Ver Mensaje Individual
  #1 (permalink)  
Antiguo 04/07/2012, 14:33
piojoso
 
Fecha de Ingreso: enero-2006
Mensajes: 199
Antigüedad: 18 años, 10 meses
Puntos: 5
datacenter bloque ip vps shh

Hola que tal hace poco recibi un ataque hack de todo mi VPS y por seguridad bloquearon mi IP me dijieron que intente desbloquearlo desde consola ssh pero no tengo idea como hacerlo espero que alguien me pueda dar una mano les dejo los logs.

Saludos.

-----------------------------

Cita:
hola

tu server aparentemente ha sido hackeado y el datacenter ha bloqueado la ip, para resolverlo tienes que entrar por consola y repararlo. podemos agregar otra ip para que te ande por ssh.


Register Court: Registergericht Ansbach, HRB 3204
Management Board: Dipl. Ing. (FH) Martin Hetzner
Chairwoman of the Supervisory Board: Diana Rothhan

----- attachment -----

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sat, 30 Jun 2012 08:27:57 +0200
Received: from [212.227.137.126] (helo=mout-eu2.dedicatemail.com)
by lms.your-server.de with esmtp (Exim 4.74)
(envelope-from <[email protected]>)
id 1Skr9x-0000z6-92
for [email protected]; Sat, 30 Jun 2012 08:27:57 +0200
Received: from mout-eu2.dedicatemail.com (localhost.localdomain [127.0.0.1])
by mout-eu2.dedicatemail.com (Postfix) with ESMTP id 165FB27F
for <[email protected]>; Sat, 30 Jun 2012 08:27:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=dedicatemail.com; h=date
:to:from:reply-to:subject:message-id:mime-version:content-type;
s=mout; bh=BgFCW2jWIcGwvHOEQEzgJbeE/Qs=; b=1pdCy/5lgsxonsDik2jh
LliPTIIRxktTGhjRuS0CqgOOlOMlyOI04/8qqYByOpFAS4/W0izSgumMuohtvDdM
e/vxa5SmOeWdQ8mh5QU3/6kxzXtJ4FE35zptIVrVm5AOQ1uqFx6LwSlIZtu4/CBH
lwms0OShWPt2F/pqtKndPV0=
Received: from mx01.dedicatemail.com (mail-in.dedicatemail.com [87.106.148.128])
by mout-eu2.dedicatemail.com (Postfix) with ESMTP id 1052626E
for <[email protected]>; Sat, 30 Jun 2012 08:27:49 +0200 (CEST)
Received: from abuse-help.dedicateservices.com (abuse-help.dedicateservices.com [212.227.136.64])
by mx01.dedicatemail.com (Postfix) with ESMTP id EB27D4D2C
for <[email protected]>; Sat, 30 Jun 2012 08:27:48 +0200 (CEST)
Date: Sat, 30 Jun 2012 08:27:48 +0200
To: [email protected]
From: cyscon GmbH - SIRT <[email protected]>
Reply-to: [email protected]
Subject: [SIRT#0000478074] Malicious content (CYSC.HTML.DEF-8) hosted on 178.63.204.168 within your network!
Message-ID: <[email protected] omain>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
Auto-Submitted: auto-generated
X-ARF: YES
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_58f564b796a525540f33a1855965d94d"
X-Virus-Scanned: Clear (ClamAV 0.97.3/15101/Fri Jun 29 23:10:28 2012)
X-Spam-Score: 0.6 (/)
Delivered-To: [email protected]


--b1_58f564b796a525540f33a1855965d94d
Content-Type: text/plain; charset = "utf-8"
Content-Transfer-Encoding: quoted-printable

TO WHOM IT MAY CONCERN:

The security experts of cyscon GmbH like to ask you to remove/review the =
below mentioned file from/on your servers. At least one of our scanners d=
etect it, and we consider it as malicious:=20

################################################## ######################
# begin logs

IP: 178.63.204.168
URL: http://reydecopas.com
Port: 80
Tested on: Sat, 30 Jun 2012 08:27:38 +0200
Result: CYSC.HTML.DEF-8=20

# end logs
################################################## ######################