在未暴露IP的情况下,刚刚收到了来自DigitalOcean的邮件,说是被DDOS攻击了,一脸黑人问号??? 我这是躺枪了?
邮件原文:
Hi,
We are writing to let you know that your Droplet debian-s-1vcpu-1gb-sfo3-01 at 143.198.68.185 has been disconnected from the network after it contributed 1.3 Gbps to a 10.5 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.
Your path to resolution will be influenced by how you use debian-s-1vcpu-1gb-sfo3-01, your technical expertise, and/or your time available for investigation.
Path 1 – If debian-s-1vcpu-1gb-sfo3-01 does not collect or contain any data you need to preserve, we suggest destroying this Droplet and starting over. This is the most straightforward way to get back up and running. Please note, you will still be billed for your Droplet usage, even in a network disconnected state.
Path 2 – If debian-s-1vcpu-1gb-sfo3-01 stores data you need to recover, please follow our recovery checklist on https://www.digitalocean.com/docs/droplets/resources/recovery-iso/ before destroying this Droplet and starting over.
Path 3 – If you are confident in your technical ability and want to troubleshoot, identify, and triage the problem on your own, we do have a resource available at https://www.digitalocean.com/docs/droplets/resources/ddos/ that includes some suggestions.
Let us know once you have completed your resolution path and we will provide any applicable follow-up.
Best,
Security Operations Center
DigitalOcean
ref:_00Df218t5m._5004P1knH6w:ref
百度翻译如下:
你好
我们写信给您是想让您知道,您的液滴debian-s-1vcpu-1gb-sfo3-01位于143.198。68.185在导致10.5 Gbps分布式拒绝服务攻击1.3 Gbps后已断开与网络的连接。来自您的液滴的网络流量与来自针对特定受害者的其他液滴的恶意流量模式相匹配。我们理解这可能会对您的工作造成多大的破坏;然而,我们必须断开你的液滴,以减少进一步的伤害。
您的解决途径将受到您如何使用debian-s-1vcpu-1gb-sfo3-01、您的技术专长和/或您的调查时间的影响。
路径1-如果debian-s-1vcpu-1gb-sfo3-01未收集或包含任何需要保存的数据,我们建议销毁此液滴并重新开始。这是恢复和运行的最直接的方法。请注意,即使在网络断开连接的状态下,您仍将为您的液滴使用付费。
路径2-如果debian-s-1vcpu-1gb-sfo3-01存储了需要恢复的数据,请按照https://www.digitalocean.com/docs/droplets/resources/recovery-iso/在摧毁这个水滴并重新开始之前。
路径3-如果您对自己的技术能力有信心,并希望自己解决、识别和分类问题,我们在https://www.digitalocean.com/docs/droplets/resources/ddos/这包括一些建议。
一旦您完成解决方案,请告知我们,我们将提供任何适用的后续行动。
最好的
安全行动中心
数字海洋
参考号:00Df218t5m_5004P1knH6w:参考
河北省网友说:难道就因为我用了 abc123456 密码? 哦 NO
辽宁省网友说:不太清楚。工单问问吧
四川省网友说:这有啥奇怪的 这就叫躺枪
吉林省网友说:这tm躺着也挨枪子?
海南省网友说:不用问,现在也大概知道啥意思了。。。
湖北省网友说:do这点挺好的
不宣传有防御,被打只发邮件提醒你,但是不停机
之前被打一星期,天天发邮件也没停机
大厂风范啊
海南省网友说:没看懂吗,你这不是被打了,是打别人了
do认为你的出流量符合某种ddos的模式(pattern)所以给你断了
广东省网友说:这台VPS就装了个V2 ,IP也重来未暴露过,怎么就成了攻击者,还是翻译错了。。
湖南省网友说:The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim.
来我给你翻译翻译
从你服务器出来的流量,和其他服务器被攻击的流量,模式很像,因此认为你是攻击者
山西省网友说:这什么情况啊这是。。。。 。
海南省网友说:大概率是被黑了
江西省网友说:难道就因为我用了 abc123456 密码? 哦 NO