服务器被黑，不知道什么原因

May 25, 2008 No comments

服务器被黑，不知道什么原因

运行在 Slicehost 的服务器被黑了，完全不知道怎么进入系统的，我觉得不太可能是通过 Django 做的网站进来的。昨天重新创建系统，没几分钟的时间检查 auth.log 发现又被进入了。通过 whois 79.117.133.110 看到的结果很有意思，这个 IP 已经被多次指责从事入侵，垃圾信息发布等违法行为了。

inetnum:        79.112.0.0 - 79.119.255.255
netname:        RO-RDS-20070529
org:            ORG-RA18-RIPE
descr:          RCS & RDS SA
country:        RO
admin-c:        CN19-RIPE
tech-c:         RDS-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      AS8708-MNT
mnt-routes:     AS8708-MNT
source:         RIPE # Filtered

organisation:   ORG-RA18-RIPE
org-name:       RCS & RDS SA
org-type:       LIR
address:        Romania Data Systems SA
                Ciprian Nica
                Forum 2000 Building
                71-75 Dr. Staicovici
                050557 Bucharest
                Romania
phone:          +40 21 301 0850
phone:          +40 31 400 4243
fax-no:         +40 31 400 4207
admin-c:        CN19-RIPE
mnt-ref:        AS8708-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered

role:           Romania Data Systems NOC
address:        71-75 Dr. Staicovici
address:        Bucharest / ROMANIA
phone:          +40 21 30 10 888
fax-no:         +40 21 30 10 892
abuse-mailbox:  abuse@rcs-rds.ro
admin-c:        CN19-RIPE
admin-c:        GEPU1-RIPE
tech-c:         CN19-RIPE
tech-c:         GEPU1-RIPE
nic-hdl:        RDS-RIPE
mnt-by:         AS8708-MNT
remarks:        +--------------------------------------------------------------+
remarks:        |    ABUSE CONTACT: abuse@rcs-rds.ro IN CASE OF HACK ATTACKS,  |
remarks:        |    ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
remarks:        | !! PLEASE DO NOT CONTACT OTHER PERSONS FOR THESE PROBLEMS !! |
remarks:        +--------------------------------------------------------------+
source:         RIPE # Filtered

person:         Ciprian Nica
remarks:        Senior IP Engineer
remarks:        Romania Data Systems
address:        Bucharest, Romania
phone:          + 40 31 400 42 43
abuse-mailbox:  abuse@rcs-rds.ro
remarks:        ------------------------------------------------
remarks:        | Please don't send me any abuse complaints.   |
remarks:        | Use abuse@rcs-rds.ro for that or contact     |
remarks:        | your service provider or local authorities   |
remarks:        | !! DO NOT CALL ME REGARDING ABUSE ISSUES !!  |
remarks:        ------------------------------------------------
nic-hdl:        CN19-RIPE
mnt-by:         NIMACI-MNT
source:         RIPE # Filtered

% Information related to '79.112.0.0/13AS8708'

route:          79.112.0.0/13
descr:          RDSNET
origin:         AS8708
mnt-by:         AS8708-MNT
source:         RIPE # Filtered

You may Leave a comment or Subscribe to Comments RSS or Trackback this entry.

Please be polite and on topic. Your e-mail will never be published.