就装了 SS + KCPTUN
刚 unsuspend 不到 2 分钟 连上去什么都没查呢又被封了
这个怎么破?
1
sutra 2016-10-12 19:22:55 +08:00
有安全缺陷吧?然后被人利用了。
|
2
DesignerSkyline 2016-10-12 19:24:39 +08:00 via iPad
自己手动编译安装还是一键脚本,如果是后者那很正常啊
|
3
whx20202 OP @DesignerSkyline 一件脚本,但是那个是 91 云的
在 git 上也有分支,不至于吧 |
4
whx20202 OP @DesignerSkyline 用的 91yun
|
5
loading 2016-10-12 19:34:05 +08:00 via Android
自己不看安装脚本就敢直接跑的都是大神!
|
6
kuretru 2016-10-12 19:54:40 +08:00 via iPhone
用过 91yun 的某速 一键脚本 。安装的时候就发现 比以前官方的安装脚本多装了一个软件 并且该软件具有 100 多个依赖 安装完成后就发现 ss 被用来发垃圾邮件。 随后重装系统 ,在脚本中去除那个软件包后安装一切正常也能正常使用
|
7
emberzhang 2016-10-12 20:07:40 +08:00 via Android
@kuretru 91 那个不是加密的吗,怎么看到内容的
|
8
kuretru 2016-10-12 20:10:57 +08:00 1
@emberzhang https://github.com/91yun/serverspeeder/blob/master/serverspeeder-all.sh
49 行 yum install -y redhat-lsb curl net-tools redhat-lsb 那个包 |
11
a342191555 2016-10-12 20:36:55 +08:00
检查一下是不是你本机的客户端开了允许局域网连接,然后本地代理端口又是常见的类似 1080 一类,同时本地机器直接暴露在公网上的。这就导致你直接向公网开放了一个 SOCKS 代理…
|
12
whx20202 OP @a342191555 也有可能 不过我一般监听都是 127.0.0.1 开在外网的都设置密码了
|
13
Trim21 2016-10-12 22:11:11 +08:00
我见到之前有一个类似的事情,是本地中毒了,一检测到代理就通过那个端口发邮件
|
14
a342191555 2016-10-12 22:15:45 +08:00 1
@whx20202 我当时也碰到了,当时我的做法大概是这样的:
1 、在 VPS 的路由表上丢弃所有发送到 25 等端口的包(这个 VPS 不做发件服务器用) 2 、服务端跑在前台,检查是从哪个 IP 地址尝试往外发送垃圾邮件的 3 、(查到是我本地电脑外发时候)在本地电脑上用 wireshark 抓 tcp.port==1080 的包,对比找到元凶 |
15
Vicer 2016-10-12 22:19:59 +08:00 via Android
|
18
zrj766 2016-10-12 23:59:02 +08:00 via Android
一直在用 91 的没发现有啥问题。
|
19
whx20202 OP Hello,
Please note that all our services are self-managed. While we invest heavily into making sure all our equipment and networks are kept in the best possible shape, we do not manage or offer support for customer's applications. In other words, we do not assist with installing and configuring applications, troubleshooting, recovering from backups, etc. - these are the sole responsibility of the Customer. I can confirm that currently we are not experiencing any service interruptions; all our equipment and network are functioning normally. Having said that, here is a way to investigate this issue: 1. Download a full snapshot of your suspended VPS by using KiwiVM. We recommend using a linux machine to download and open the snapshot. Snapshot can be downloaded with wget (download button is actually a link that you can copy+paste into console). 2. Unpack the snapshot into a local directory (tar -zxf <SNAPSHOT_FILENAME>) 3. Navigate to /var/log folder 4. Open shadowsocks.log with a text viewer. In shadowsocks.log you will see all connections going through shadowsocks. From this log you will see that your home IP address is most likely the source of abuse through Shadowsocks. Most common causes of the problem: 1) Virus or trojan on your home PC 2) A modified (infected) shadowsocks client is being used 3) Someone on your network has access to your PC or wifi router and is able to send spam Solutions: 1) Scan your PC for viruses 2) Download a shadowsocks distribution from a reliable source, for example, from KiwiVM's Shadowsocks page 3) Make sure you do not allow anyone else on your home network to connect/hack into your PC Hope this helps. Daniel Clay Bandwagon Host / IT7 Networks *** Tip of the day *** Diagnose network-related issues at http://ping.pe/ ---------------------------------------------- Ticket ID: #119573 Subject: VPS suspended due to spam Status: Answered Ticket URL: https://bandwagonhost.com/viewticket.php?tid=119573&c=xSOO7qws |
20
whx20202 OP 我日 客服说是我的 SS 出了问题 还是客户端
|
21
whx20202 OP 仔细想了下 我是远程 VPS 挂 ss 8838 端口
kcptun 转发到国内机器的 12948 端口(这个端口肯定是开放在外网的 但是 ss 本身有强密码) 国内主机: 本地开启 ss 绑定 127.0.0.1 1080 然后本地起 polipo 讲本地 1080 转成 http 代理 (有 auth ) 目前还不知道哪一步出错了 |
22
whx20202 OP 2016-10-12 05:14:48 INFO connecting image2.pubmatic.com:80 from
2016-10-12 05:14:30 INFO connecting track1.aniview.com:443 from 2016-10-12 05:14:30 INFO connecting search.spotxchange.com:80 2016-10-12 05:14:30 INFO connecting tags.mathtag.com:443 from 2016-10-12 05:14:30 INFO connecting pixel.mathtag.com:443 from 2016-10-12 05:14:30 INFO connecting pixel.mathtag.com:443 from 2016-10-12 05:14:30 INFO connecting ad.crwdcntrl.net:443 from 2016-10-12 05:14:30 INFO connecting px.moatads.com:443 from 2016-10-12 05:14:30 INFO connecting vast.bp3846283.btrll.com:80 fr 2016-10-12 05:14:30 INFO connecting vast.bp3866562.btrll.com:80 f 2016-10-12 05:14:31 INFO connecting www.facebook.com:443 fro9 2016-10-12 05:14:34 INFO connecting search.spotxchange.com:80 f 2016-10-12 05:14:38 INFO connecting search.spotxchange.com:80 2016-10-12 05:14:38 INFO connecting bcp.crwdcntrl.net:443 from 2016-10-12 05:14:40 INFO connecting ad.doubleclick.net:443 from |
23
ipchy 2016-10-17 20:07:52 +08:00 1
@kuretru yum install -y redhat-lsb curl net-tools 我不知道 91 的脚本有问题没有,但是即使有问题也不会是这个问题,这个命令首先安装的是 lsb 套件,不懂的话移步 https://www.ibm.com/developerworks/cn/linux/l-lsb-intr/,其次是 curl 和 net-tools 都是网络工具 linux 系统的基本工具,任何 linux 系统管理员都会经常使用这两个软件,所以,归根到底,发送邮件是因为未设置防火墙,共享 ss 的时候通过邮件协议发送垃圾邮件而已,如果想避免,请 google ss 禁止邮件 关键词
|