可能重复:
我的服务器被黑了 紧急求助
我正在运行一个带有 postfix 的小型邮件服务器,我在系统日志中看到很多奇怪的东西。截至昨天,我没有收到任何电子邮件。
以下是系统日志中的内容:
Dec 13 15:58:58 owsmail postfix/smtp[31694]: 2C8AD43D84C: to=<[email protected]>,relay=127.0.0.1[127.0.0.1]:10024, conn_use=7, delay=135295, delays=124387/10904/0/4.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31936-01-7, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 214F43DF3E2)
Dec 13 15:58:58 owsmail postfix/qmgr[17562]: 2C8AD43D84C: removed
Dec 13 15:58:58 owsmail postfix/qmgr[17562]: B85104CD96: from=<[email protected]>, size=718, nrcpt=1 (queue active)
Dec 13 15:58:59 owsmail postfix/pickup[31129]: 80F0043D84C: uid=33 from=<[email protected]>
Dec 13 15:58:59 owsmail postfix/cleanup[31691]: 80F0043D84C: message-id=<[email protected]>
Dec 13 15:59:00 owsmail postfix/smtpd[17594]: 49BC53DF3E3: client=localhost[127.0.0.1]
Dec 13 15:59:00 owsmail postfix/cleanup[31929]: 49BC53DF3E3: message-id=<[email protected]>
Dec 13 15:59:00 owsmail amavis[31910]: (31910-01-15) Passed BAD-HEADER, <[email protected]> -> <[email protected]>,<"name:info"@pastacaponi.it>, quarantine: v/badh-vQ+c4YuSXNcy, Message-ID: <[email protected]>, mail_id: vQ+c4YuSXNcy, Hits: -1.857, size: 758, queued_as: 49BC53DF3E3, 5277 ms
Dec 13 15:59:00 owsmail postfix/smtp[31958]: 5F728BC1C0: to=<[email protected]>, orig_to=<Account>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=15, delay=83825, delays=72915/10905/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49BC53DF3E3)
Dec 13 15:59:00 owsmail postfix/smtp[31958]: 5F728BC1C0: to=<name:[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=15, delay=83825, delays=72915/10905/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-15, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49BC53DF3E3)
Dec 13 15:59:00 owsmail postfix/qmgr[17562]: 5F728BC1C0: removed
Dec 13 15:59:00 owsmail postfix/qmgr[17562]: 77BC93DE037: from=<[email protected]>, size=720, nrcpt=1 (queue active)
Dec 13 15:59:00 owsmail postfix/pickup[31129]: 724E53DF3E6: uid=33 from=<[email protected]>
Dec 13 15:59:00 owsmail postfix/cleanup[31691]: 724E53DF3E6: message-id=<[email protected]>
Dec 13 15:59:01 owsmail postfix/pickup[31129]: 32AE83DF3EE: uid=33 from=<[email protected]>
Dec 13 15:59:01 owsmail postfix/cleanup[31929]: 32AE83DF3EE: message-id=<[email protected]>
Dec 13 15:59:01 owsmail postfix/pickup[31990]: EE78F3DF400: uid=33 from=<[email protected]>
Dec 13 15:59:01 owsmail postfix/cleanup[31691]: EE78F3DF400: message-id=<[email protected]>
Dec 13 15:59:02 owsmail postfix/smtpd[17653]: 41F7C3DF407: client=localhost[127.0.0.1]
Dec 13 15:59:02 owsmail postfix/cleanup[31929]: 41F7C3DF407: message-id=<[email protected]>
Dec 13 15:59:02 owsmail amavis[31936]: (31936-01-8) Passed BAD-HEADER, <[email protected]> -> <[email protected]>, quarantine: 0/badh-0VLOlgtJ2atk, Message-ID: <[email protected]>, mail_id: 0VLOlgtJ2atk, Hits: -1.565, size: 779, queued_as: 41F7C3DF407, 4110 ms
Dec 13 15:59:02 owsmail postfix/smtp[31694]: 63CC73DE0EF: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=8, delay=130985, delays=120072/10908/0/4.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31936-01-8, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 41F7C3DF407)
Dec 13 15:59:02 owsmail postfix/qmgr[17562]: 63CC73DE0EF: removed
Dec 13 15:59:02 owsmail postfix/qmgr[17562]: CADFEFAC22: from=<[email protected]>, size=711, nrcpt=1 (queue active)
Dec 13 15:59:02 owsmail postfix/pickup[31990]: B14C43DE0EF: uid=33 from=<[email protected]>
Dec 13 15:59:02 owsmail postfix/cleanup[31691]: B14C43DE0EF: message-id=<[email protected]>
Dec 13 15:59:05 owsmail postfix/smtpd[17594]: 961D83DF40A: client=localhost[127.0.0.1]
Dec 13 15:59:05 owsmail postfix/cleanup[31929]: 961D83DF40A: message-id=<[email protected]>
Dec 13 15:59:05 owsmail amavis[31910]: (31910-01-16) Passed BAD-HEADER, <[email protected]> -> <[email protected]>, quarantine: H/badh-HP17kVKEJeWc, Message-ID: <[email protected]>, mail_id: HP17kVKEJeWc, Hits: -1.681, size: 739, queued_as: 961D83DF40A, 5257 ms
Dec 13 15:59:05 owsmail postfix/smtp[31958]: 77BD543C89F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=16, delay=130906, delays=119990/10911/0/5.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=31910-01-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 961D83DF40A)
Dec 13 15:59:05 owsmail postfix/qmgr[17562]: 77BD543C89F: removed
Dec 13 15:59:05 owsmail postfix/qmgr[17562]: 7CB3F4DF36: from=<[email protected]>, size=624, nrcpt=1 (queue active)
我不知道是否有人试图入侵我的服务器。如上所述,我无法再接收或发送电子邮件。
另外:我尝试在 mxtoolbox 中运行测试,现在我得到了这个:
smtp:190.80.159.7
Timeout occurred due to inactivity.
请告诉我在哪里可以找到信息以及如何解决这个问题...
提前感谢您的帮助。
答案1
没有人试图攻击你。他们已经这样做了,而且成功了。
关闭服务器现在. 调查并认真遵循以下建议:我该如何处理受到感染的服务器?