请教一下,aws滥用报告看不懂,不知道该怎么回复,谢谢

[复制链接]
查看: 7515   回复: 4
发表于 2024-2-22 16:56:56 | 显示全部楼层 |阅读模式
This is a notification of unauthorized use of systems or networks.

The log of TCP port scans is included below for your reference
(time zone is UTC). To prevent this mail from getting too big in size,
at most 5 attempts from each attacker IP are included.

If you regularly collect IP traffic information of your network, you will see
the IPs listed connected to various TCP ports of my server at the time logged,
and I suspect that they also connected to TCP ports of many other IPs.

If a Linux system was at the attacker's IP, you might want to use the
command "netstat -ntp" to list its active network connections. If there
is still some suspicious connection, find out what PID/program/user ID they
belong to. You might find something to help you solve this problem.

Please notify the victims (owners of those botnet computers) so that they
can take appropriate action to clean their computers, before even
more severe incidents, like data leakage, DDoS, and the rumored NSA spying
through hijacked botnets, arise. This also helps prevent botnets from
taking up your network bandwidth.

(time in UTC)=2022-02-28T19:54:14 (attacker's IP)=35.72.5.xxx (IP being scanned)=185^106^122^18 (TCP port being scanned)=9852
(time in UTC)=2022-02-28T19:57:13 (attacker's IP)=35.72.5.xxx(IP being scanned)=66^23^246^124 (TCP port being scanned)=9890
(time in UTC)=2022-02-28T19:59:28 (attacker's IP)=35.72.5.xxx (IP being scanned)=91^203^192^19 (TCP port being scanned)=2363
(time in UTC)=2022-02-28T20:00:03 (attacker's IP)=35.72.5.xxx(IP being scanned)=45^15^179^90 (TCP port being scanned)=4640
(time in UTC)=2022-02-28T22:24:50 (attacker's IP)=35.72.5.xxx (IP being scanned)=185^178^44^132 (TCP port being scanned)=5605
>>>
回复

使用道具 举报

发表于 2024-2-22 16:57:09 | 显示全部楼层
就说被黑了,已重装系统解决
回复 支持 反对

使用道具 举报

 楼主| 发表于 2024-2-22 16:58:05 | 显示全部楼层
f*ck you aws
给你个模板请教一下,aws滥用报告看不懂,不知道该怎么回复,谢谢

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复 支持 反对

使用道具 举报

 楼主| 发表于 2024-2-22 16:58:53 | 显示全部楼层
楼主您好,

好像是说 35.72.5.xxx 这个IP的机子扫了 185^106^122^18 等等IP的 9852 等等端口。

如果您是使用着 35.72.5.xxx 这个IP,建议查找一下是否有异常的网络连接或进程。如有,清除异常的进程、观察后不会再发生,将处理结果告诉aws。

如果实在找不到,可能如2楼说的,备份个人的重要数据后,重装一次系统后再回复aws。
回复 支持 反对

使用道具 举报

 楼主| 发表于 2024-2-22 16:59:00 | 显示全部楼层
谢谢
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则