问:您好,服务器重启后无法远程登录桌面了,服务器重启后无法远程登录了
答:您好,
测试可以正常远程的,请您再试试呢。
非常感谢您长期对我司的支持!
问:用VNC控制台可以登录远程桌面,但用电脑的远程软件不能登录,11:30分左右还可以登录的。
答:您好,这边测试就是用远程软件登录的,您可以尝试重启下本地网络后试下呢。若还是不行,请提供下登录报错截图,和您的ping 127.0.0.1 -t截图和tracert -d 127.0.0.1 的截图,以便我们进一步查看。
非常感谢您长期对我司的支持!
问:本地网络没问题,用VNC登录后http://w.ixsw.cn/k3cloud/html/可以访问,但我在本地电脑访问不了
问:现在可以远程登录了,谢谢
答:您好,好的。
非常感谢您长期对我司的支持!
问:服务器无法远程登录,是用网页重启后也不行
答:您好,
联系机房核实,您主机被投诉对外发动攻击被屏蔽了,需要重装系统后解封。
Dear Provider,
I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 127.0.0.1
directed at our clients’ servers.
As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.
I\’ve collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link. The timezone is UTC 2:00.
http://bitninja.io/incidentReport.php?details=3b82c8a6799e6fe842
{
"PORT HIT": "127.0.0.1:62339
->127.0.0.1:445
"
}
{
"PORT HIT": "127.0.0.1:62356
->127.0.0.1:445
",
"MESSAGES": "Array
(
[15:04:07] => u0000u0000u0000TSMBru0000u0000u0000u0000u0018u0001(u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000/Ku0000u0000臹u00001u0000u0002LANMAN1.0u0000u0002LM1.2X002u0000u0002NT LANMAN 1.0u0000u0002NT LM 0.12u0000
[15:04:07 1] => u0000u0000u0000JSMBu0000u0000u0000u0018u0001(u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000oFoFD)
u0010u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000Ju0000u0000u0000Ju0000u0002u0000#u0000u0000u0000u0007u0000\\PIPE\\u0000
)
"
}
{
"PORT HIT": "127.0.0.1:62771
->127.0.0.1:445
",
"MESSAGES": "Array
(
[15:04:10] => u0000u0000u0000u0085SMBru0000u0000u0000u0000u0018S纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u00000000u0000@u0000u0000bu0000u0002PC NETWORK PROGRAM 1.0u0000u0002LANMAN1.0u0000u0002Windows for Workgroups 3.1au0000u0002LM1.2X002u0000u0002LANMAN2.1u0000u0002NT LM 0.12u0000
[15:04:11] => u0000u0000u0000u0088SMBsu0000u0000u0000u0000u0018u0007纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u00000000u0000@u0000ru0000u0088u0000u0004u0011
u0000u0000u0000u0000u0000u0000u0000u0001u0000u0000u0000u0000u0000u0000u0000評0000u0000u0000Ku0000u0000u0000u0000u0000u0000Wu0000iu0000nu0000du0000ou0000wu0000su0000 u00002u00000u00000u00000u0000 u00002u00001u00009u00005u0000u0000u0000Wu0000iu0000nu0000du0000ou0000wu0000su0000 u00002u00000u00000u00000u0000 u00005u0000.u00000u0000u0000u0000
[15:04:11 1] => u0000u0000u0000NSMB2u0000u0000u0000u0000u0018u0007纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000oF﨑)Au0000u000ffu0000u0000u0000u0001u0000u0000u0000u0000u0000u0000u0000u00014顄0000u0000u0000fu0000Bu0000u0000u0000Nu0000u0001u0000u000eu0000ru0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000
)
"
}
Please keep in mind that after the first intrusion we log all traffic between your server and the ted servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.
For more information on analyzing and understanding outbound traffic, check out this:
https://doc.bitninja.io/_images/nt-report-1.jpg
We’ve also dedicated an entire site help people prevent their server from sending malicious attacks:
https://doc.bitninja.io/investigations.html
Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the or technical team responsible for managing your server.
Thank you for helping us make the Internet a safer place!
Regards,
George Egri
CEO at BitNinja.io
BitNinja.io
@ BusinessInsider UK
BitNinja.io
hits the WHIR.com
BitNinja @ CodeMash conference
I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 127.0.0.1
directed at our clients’ servers.
As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.
I\’ve collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link. The timezone is UTC 2:00.
http://bitninja.io/incidentReport.php?details=3b82c8a6799e6fe842
{
"PORT HIT": "127.0.0.1:62339
->127.0.0.1:445
"
}
{
"PORT HIT": "127.0.0.1:62356
->127.0.0.1:445
",
"MESSAGES": "Array
(
[15:04:07] => u0000u0000u0000TSMBru0000u0000u0000u0000u0018u0001(u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000/Ku0000u0000臹u00001u0000u0002LANMAN1.0u0000u0002LM1.2X002u0000u0002NT LANMAN 1.0u0000u0002NT LM 0.12u0000
[15:04:07 1] => u0000u0000u0000JSMBu0000u0000u0000u0018u0001(u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000oFoFD)
u0010u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000Ju0000u0000u0000Ju0000u0002u0000#u0000u0000u0000u0007u0000\\PIPE\\u0000
)
"
}
{
"PORT HIT": "127.0.0.1:62771
->127.0.0.1:445
",
"MESSAGES": "Array
(
[15:04:10] => u0000u0000u0000u0085SMBru0000u0000u0000u0000u0018S纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u00000000u0000@u0000u0000bu0000u0002PC NETWORK PROGRAM 1.0u0000u0002LANMAN1.0u0000u0002Windows for Workgroups 3.1au0000u0002LM1.2X002u0000u0002LANMAN2.1u0000u0002NT LM 0.12u0000
[15:04:11] => u0000u0000u0000u0088SMBsu0000u0000u0000u0000u0018u0007纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u00000000u0000@u0000ru0000u0088u0000u0004u0011
u0000u0000u0000u0000u0000u0000u0000u0001u0000u0000u0000u0000u0000u0000u0000評0000u0000u0000Ku0000u0000u0000u0000u0000u0000Wu0000iu0000nu0000du0000ou0000wu0000su0000 u00002u00000u00000u00000u0000 u00002u00001u00009u00005u0000u0000u0000Wu0000iu0000nu0000du0000ou0000wu0000su0000 u00002u00000u00000u00000u0000 u00005u0000.u00000u0000u0000u0000
[15:04:11 1] => u0000u0000u0000NSMB2u0000u0000u0000u0000u0018u0007纔0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000oF﨑)Au0000u000ffu0000u0000u0000u0001u0000u0000u0000u0000u0000u0000u0000u00014顄0000u0000u0000fu0000Bu0000u0000u0000Nu0000u0001u0000u000eu0000ru0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000u0000
)
"
}
Please keep in mind that after the first intrusion we log all traffic between your server and the ted servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.
For more information on analyzing and understanding outbound traffic, check out this:
https://doc.bitninja.io/_images/nt-report-1.jpg
We’ve also dedicated an entire site help people prevent their server from sending malicious attacks:
https://doc.bitninja.io/investigations.html
Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the or technical team responsible for managing your server.
Thank you for helping us make the Internet a safer place!
Regards,
George Egri
CEO at BitNinja.io
BitNinja.io
@ BusinessInsider UK
BitNinja.io
hits the WHIR.com
BitNinja @ CodeMash conference
问:重装后,原来的数据还在吗?
答:您好,
您可以选择保留数据重装,d盘内的文件不会改变,非常感谢您长期对我司的支持!
问:那是你们那边帮我重装吗
答:您好,
您在我司服务器管理面板中自行提交重装操作,非常感谢您长期对我司的支持!
