最近我的主机提供商给我发了一封信,说我的服务器受到了某种攻击。我不太懂安全,所以我找了一些教程,用 iptables 关闭了所有未使用的端口。
这是我的 iptables 列表:
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp spt:www
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT tcp -- anywhere anywhere tcp spt:pop3s
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:imaps
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
由于某种原因,攻击停止了,但我无法再发送电子邮件。
-P OUTPUT ACCEPT 有效,但对我来说不是一个选项。
需要尽快帮助。谢谢
答案1
在建立出站邮件连接时ACCEPT,您需要对 进行此操作dpt:smtp。出站邮件连接的源端口是随机的,而不是端口smtp。
但更重要的是,您需要弄清楚是什么导致了攻击,如果您的系统受到了损害,您需要重新安装它以确保入侵者无法利用这种损害。