一觉醒来 ruvds被封???-全球主机交流-

  • Post author:
  • Post category:hostloc
  • Post comments:0评论
  • Post last modified:九月 1, 2020

被管理员阻止
请联系我们的支持团队。
2020年8月30日,20:36(UTC)
根据公开发售合同附件1第2.3和2.4段,您的服务器因涉嫌违法行为而被封锁。要解除封锁并使其完全正常运行,请联系我们的支持团队。
因为收别人的机子看不到合同,之前卖家告诉我不要用伯力中专,我没用伯力中专呀,就dd了个系统,发了个工单还没回

Effervescence1天前-2楼
我大概在月初就发帖子说过这家封机的问题,最搞笑的是我那台压根就没办法开机而且第一次给我提供所谓的log里面就没有我的IP,在我指明之后又编了个log然后把我IP加到里面去了,但是我要求他们查询我机器的操作log时直接被关闭工单并自此以后就不回复了。

olliver1天前-3楼
赶紧看了看我的吃灰鸡…Blocked by AdministratorPlease contact our support team.28 july 2020, 20:46 (UTC)In accordance with paragraphs 2.3 and 2.4 of Annex 1 to the Public Offer Contract, your server has been blocked on suspicion of illegal actions.To unblock your server and make it fully operational, please contact our support team.

xlouspeng1天前-4楼
是不是被肉鸡或者其他了

楼主 mar1天前-5楼
不知道啊 我醒了就连不上了,昨天还没事 dd系统之后 流量还没偷走

liugogal1天前-6楼
3毛dd windows么真的能用?

楼主 mar1天前-7楼

liugogal 发表于 2020-8-31 09:033毛dd windows么真的能用?

我是5毛dddebian9

爱上程序员1天前-8楼
部署kms被封,请参考https://www.hostloc.com/thread-728694-1-1.htmlsteam游戏免费领

199306181天前-9楼
我三毛的很稳,zsbd

楼主 mar1天前-10楼

爱上程序员 发表于 2020-8-31 09:05部署kms被封,请参考https://www.hostloc.com/thread-728694-1-1.html

我没部署kms ,就一个v2ray,ws TLS

rex8881天前-11楼
估计是dd的锅

js攻城狮1天前-12楼
密码被破解了

楼主 mar1天前-13楼

js攻城狮 发表于 2020-8-31 09:15密码被破解了

密码是谷歌自动生成的

wifitry1天前-14楼
可以删除退余额不?

楼主 mar1天前-15楼

rex888 发表于 2020-8-31 09:13估计是dd的锅

没DD之前一晚上偷跑200G流量关键偷跑时候百兆我没速度了

楼主 mar1天前-16楼

wifitry 发表于 2020-8-31 09:19可以删除退余额不?

等工单回复呢现在没删,删了就没5毛了6毛也买不到

Effervescence1天前-17楼
除非你想提交身份证和护照,不然别想着解封了。直接删**。

楼主 mar1天前-18楼

Effervescence 发表于 2020-8-31 09:28除非你想提交身份证和护照,不然别想着解封了。直接删**。

嗯 先看看什么原因吧,下次好注意!就是不管什么原因怎么解释 都要验证吗?

Effervescence1天前-19楼

mar 发表于 2020-8-31 09:29嗯 先看看什么原因吧,下次好注意!就是不管什么原因怎么解释 都要验证吗? …

进行扫爆行为,然后你让详细提供就是给你一个没头没尾的log,里面有你的IP。

Effervescence1天前-20楼
我大概在月初就发帖子说过这家封机的问题,最搞笑的是我那台压根就没办法开机而且第一次给我提供所谓的log里面就没有我的IP,在我指明之后又编了个log然后把我IP加到里面去了,但是我要求他们查询我机器的操作log时直接被关闭工单并自此以后就不回复了。

楼主 mar1天前-21楼
额 莫非服务器看脸?没dd以前总是偷跑流量的

KuYeHQ1天前-22楼
我还是去改个12位杂密码吧,被吓到了

Erik1天前-23楼
估计是鸡鸡被爆破了?

laogui1天前-24楼

KuYeHQ 发表于 2020-8-31 09:40我还是去改个12位杂密码吧,被吓到了

禁用密码登录

秋上书1天前-25楼
赶紧试了下 我这五毛 还好 还在 这一天天 心惊胆战的

babi1天前-26楼
我的有kms v2 还有伯力中转 屁事没有

楼主 mar1天前-27楼
We detected malicious activity from your IP address and, in accordance withclauses 2.3 and 2.4 of Appendix 1 to the Public Offer Agreement, stopped andblocked your server. Detailed incident logs:Отправитель: "NFOservers . com DDoS notifier" <ddos-response@nfoservers.com>Получатель: abuse@mtw.ruТема: Compromised host used for an attack: 194.87.235.1[~89.3 Mbps]Дата: 27.08.2020 23:33:11 (Europe/Moscow)An IP address (194.87.235.1) under your control appears to have attacked oneofour customers as part of a coordinated DDoS botnet. We manually reviewed thecaptures from this attack and do not believe that your IP address was spoofed,based on the limited number of distinct hosts attacking us, the identicalityofmany attacking IP addresses to ones we’ve seen in the past, and the non-randomdistribution of IP addresses.It is possible that this host is one of the following, from the responses thatothers have sent us:- A compromised router, such as a D-Link that is running with WAN accessenabled;a China Telecom which still allows a default admin username and password; aNetis,with a built-in internet-accessible backdoor([1]http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-le[..];or one running an old AirOS version with a vulnerable and exposedadministrativeinterface- An IPTV device that is vulnerable to compromise (such as HTV), eitherdirectlythrough the default firmware or through a trojan downloaded app- A compromised webhost, such as one running a vulnerable version of Drupal(forinstance, using the vulnerability discussed at[2]https://groups.drupal.org/security/faq-2018-002), WordPress, phpMyAdmin, orzPanel- A compromised DVR, such as a "Hikvision" brand device (ref:[3]http://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulner[..]- A compromised IPMI device, such as one made by Supermicro (possibly becauseituses the default U/P of ADMIN/ADMIN or because its password was found throughanexploit described at[4]http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-ad[..]- A compromised Xerox-branded device- Some other compromised standalone device- A server with an insecure password that was brute-forced, such as throughSSH orRDP- A server running an improperly secured Hadoop installation- A compromised Microsoft DNS server (through the July 2020 criticalvulnerability)The overall botnet attack was Nx10Gbps in size (with traffic from your host aswell as some others) and caused significant packet loss for our clients due toexternal link saturation. It required an emergency null-route operation on ourside to mitigate.Attacks like this are usually made very short, intentionally, so that they arenotas noticeable and slip past certain automatic mitigation systems. From yourside,you would be able to observe the attack as a burst of traffic that likelysaturated the network adapter of the source device for perhaps 30 seconds.Sincethe source device is a member of a botnet that is being used for many attacks,youwill see many other mysterious bursts of outbound traffic, as well.This is example traffic from the IP address, as interpreted by the "tcpdump"utility and captured by our router during the attack. Source and destinationIPaddresses, protocols, and ports are included.Date/timestamps (at the very left) are UTC.2020-08-27 20:31:03.781174 IP (tos 0x28, ttl 54, id 3359, offset 0, flags[DF],proto UDP (17), length 1488) 194.87.235.1.11050 > 31.186.250.x.443: UDP, length 1460 0x0000:4528 05d0 0d1f 4000 3611 6a03 c257 eb5cE(….@.6.j..W.\ 0x0010:1fba fa64 2b2a 01bb 05bc cf3e 494a 4b4c…d+*…..>IJKL 0x0020:4d4e 4f50 5152 5354 5556 5758 595a 5b5cMNOPQRSTUVWXYZ[\ 0x0030:5d5e 5f60 6162 6364 6566 6768 696a 6b6c]^_`abcdefghijkl 0x0040:6d6e 6f70 7172 7374 7576 7778 797a 7b7cmnopqrstuvwxyz{| 0x0050:7d7e }~2020-08-27 20:31:03.782172 IP (tos 0x28, ttl 54, id 3437, offset 0, flags[DF],proto UDP (17), length 1488) 194.87.235.1.11050 > 31.186.250.x.443: UDP, length 1460 0x0000:4528 05d0 0d6d 4000 3611 69b5 c257 eb5cE(…m@.6.i..W.\ 0x0010:1fba fa64 2b2a 01bb 05bc ccaf 5365 6c66…d+*……Self 0x0020:2052 6570 2046 7563 6b69 6e67 204e 6554.Rep.Fucking.NeT 0x0030:6953 2061 6e64 2054 6869 7369 7479 2030iS.and.Thisity.0 0x0040:6e20 5572 2046 7543 6b49 6e47 2046 6f52n.Ur.FuCkInG.FoR 0x0050:6548 eH2020-08-27 20:31:03.810918 IP (tos 0x28, ttl 54, id 3617, offset 0, flags[DF],proto UDP (17), length 1488) 194.87.235.1.11050 > 31.186.250.x.443: UDP, length 1460 0x0000:4528 05d0 0e21 4000 3611 6901 c257 eb5cE(…!@.6.i..W.\ 0x0010:1fba fa64 2b2a 01bb 05bc f32a e29e ba28…d+*…..*…( 0x0020:a1c2 b020 209c ca96 20cd a1c2 b029 e29e………….).. 0x0030:ba28 a1c2 b020 209c ca96 20cd a1c2 b029.(………….) 0x0040:e29e ba28 a1c2 b020 209c ca96 20cd a1c2…(………… 0x0050:b029 .)2020-08-27 20:31:03.842904 IP (tos 0x28, ttl 54, id 3913, offset 0, flags[DF],proto UDP (17), length 1488) 194.87.235.1.11050 > 31.186.250.x.443: UDP, length 1460 0x0000:4528 05d0 0f49 4000 3611 67d9 c257 eb5cE(…I@.6.g..W.\ 0x0010:1fba fa64 2b2a 01bb 05bc f32a e29e ba28…d+*…..*…( 0x0020:a1c2 b020 209c ca96 20cd a1c2 b029 e29e………….).. 0x0030:ba28 a1c2 b020 209c ca96 20cd a1c2 b029.(………….) 0x0040:e29e ba28 a1c2 b020 209c ca96 20cd a1c2…(………… 0x0050:b029 .)2020-08-27 20:31:03.843056 IP (tos 0x28, ttl 54, id 3930, offset 0, flags[DF],proto UDP (17), length 1488) 194.87.235.1.11050 > 31.186.250.x.443: UDP, length 1460 0x0000:4528 05d0 0f5a 4000 3611 67c8 c257 eb5cE(…Z@.6.g..W.\ 0x0010:1fba fa64 2b2a 01bb 05bc ccaf 5365 6c66…d+*……Self 0x0020:2052 6570 2046 7563 6b69 6e67 204e 6554.Rep.Fucking.NeT 0x0030:6953 2061 6e64 2054 6869 7369 7479 2030iS.and.Thisity.0 0x0040:6e20 5572 2046 7543 6b49 6e47 2046 6f52n.Ur.FuCkInG.FoR 0x0050:6548 eH(The final octet of our customer’s IP address is masked in the above outputbecause some automatic parsers become confused when multiple IP addresses areincluded. The value of that octet is "100".)Based on the size, number of samples, and timestamps of received packets fromyourhost in our capture, we estimate that your host was sending 89.3 Mbps ofattacktraffic at the peak of this coordinated attack. The peak of the attack mayhavelasted only a few seconds. (Most traffic graphing systems show numbers thatareaveraged over 30s or 5m, and it may appear to have been less in such a system;but, our estimate is generally accurate as a minimum bound.)-JohnPresidentNFOservers.com(We’re sending out so many of these notices, and seeing so manyauto-responses,that we can’t go through this email inbox effectively. If you have follow-upquestions, please contact us at noc@nfoe.net.)Due to server blocking due to malicious activity, we can resume serving youraccount only after you: Fill in all the fields of personal and contact information Document the specified personal and contact information (attach a scan orphoto of your passport on the pages with your full name and place ofregistration) Agree in detail on the intended purpose of using the server: a completelist of software and a description of what the software will do. Prevent the situation from recurring if malicious activity was due tosoftware on the VPS.Thank!

hxuf1天前-28楼
我之前被封了 也说我部署KMS。但是实际并没有。毛子还不给解释。

楼主 mar1天前-29楼
看这邮件是被DDOS了?因为二手鸡所以被暴露了IP?

楼主 mar1天前-30楼
因为前两天总是无缘无故上传百兆 ,我并没有使用,dd之后就没有这个问题

绿豆1天前-31楼
这家TOS很迷 说不定哪天就封你

olliver1天前-32楼
赶紧看了看我的吃灰鸡…Blocked by AdministratorPlease contact our support team.28 july 2020, 20:46 (UTC)In accordance with paragraphs 2.3 and 2.4 of Annex 1 to the Public Offer Contract, your server has been blocked on suspicion of illegal actions.To unblock your server and make it fully operational, please contact our support team.

wget1天前-33楼
dd系统被爆破了?

楼主 mar1天前-34楼
应该DD系统之前的问题,我买的那天没有DD,但是重装系统了

卤蛋1天前-35楼
赶紧看了眼,还活着

vps理论研究家1天前-36楼
下的赶紧看一下,还在

楼主 mar1天前-37楼
已删机 退到余额

qinghe1871001天前-38楼
我的还在,没有DD系统就搭了个小博客记点日记,一般不瞎搞不会出啥问题把

YukinoCoco1天前-39楼
这闸总服务商就是喜欢疯鸡 草他个死妈 明明啥都没干

发表评论