今天在我的 VPS 上测试了下新的端口扫描工具 zmap ,我已经设置了只使用10M的带宽(digitalocean VPS 带宽是 1000M 当然你要在美国才能体验到这千兆的速度),结果还是被封了 。。。。
点进 support 可以看到一个新的 ticket
好吧 赶紧回复求解封,这里一定要有个正常的理由 ,要装无辜:
英文不是很好,勉强回复了下,我说我的VPS被黑了。。。
结果没想到,digitalocean的客户回复我道:
I understand this can be frustrating as this type of attack is usually a sign that your droplet has been compromised. Cleaning a compromised server can be very difficult and time consuming. I usually recommend copying needed files from the droplet and creating a new droplet from a clean image.
Unfortunately, until you provide a complete explanation about how the compromise was cleaned up and how it can be prevented in the future, we will not be able to unlock it.
If you have backups enabled and have a backup from prior to the attacks, this can be used to rebuild your droplet to an earlier, clean state from the control panel by clicking on your droplet, then Destroy, then Rebuild and selecting your backup.
Once you have your new, clean droplet up and running this article will assist you in setting up initial security:
https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
We also have many other security related articles and tutorials that you can find here:
https://www.digitalocean.com/community/tags/explore/security
Let us know your plan of action for investigating and resolving this issue. We look forward to your update
我靠,还不相信我能清理干净,一定要让我销毁现有的 vps 然后重建一个,除非你能说服他们你已经把现有的系统清理干净了。。现在VPS只能在digitalocean的页面上登陆,而且还没网,我的数据都还在上面呢,怎么备份,百度搜了下,很多人说 digitalocean封的太严了 ,一些人都没办法恢复,好吧 真这么坑吗。赶紧问下客户能不能让我备份下数据,渣渣英文继续上:
i do not have backup images ,could you please temporary enable my vps‘s network let me backup my personal data ,or tell me other ways to backup my data ,after i backup my data,i will destory this droplet
could you please 都用上了 , 心里已经在跪求了 。。
结果还是非常好的,客服为我吧 VPS从应急恢复ISO中启动,而且我还可以挂载原先的盘并配置网络来备份数据
下面说下备份的过程:
登陆后,先
fdisk -l
看下原先的虚拟机硬盘在哪里
然后
mount /dev/vda1 /mnt 挂载原先的硬盘
配置下网络 ,使用原来VPS的 IP
ifconfig eth0 xx.xx.xx.xx netmask 255.255.255.0
route add default gw xx.xx.xx.1
然后直接
chroot /mnt bash
进入原先的 vps 环境 赶紧开始打包吧
zip -r /root/bak.zip /var/www /var/lib/mysql
打包后,直接 python 创建个 http 服务器 迅雷开下
cd ~
python -m SimpleHTTPServer
我开始使用的是 ftp 上传,结果速度极慢,后面使用http的方式 ,发现速度是前者的100倍,同样用的是上传带宽,差距怎么这么大。。。
最后重新创建个vps即可~