V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
tongtongqiang
V2EX  ›  问与答

bwh1 上 Sony 黑客活动?

  •  
  •   tongtongqiang · 2017-05-29 10:54:57 +08:00 · 2145 次点击
    这是一个创建于 2772 天前的主题,其中的信息可能已经有所发展或是发生改变。
    This service is currently suspended. There is 1 outstanding issue:
    Reason: Hacked/rooted server
    More details: We have detected hacking activity on this server
    Additional information:


    To whom it may concern,

    Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

    The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity. The time stamps are approximate from our logs. The actual timing of the events depend on the signature matched. It is very likely to have occurred both before, during and following the times listed.

    Approximate Time Range (UTC), IP Address, Reason
    2017-05-27 03:27 ~ 2017-05-27 03:57 (UTC), 138.123.178.101, Account Takeover Attempts

    It is most likely the attack traffic is directed at one of the following endpoints:

    account.sonyentertainmentnetwork.com
    auth.np.ac.playstation.net
    auth.api.sonyentertainmentnetwork.com
    auth.api.np.ac.playstation.net

    These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

    The destination port will be TCP 443.

    Please take the necessary measures to correct the malicious activity from the above-listed IP addresses as soon as possible to avoid any further disruptions. If we were to remove any of these IP addresses from the blacklist and subsequent abusive activity is detected, the IP address will be promptly blacklisted again.


    We thank you for your prompt attention to this matter. If you require assistance or additional information please contact [email protected] and include the IP address in question.

    Thank you

    P.S. If you would prefer an individual email for each IP address on this list, please let us know.


    How to resolve: The server has been compromised. Make sure you install clean OS immediately after resuming service, otherwise the issue will repeat.
    You can unsuspend a service 3 times in one calendar year.
    Remaining unsuspensions for this server: 3

    I understand the issue and ready to resolve it right away
    By clicking the button above you agree to take all measures to prevent future TOS violations.
    You also acknowledge that after 3 suspensions this server will be disabled until January 1, 2018.
    1 条回复    2017-05-29 12:48:27 +08:00
    ARCWelder
        1
    ARCWelder  
       2017-05-29 12:48:27 +08:00 via Android
    ssh 被爆破了或者 SS 被扫出来用作代理池了,就是你的机器被用于 DDoS 索尼的服务。如果没有什么重要的东西建议重装

    还有,谷歌翻译是个好东西,如果你看不懂英语的话。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1014 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 28ms · UTC 22:03 · PVG 06:03 · LAX 14:03 · JFK 17:03
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.