PROD.OUTLOOK.COM] 8062 bytes in 0.134, 58.384 KB/sec Queued mail for delivery 104.47.18.225,80.252.216.70 – F FxS51726E4ug2GtPr4 F
1651629696.563261 Ctnsu62XBwlK5ffVvi 80.252.216.70 58246 104.47.74.33 25 2 actix.com [email protected] [email protected],[email protected],[email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:38 +0300 "CanadaPharmacy" <[email protected]> <[email protected]> – "CanadaPharmacy" <[email protected]> <[email protected]> – All you want will become possible with our shop! – – – 250 2.6.0 <[email protected]> [InternalId=5746666242357, Hostname=BY5PR18MB3186.namprd18.prod.outlook.com] 8221 bytes in 0.332, 24.138 KB/sec Queued mail for delivery 104.47.74.33,80.252.216.70 – F F4nbVk3FxIEB4Gd1Pj F
1651629697.662459 C6AURx2dhwtWXsrxci 80.252.216.70 58362 104.47.74.33 25 1 atlantisedu.com [email protected] [email protected],[email protected] Wed, 04 May 2022 01:01:38 +0300 "Canada Pharmacy" <[email protected]> <[email protected]> – "Canada Pharmacy" <[email protected]> <[email protected]> – Make a pleasure last for a hours. Check our store! – – – 250 2.6.0 <[email protected]> [InternalId=4728758993117, Hostname=DB7PR04MB4073.eurprd04.prod.outlook.com] 7937 bytes in 0.414, 18.707 KB/sec Queued mail for delivery 104.47.74.33,80.252.216.70 – F FXrbll8XUyTLFE13g F
1651629698.054567 CKqBoO9ajNpzSxHak 80.252.216.70 32842 67.195.204.75 25 1 amicale-chateaubriant.fr [email protected] [email protected],[email protected],[email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:40 +0300 "CanadaPharmacy" <[email protected]> <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]> – "CanadaPharmacy" <[email protected]> <[email protected]> – Be wonderful in your bed games – – – 250 ok queued 1/5 67.195.204.75,80.252.216.70 – F FmbRjF4lDQGk2TFKfg F
1651629701.982497 C6AURx2dhwtWXsrxci 80.252.216.70 58362 104.47.74.33 25 2 atlantisedu.com [email protected] [email protected],[email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:43 +0300 "Canada Pharmacy" <[email protected]> <[email protected]> – – <[email protected]> – Make a pleasure last for a hours. Check our store! – – – 250 2.6.0 <[email protected]> [InternalId=1387274436982, Hostname=BY5PR20MB2945.namprd20.prod.outlook.com] 8057 bytes in 0.121, 64.666 KB/sec Queued mail for delivery 104.47.74.33,80.252.216.70 – F FFE1XY1v2kyfFDHgq4 F
1651629700.737010 Ctnsu62XBwlK5ffVvi 80.252.216.70 58246 104.47.74.33 25 3 actix.com [email protected] [email protected],[email protected],[email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:42 +0300 "CanadaPharmacy" <[email protected]> <[email protected]> – – <[email protected]> – You like hot girls, but want to make it longer? Try our shop! – – – 250 2.6.0 <[email protected]> [InternalId=46548855554252, Hostname=AS8P192MB1270.EURP192.PROD.OUTLOOK.COM] 8437 bytes in 0.152, 54.194 KB/sec Queued mail for delivery 104.47.74.33,80.252.216.70 – F FotwD04leYxDLmz0ig F
1651629704.825658 CcTieE1S3Dk1GpUoGe 80.252.216.70 32946 67.195.204.75 25 1 autocomponent.com [email protected] [email protected] Wed, 04 May 2022 01:01:45 +0300 "Canada Pharmacy" <[email protected]> <[email protected]> – "Canada Pharmacy" <[email protected]> <[email protected]> – Make any sexual fantasies real! – – – 552 1 Requested mail action aborted, mailbox not found 67.195.204.75,80.252.216.70 – F Fonnpo3H26M9OayFe9 F
1651629701.905322 CNcwvl1UQFMAAXw612 80.252.216.70 58432 104.47.74.33 25 1 aclco.it [email protected] [email protected],[email protected],[email protected],[email protected],[email protected] Wed, 04 May 2022 01:01:44 +0300 "CanadaPharmacy" <[email protected]> <[email protected]> – "CanadaPharmacy" <[email protected]> <[email protected]> – hallo – – – 250 2.6.0 <[email protected]> [InternalId=83988085473684, Hostname=SG2PR02MB4442.apcprd02.prod.outlook.com] 8092 bytes in 0.282, 27.949 KB/sec Queued mail for delivery 104.47.74.33,80.252.216.70 – F Fktm1e4ek7qDhc5KAd F
上一篇: 相继倒闭,还有第三方 cfp 吗?
下一篇: 小米 8 装什么系统能变成功能手机 给小孩用
你自己搭邮件服务了吗?搭了的话检查一下收件人邮箱有效性。
没搭的话,那被黑了啊,监控端口,检查进程。。。。。没搭 我上去把端口给禁了,sendmail 给卸了,所有不常用的 docker 给删了,所有 log 了查了一遍,现在暂时没事了。就是心里感觉不稳当。。。
pers 发表于 2022-5-4 13:43
没搭 我上去把端口给禁了,sendmail 给卸了,所有不常用的 docker 给删了,所有 log 了查了一遍,现在暂时没事了 …
1. docker 开特权模式了吗?
2. 确定是 docker 这边入侵的吗?
3. 有没有异常进程和 crontab?
4. bash_history 和 /var/log 是否还健在?能否调取相关日志?
5. 是否存在密码爆破?
6. 是否存在业务文件被修改?系统文件别想了,没法查。
要是没检测这几项 (想到的就这些,其他的等大佬补充),那端口禁了 /sendmail 卸了 / 删 docker 容器没用,你看的日志是哪块?最好备份重装下。。
