|
本帖最后由 ighook 于 2021-12-22 11:18 编辑
在未暴露IP的情况下,刚刚收到了来自DigitalOcean的邮件,说是被DDOS攻击了,一脸黑人问号??? 我这是躺枪了?
邮件原文:
Hi,
We are writing to let you know that your Droplet debian-s-1vcpu-1gb-sfo3-01 at 143.198.68.185 has been disconnected from the network after it contributed 1.3 Gbps to a 10.5 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.
Your path to resolution will be influenced by how you use debian-s-1vcpu-1gb-sfo3-01, your technical expertise, and/or your time available for investigation.
Path 1 - If debian-s-1vcpu-1gb-sfo3-01 does not collect or contain any data you need to preserve, we suggest destroying this Droplet and starting over. This is the most straightforward way to get back up and running. Please note, you will still be billed for your Droplet usage, even in a network disconnected state.
Path 2 - If debian-s-1vcpu-1gb-sfo3-01 stores data you need to recover, please follow our recovery checklist on https://www.digitalocean.com/docs/droplets/resources/recovery-iso/ before destroying this Droplet and starting over.
Path 3 - If you are confident in your technical ability and want to troubleshoot, identify, and triage the problem on your own, we do have a resource available at https://www.digitalocean.com/docs/droplets/resources/ddos/ that includes some suggestions.
Let us know once you have completed your resolution path and we will provide any applicable follow-up.
Best,
Security Operations Center
DigitalOcean
ref:_00Df218t5m._5004P1knH6w:ref
百度翻译如下:
你好
我们写信给您是想让您知道,您的液滴debian-s-1vcpu-1gb-sfo3-01位于143.198。68.185在导致10.5 Gbps分布式拒绝服务攻击1.3 Gbps后已断开与网络的连接。来自您的液滴的网络流量与来自针对特定受害者的其他液滴的恶意流量模式相匹配。我们理解这可能会对您的工作造成多大的破坏;然而,我们必须断开你的液滴,以减少进一步的伤害。
您的解决途径将受到您如何使用debian-s-1vcpu-1gb-sfo3-01、您的技术专长和/或您的调查时间的影响。
路径1-如果debian-s-1vcpu-1gb-sfo3-01未收集或包含任何需要保存的数据,我们建议销毁此液滴并重新开始。这是恢复和运行的最直接的方法。请注意,即使在网络断开连接的状态下,您仍将为您的液滴使用付费。
路径2-如果debian-s-1vcpu-1gb-sfo3-01存储了需要恢复的数据,请按照https://www.digitalocean.com/docs/droplets/resources/recovery-iso/在摧毁这个水滴并重新开始之前。
路径3-如果您对自己的技术能力有信心,并希望自己解决、识别和分类问题,我们在https://www.digitalocean.com/docs/droplets/resources/ddos/这包括一些建议。
一旦您完成解决方案,请告知我们,我们将提供任何适用的后续行动。
最好的
安全行动中心
数字海洋
参考号:00Df218t5m_5004P1knH6w:参考 |
|