这是一个创建于 3606 天前的主题,其中的信息可能已经有所发展或是发生改变。
DigitalOcean 貌似是建议我再重新开一个VPS然后把数据转移过去。
请问这样会把病毒带过去吗? 还有其他更好的方案吗?
---------
There has been a response to your ticket:
Hello,
How did you determine to stop these services? These are probably unrelated to this issue. We had noted a UDP flood attacking a remote server.
This likely indicates that your Droplet has been compromised and malicious scripts installed to launch this attack. There are a large variety of ways that your server may have been compromised. Popular methods are password brute force attacks (guessing weak passwords) or attacking applications that are out of date (though many other possibilities exist). We can't say for sure what may have happened in this specific instance, and we do not have access to your server to investigate ourselves.
If you are unable to find and remove all of the malicious software, as well as determine how it was installed and secure against future incidents, you would need to create a new server and migrate your content over, being sure to pay attention to security as you're setting things up. Starting from a fresh installation is the only way to ensure that there is no remaining malware or backdoors installed on your existing system. If necessary, we can place your Droplet into a secure recovery environment where you can access your data to copy it off. First, I would recommend trying to create any backups you need if you can from the console, such as dumping the MySQL databases to a file with mysqldump, as these services will not be running in the rescue mode.
Also, we have a few articles that I'd recommend to review to help you track these issues down, as well as secure against future problems.
https://www.digitalocean.com/community/articles/an-introduction-to-securing-your-linux-vps
https://www.digitalocean.com/community/questions/my-droplet-is-locked-by-support-staff-because-because-of-an-outgoing-flood-or-ddos-what-do-i-do
Let us know if you have any further questions.
DigitalOcean Support
请问这样会把病毒带过去吗? 还有其他更好的方案吗?
---------
There has been a response to your ticket:
Hello,
How did you determine to stop these services? These are probably unrelated to this issue. We had noted a UDP flood attacking a remote server.
This likely indicates that your Droplet has been compromised and malicious scripts installed to launch this attack. There are a large variety of ways that your server may have been compromised. Popular methods are password brute force attacks (guessing weak passwords) or attacking applications that are out of date (though many other possibilities exist). We can't say for sure what may have happened in this specific instance, and we do not have access to your server to investigate ourselves.
If you are unable to find and remove all of the malicious software, as well as determine how it was installed and secure against future incidents, you would need to create a new server and migrate your content over, being sure to pay attention to security as you're setting things up. Starting from a fresh installation is the only way to ensure that there is no remaining malware or backdoors installed on your existing system. If necessary, we can place your Droplet into a secure recovery environment where you can access your data to copy it off. First, I would recommend trying to create any backups you need if you can from the console, such as dumping the MySQL databases to a file with mysqldump, as these services will not be running in the rescue mode.
Also, we have a few articles that I'd recommend to review to help you track these issues down, as well as secure against future problems.
https://www.digitalocean.com/community/articles/an-introduction-to-securing-your-linux-vps
https://www.digitalocean.com/community/questions/my-droplet-is-locked-by-support-staff-because-because-of-an-outgoing-flood-or-ddos-what-do-i-do
Let us know if you have any further questions.
DigitalOcean Support
 |
1
mhycy 2014-12-17 10:51:07 +08:00
改密码...搬数据
仅仅搬自己网站的数据并配好权限是最快捷的做法 |
|
2
mhycy 2014-12-17 10:51:29 +08:00
补充: 建议更换所有密码
|
 |
3
Showfom 2014-12-17 11:29:33 +08:00 via iPhone
对外发包了
|
 |
4
cattyhouse 2014-12-17 12:40:50 +08:00
直接关掉sshd的密码登录,采用rsa key登陆。具体就是:
PasswordAuthentication no PermitEmptyPasswords no |
 |
5
halczy 2014-12-17 12:43:55 +08:00
最好参考这篇文章, PUBLICKEY登录, 安装Fail2ban. 设立好IPTABLES.
https://www.linode.com/docs/security/securing-your-server/ |
 |
6
Navee 2014-12-17 12:49:45 +08:00
我之前也收到过
当时是中了一个木马 改密码,关掉密码登陆 都试了,也无效 最后只能备份数据,然后重装了系统,安装了一个fail2ban 可以参照我当时的解决方案: http://www.coolcode.me/blog/2014/08/65 |
 |
7
SharkIng 2014-12-17 16:33:02 +08:00 via iPad
应该是root权限问题被肉鸡了吧 以前遇到过
|
 |
8
hicdn 2014-12-17 17:39:12 +08:00
对外开 53 端口了吗
|
Select Language