Заблокировали сервер

Последняя активность
Файлы топика
530
.
Rakovskiy
30 янв 2015 г., 8:52
The Fast, Secure and Professional - Yii2
Приходит мне такое письмо.


Здравствуйте!
Вынуждены заблокировать ваш VDS сервер так как он взломан и создает большую нагрузку.
root 25372 0.0 0.1 432800 616 ? Ssl 08:57 0:20 /etc/sjfedjr
root 26177 0.1 0.1 431776 616 ? Ssl 08:58 0:53 /etc/sjfedjr
root 10097 5.4 0.2 6895264 1092 ? Ssl 11:13 23:54 /tmp/.sshdd1422515602
root 24271 0.0 0.0 82900 504 ? Ss 13:00 0:00 /tmp/.sshhdd1422522019
root 24287 0.0 0.0 82900 504 ? S 13:00 0:00 \_ /tmp/.sshhdd1422522019
root 24289 0.0 0.0 82900 504 ? S 13:00 0:05 \_ /tmp/.sshhdd1422522019
root 24290 0.0 0.0 82900 504 ? S 13:00 0:00 \_ /tmp/.sshhdd1422522019
root 24291 0.0 0.0 82900 504 ? S 13:00 0:03 \_ /tmp/.sshhdd1422522019
root 24516 0.0 0.0 0 0 ? Z 18:11 0:00 | \_ [sh]
root 22197 0.0 0.2 9200 1188 ? S 18:33 0:00 | \_ sh -c top -bn 1 | grep Cpu | cut -d "," -f 1 | cut -d ":" -f 2
root 22198 0.0 0.2 14892 1116 ? S 18:33 0:00 | \_ top -bn 1
root 22199 0.0 0.1 6380 676 ? S 18:33 0:00 | \_ grep Cpu
root 22200 0.0 0.1 4092 536 ? S 18:33 0:00 | \_ cut -d , -f 1
root 22201 0.0 0.1 4092 540 ? S 18:33 0:00 | \_ cut -d : -f 2
root 24647 0.0 0.0 82900 504 ? S 18:11 0:00 \_ /tmp/.sshhdd1422522019

Мы рекомендуем проверить сервер на вирусы. У Вас на сервере установлен антивирус ClamAV, можете с помощью него по ssh проверить ваш сервер (документация по запуску антивирусной проверки доступна в сети).


Далее

Указанные выше процессы, генерируют сетевой трафик для атаки на сторонние ресурсы.


Пока разблокировали, но хотелось бы разобраться в чём проблема
.
Rakovskiy
30 янв 2015 г., 9:05
The Fast, Secure and Professional - Yii2
Сканирую антивирусом, такая хрень

LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
WARNING: Can't open file /sys/devices/virtual/tty/tty/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4068 bytes @ offset 28, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/console/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4064 bytes @ offset 32, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/ptmx/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty0/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty1/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty2/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty3/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty4/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty5/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty6/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty7/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty8/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty9/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4067 bytes @ offset 29, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty10/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4065 bytes @ offset 31, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty11/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4065 bytes @ offset 31, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/tty/tty12/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4065 bytes @ offset 31, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/mem/null/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4054 bytes @ offset 42, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/mem/zero/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4054 bytes @ offset 42, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/mem/full/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4054 bytes @ offset 42, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/mem/random/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4052 bytes @ offset 44, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
WARNING: Can't open file /sys/devices/virtual/mem/urandom/ve_device_add: Permission denied
LibClamAV Warning: fmap_readpage: pread fail: asked for 4051 bytes @ offset 45, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4073 bytes @ offset 23, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4078 bytes @ offset 18, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4078 bytes @ offset 18, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4088 bytes @ offset 8, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4090 bytes @ offset 6, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4092 bytes @ offset 4, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4090 bytes @ offset 6, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4090 bytes @ offset 6, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4088 bytes @ offset 8, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4088 bytes @ offset 8, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4082 bytes @ offset 14, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4082 bytes @ offset 14, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4069 bytes @ offset 27, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4090 bytes @ offset 6, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4088 bytes @ offset 8, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4091 bytes @ offset 5, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4088 bytes @ offset 8, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4086 bytes @ offset 10, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4086 bytes @ offset 10, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4084 bytes @ offset 12, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4093 bytes @ offset 3, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4095 bytes @ offset 1, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4082 bytes @ offset 14, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4082 bytes @ offset 14, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4094 bytes @ offset 2, got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4093 bytes @ offset 3, got 0
.
Rakovskiy
30 янв 2015 г., 9:46
The Fast, Secure and Professional - Yii2
Дополнение к сканированию

----------- SCAN SUMMARY -----------
Known viruses: 3055518
Engine version: 0.97.8
Scanned directories: 6535
Scanned files: 140481
Infected files: 0
Total errors: 170
Data scanned: 1391.15 MB
Data read: 1236.39 MB (ratio 1.13:1)
Time: 233.450 sec (3 m 53 s)


Вирусов нет
.
Swank
30 янв 2015 г., 9:55
Изменено
Сексуальность валенка
Rakovskiy, То что доступ заприщен это норм, виртуалка же, ты не имеешь доступ к некоторым файлам оборудования(там один файл на всех)
.
blackvj
30 янв 2015 г., 14:51
Rakovskiy, Это что eurobyte.ru что ли?
.
Rakovskiy
30 янв 2015 г., 17:19
The Fast, Secure and Professional - Yii2
blackvj, Да
.
blackvj
31 янв 2015 г., 9:48
Rakovskiy, Хм, повезло тебе однако.
.
Rakovskiy
31 янв 2015 г., 10:03
The Fast, Secure and Professional - Yii2
Что это за процессы?
.
blackvj
31 янв 2015 г., 14:24
Rakovskiy, Если сайт до сих пор заблокирован.
Поставь чистый Джон, должно всё норм быть, разве что в твоём сайте что-то там сидит.
Не может быть чтобы ты взял VPS и сразуже блок по такому критерию получил.

В SSH открой процессы командой top и посмотри что грузит, хотя если из вне, нет доступа то нечего ты не сможешь сделать. Проси тех. поддержку пускай заново сервак переустановят.
.
Rakovskiy
31 янв 2015 г., 14:33
The Fast, Secure and Professional - Yii2
# blackvj (31.01.2015 / 14:24)
Rakovskiy, Если сайт до сих пор заблокирован.
Поставь чистый Джон, должно всё норм быть, разве что в твоём сайте что-то там сидит.
Не может быть чтобы ты взял VPS и сразуже блок по такому критерию
Сайт сразу разблокировали, стоит PhpBB 3.

Вот дня 2 уже всё нормально.
Всего: 18
© 2024, JohnCMS