共计 2286 个字符,预计需要花费 6 分钟才能阅读完成。
就挂了个 qBittorrent,收到邮件要不要管?这个应该是对方那边服务器通过 Hetzner 发过来的吧?We have received information regarding spam and/or abuse from [email protected] is an information email only and does not require any further action on your part.It is your choice whether or not to investigate the complaint.We do not expect any response.Information:Hello,This is a notification of unauthorized uses of systems or networks.On December 11, 2022, a total of 68 IP addresses from your networksprobed my servers for TCP open ports. Due to their dubious behavior, theyare suspected to be compromised botnet computers.The log of TCP port scans is included below for your reference(time zone is UTC). To prevent this mail from getting too big in size,at most 5 attempts from each attacker IP are included. Those connectionattempts have all passed TCP\’s 3-way handshake, so you can trust the sourceIP addresses to be correct.If you regularly collect IP traffic information of your network, you will seethe IPs listed connected to various TCP ports of my server at the time logged,and I suspect that they also connected to TCP ports of many other IPs.If a Linux system was at the attacker\’s IP, you might want to use thecommand "ss -ntp" to list its active network connections. If thereis still some suspicious connection, find out what PID/program/user ID theybelong to. You might find something to help you solve this problem.Please notify the victims (owners of those botnet computers) so that theycan take appropriate action to clean their computers, before evenmore severe incidents, like data leakage, DDoS, and the rumored NSA spyingthrough hijacked botnets, arise. This also helps prevent botnets fromtaking up your network bandwidth.Chih-Cherng ChinDaily Botnet Statistics—- log of TCP port scans (time zone is UTC; sent to [email protected]) ———————————————————————————–(time in UTC)=2022-12-11T23:08:58 (attacker\’s IP)=116.203.1.1 (IP being scanned)=61^61^170^12 (TCP port being scanned)=7547(time in UTC)=2022-12-11T23:08:58 (attacker\’s IP)=116.203.1.1 (IP being scanned)=61^61^170^12 (TCP port being scanned)=7547 复制代码 雨墨 2023-01-09 22:59 2 跟你情况一样 Rebel 2023-01-09 23:00 3 雨墨 发表于 2023-1-9 22:59 跟你情况一样应该没啥事吧,我收到两封,有一封里面的 IP 还是 VirMach 的,谁用 VirMach 刷 PT,连别人服务器下载 VirMach 还反向告状,操? 雨墨 2023-01-09 23:08 4Rebel 发表于 2023-1-9 23:00 应该没啥事吧,我收到两封,有一封里面的 IP 还是 VirMach 的,谁用 VirMach 刷 PT,连别人服务器下载 VirMach 还反向告状,操:… 我都不知道啥情况管他干鸡毛再发直接删鸡? toot 2023-01-09 23:21 5 挺好的。老老实实建站的可以上了。邻居搞不了事情 finial2006 2023-01-10 00:13 6 不回会封号 liugogal 2023-01-10 00:18 7 我不清楚你邮件是不是复制全了,要回 abuse 的邮件里面会有个链接的,打开后会要求你写明情况附上 abuse 的 id
