flyzy博客
昨晚5毛机失联,登录到官网发现被ban了,发邮件给客服申请解封,客服说被黑了,并发了如下的证据。这台小鸡就装了wulabing一键脚本和bbr,用处很单一,也很少上去,ssh也改成其他端口了,密码还是带字母的,防火墙没做全部端口封禁,因为我发现只开几个端口,一键脚本就不能通了。求大佬分析原因,教教预防法子,我学学后面怎么预防。
This is an RBL nomination for the following lists of IP addresses that are
in the process of being listed to the RBL as a spam source and/or is an
originating spam source in progress.
— IPs listed to the RBL —
195.133.1XX.xxx(我的IP)
— End of IPs listed to the RBL —
Please refer to below information for representative spam samples.
Additional samples are available upon request from an authoritative
requestor.
Filename: CZ-RELCOM-19970415.zip
Password: novirus
— Example of spam mail —
Spam Sample #1 – [195.133.1XX.XXX]
X-TM-CATCHER-MAIL-ID: 12903933150033632555
X-TM-CATCHER-RECV-TIME: 1614500530
X-TM-CATCHER-SENDER-IPV4: 195.133.XXX
X-TM-CATCHER-SENDER-PORT: 48698
X-TM-CATCHER-SMTP-COMMAND: HELO 44.225.9.243
X-TM-CATCHER-SMTP-COMMAND: MAIL FROM:
X-TM-CATCHER-SMTP-COMMAND: RCPT TO:<>
X-TM-CATCHER-SMTP-COMMAND: DATA
Received: from 92.175.140.64 (EHLO nnfwdnsl.com) (164.80.248.118)
by mta444.mail.bbt.yahoo.co.jp with SMTP; Sun, 28 Feb 2021 03:22:10 -0500
From: “rvwbsus@tlwbvhjgabpphhfzcdp.jp”
To:
Subject:
=?ISO-2022-JP?B?GyRCPCs9TSRHMUcyaDRVPl4kZCU5JV0hPCVENFFAbyQsJCEbKEI=?=
X-Mailer: The Bat! (v1.52f) Business
MIME-Version: 1.0
Content-Type: text/plain;
charset=”ISO-2022-JP”
Content-Transfer-Encoding: 7bit
X-TM-CATCHER-ENVELOP-FROM-HEADER-FROM-EQUAL: True
山西省网友说:密钥保安全
青海省网友说:是脚本的问题吧开源的吗
贵州省网友说:只允许密钥登录 禁止密码登录
从没出现过问题
