今天收到勒索邮件。
不过看了下数据库都没删除,除了刚新创建一个seafile服务器, 其它的一切还好。
攻击者创建了一个用户名为PLEASE_READ_ME_VVV 的数据库,并在表中增加了一个信息
需要打款0.03btc.
To recover your lost Database send 0.03 Bitcoin (BTC) to our Bitcoin address 1NezVEtSsTvvPJbxyGgGkfkg5JwHrvLk31 and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxx. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will delete your backup.
先从两方面屏蔽下
1.对数据库使用访问白名单,暂时只开放特定的ip段,查了下公司和个人家里的,取一个共同的。限制访问 范围 。
2.更改了主机的ssh 密码。
后续再进行进一步分析 。
还不快抢沙发