昨天上午给我发邮件说我的服务器正在遭受攻击,然后让我回复他们说明情况,我都还没来得及回复又来一份邮件告诉我攻击被解除了,说让我还要必须回复他们说明情况,然后我回复说不知道什么情况。下午收到一个他们的邮件,告诉我说我的服务器正在扫描攻击别人。然后把我服务器停了。我去,有这么坑爹的吗?下面是一部分截图,用的wget -O- 'https://mirror.joodle.nl/WindowsServer2016Evaluation-Template.gz' | gunzip | dd of=/dev/sda这个DD包,是不是加入后门了。
Dear Sir or Madam
Your server with the above-mentioned IP address has performed scans on other servers on the Internet.
This has placed a considerable strain on network resources and, as a result, a segment of our network has been adversely affected.
Your server has therefore been deactivated as a precautionary measure.
A corresponding log history is attached at the end of this email.
For guidelines on how to proceed next please see:
http://wiki.hetzner.de/index.php/Leitfaden_bei_Serversperrung/en
If you have any questions or requests, please send us a support request via your Robot administration interface (https://robot.your-server.de).
Please log in to Robot using your login. Then click on the user icon in the upper right hand corner and then on "Support". Under "Unblock requests" please select the corresponding Blocking ID and return the completed form to us.
We shall reply to your support request as soon as we can.
Best regards
Your Hetzner Online Team
##########################################################################
# Netscan detected from host 95.216.11.186 #
##########################################################################
time protocol src_ip src_port dest_ip dest_port
---------------------------------------------------------------------------
Sat Mar 17 03:12:16 2018 TCP 95.216.11.186 51706 => 31.187.112.135 3389
Sat Mar 17 03:12:16 2018 TCP 95.216.11.186 51706 => 37.1.125.30 3389
Sat Mar 17 03:12:16 2018 TCP 95.216.11.186 51706 => 46.28.187.239 3389
Sat Mar 17 03:12:15 2018 TCP 95.216.11.186 51706 => 46.108.154.156 3389
Sat Mar 17 03:12:15 2018 TCP 95.216.11.186 51706 => 46.108.178.90 3389
