今天收到勒索邮件。

不过看了下数据库都没删除，除了刚新创建一个seafile服务器， 其它的一切还好。

攻击者创建了一个用户名为PLEASE_READ_ME_VVV 的数据库，并在表中增加了一个信息

需要打款0.03btc.

To recover your lost Database send 0.03 Bitcoin (BTC) to our Bitcoin address 1NezVEtSsTvvPJbxyGgGkfkg5JwHrvLk31 and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxx. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will delete your backup.

先从两方面屏蔽下

1.对数据库使用访问白名单，暂时只开放特定的ip段，查了下公司和个人家里的，取一个共同的。限制访问 范围 。

2.更改了主机的ssh 密码。

后续再进行进一步分析 。