V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
linfox
V2EX  ›  问与答

我的 DigitalOcean 被 Disable 了,请大家帮忙看下这封信?

  •  
  •   linfox · 2014-12-17 10:34:52 +08:00 · 4662 次点击
    这是一个创建于 3629 天前的主题,其中的信息可能已经有所发展或是发生改变。
    DigitalOcean 貌似是建议我再重新开一个VPS然后把数据转移过去。
    请问这样会把病毒带过去吗? 还有其他更好的方案吗?


    ---------

    There has been a response to your ticket:

    Hello,

    How did you determine to stop these services? These are probably unrelated to this issue. We had noted a UDP flood attacking a remote server.

    This likely indicates that your Droplet has been compromised and malicious scripts installed to launch this attack. There are a large variety of ways that your server may have been compromised. Popular methods are password brute force attacks (guessing weak passwords) or attacking applications that are out of date (though many other possibilities exist). We can't say for sure what may have happened in this specific instance, and we do not have access to your server to investigate ourselves.

    If you are unable to find and remove all of the malicious software, as well as determine how it was installed and secure against future incidents, you would need to create a new server and migrate your content over, being sure to pay attention to security as you're setting things up. Starting from a fresh installation is the only way to ensure that there is no remaining malware or backdoors installed on your existing system. If necessary, we can place your Droplet into a secure recovery environment where you can access your data to copy it off. First, I would recommend trying to create any backups you need if you can from the console, such as dumping the MySQL databases to a file with mysqldump, as these services will not be running in the rescue mode.

    Also, we have a few articles that I'd recommend to review to help you track these issues down, as well as secure against future problems.
    https://www.digitalocean.com/community/articles/an-introduction-to-securing-your-linux-vps
    https://www.digitalocean.com/community/questions/my-droplet-is-locked-by-support-staff-because-because-of-an-outgoing-flood-or-ddos-what-do-i-do

    Let us know if you have any further questions.

    DigitalOcean Support
    8 条回复    2014-12-17 17:39:12 +08:00
    mhycy
        1
    mhycy  
       2014-12-17 10:51:07 +08:00
    改密码...搬数据
    仅仅搬自己网站的数据并配好权限是最快捷的做法
    mhycy
        2
    mhycy  
       2014-12-17 10:51:29 +08:00
    补充: 建议更换所有密码
    Showfom
        3
    Showfom  
       2014-12-17 11:29:33 +08:00 via iPhone
    对外发包了
    cattyhouse
        4
    cattyhouse  
       2014-12-17 12:40:50 +08:00
    直接关掉sshd的密码登录,采用rsa key登陆。具体就是:
    PasswordAuthentication no
    PermitEmptyPasswords no
    halczy
        5
    halczy  
       2014-12-17 12:43:55 +08:00
    最好参考这篇文章, PUBLICKEY登录, 安装Fail2ban. 设立好IPTABLES.

    https://www.linode.com/docs/security/securing-your-server/
    Navee
        6
    Navee  
       2014-12-17 12:49:45 +08:00
    我之前也收到过
    当时是中了一个木马
    改密码,关掉密码登陆 都试了,也无效
    最后只能备份数据,然后重装了系统,安装了一个fail2ban
    可以参照我当时的解决方案: http://www.coolcode.me/blog/2014/08/65
    SharkIng
        7
    SharkIng  
       2014-12-17 16:33:02 +08:00 via iPad
    应该是root权限问题被肉鸡了吧 以前遇到过
    hicdn
        8
    hicdn  
       2014-12-17 17:39:12 +08:00
    对外开 53 端口了吗
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1054 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 23:22 · PVG 07:22 · LAX 15:22 · JFK 18:22
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.