OVH Anti-hack
Если ваш сервер взломали и начали ддосить или слать спам то приходит сообщение на почту:
Статус сервера в панели:
Сам сервер переводится в 'Rescue' mode с какого можно скачать данные какие на нем были:
UPD. Если будет такое два и больше раз. То сервер переходит в статус: hackedBlocked.
Ни сброс, ни реинстал не работает. Пишет This function is not allowed for your server.
Dear Customer,
You server has been placed in 'rescue' mode in order to prevent further problems.
You can find a guide to help you complete the maintenance steps needed
at the following address:
help.ovh.ie/RescueMode/
Please do not hesitate to contact our technical support so that this
situation does not become critical.
You can find the logs brought up by our system below which led to this alert.
— START OF ADDITIONAL INFORMATION — Attack detail: 6K scans
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2016.11.14 18:28:54 CET 91.121.65.150:55048 86.105.212.56:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:42968 86.105.212.74:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:42656 86.105.212.77:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:49626 86.105.212.78:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:57600 86.105.212.81:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:35504 86.105.212.80:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:50282 86.105.212.90:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:33354 86.105.212.87:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:40566 86.105.212.86:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:40874 86.105.212.106:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:45714 86.105.212.91:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:56428 86.105.212.92:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:37272 86.105.212.96:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:40532 86.105.212.114:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:39064 86.105.212.85:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:55410 86.105.212.89:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:41028 86.105.212.126:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:41496 86.105.212.121:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:34572 86.105.212.133:3389 TCP SYN 60 SCAN:SYN
2016.11.14 18:28:54 CET 91.121.65.150:46930 86.105.212.145:3389 TCP SYN 60 SCAN:SYN
— END OF ADDITIONAL INFORMATION -
Статус сервера в панели:
Сам сервер переводится в 'Rescue' mode с какого можно скачать данные какие на нем были:
Dear Customer,
Your server has been started in 'Rescue' mode. This has either been requested by you in the OVH manager or a technician has had to do this because of an error that needs to be resolved in Rescue mode.
This mode means that a basic Linux/BSD system has been launched on your server through the network. This is not the system installed on your server and none of your disks have been mounted.
UPD. Если будет такое два и больше раз. То сервер переходит в статус: hackedBlocked.
Ни сброс, ни реинстал не работает. Пишет This function is not allowed for your server.
0 комментариев