Варианты решения Ваших вопросов

  хостинг
<< Назад       не могу войти на сервер

Вопрос: Account disabled by server administrator.
Вопрос: https://IP:1500/ispmgr не могу войти сайты не работают
Ответ:

Здравствуйте . на вас пришло 5 жалоб сегодня

Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Fri, 16 Oct 2015 23:13:36 +0200
Received: from [IP] (helo=relayn.net4sec.com)
by mail.hetzner.company with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.80)
(envelope-from <EMAIL>)
id 1ZnCJg-00009t-N9
for EMAIL; Fri, 16 Oct 2015 23:13:36 +0200
Received: from relayn.net4sec.com (localhost [IP])
by relayn.net4sec.com (Postfix) with ESMTP id 681981EB00B1
for <EMAIL>; Fri, 16 Oct 2015 23:12:22 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; q=dns; s=
sel; b=qWCsqdTi5t+5/NwQy5GIFoGHW1tZMh5qt5KWhKy4VJLRIjTcBK8jnUcgs
PUmVFVTC9Do465pl5DmqTzUNlqaf6aAfDoH0+4YKtILafHkRcEUZcQwLdg3RGVoE
Cr6HP65CqMs6aT4U+eFvSX2h4gcbgt9Efn5g/Aos9vaBpWrLEY=
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; s=sel;
bh=Hu+ejpID/Wv7HswMNkASbqvrWSg=; b=d5VWV2INmx22bl5UfA6Qe3SE5Wl0
osjUJU4g8LuorHz05xaNDK6nj7P76VEMVqSDNLtcNWUPu9n9PZo9OY0rnt3n5AgF
vdk+QdPafA9IbfW0gx+asPOEaQpvH6cFk7voj+OsVkycmJDSkvd3FfW6M0To7ij9
5Q5HBDEu1PjhVYo=
Received: from dbserv (unknown [IP])
by localhost (Postfix) with ESMTP id 526D91EB00AA
for <EMAIL>; Fri, 16 Oct 2015 21:12:22 +0000 (UTC)
From: EMAIL
to: EMAIL
Subject: [clean-mx-portals-9556098](IP)-->(EMAIL) portals
sites (3 so far) within your network, please close them! status: As of 2015-10-16
23:12:10 CEST
cc: EMAIL
MIME-Version: 1.0
X-Mailer: clean mx secure mailer
Date: Fri, 16 Oct 2015 23:12:10 +0200
content-Type: multipart/signed; boundary="----------=_1444965142-7449-51935";
micalg="pgp-sha1"; protocol="application/pgp-signature"
X-DKIM-Status: pass [(clean-mx.de) - IP]
X-Spam-Level: 0.5 (/)
Message-ID: 1ZnCJg-00009t-NEMAILpany
Delivered-To: EMAIL

This is a multi-part message in MIME format.
It has been signed conforming to RFC3156.
Produced by clean-mx transparent crypt gateway.
Version: 2.01.0619 http://www.clean-mx.de
You need GPG to check the signature.

------------=_1444965142-7449-51935
Content-type: multipart/mixed; boundary="----=_NextPart"

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"

Dear abuse team,

please have a look on these perhaps offending portals sites(3) so far.

Notice: We do NOT urge you to shutdown your customer, but to inform him about a
possible infection/misbehavior !

status: As of 2015-10-16 23:12:10 CEST

Please preserve on any reply our Subject:
[clean-mx-portals-9556098](IP)-->(EMAIL) portals sites (3 so
far) within your network, please close them! status: As of 2015-10-16 23:12:10 CEST


http://support.clean-mx.de/clean-mx/portals.php?email=EMAIL&response=alive

(for full uri, please scroll to the right end ...

This information has been generated out of our comprehensive real time database,
tracking worldwide portals URI's

If your review this list of offending site(s), please do this carefully, pay
attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

We denote domains and url in this fancy way, because your spamfilter will not pass
this !
If you lower your filter drop us a note to reset this attribute for your email contact!


|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2015-10-16 23:00:48
CEST |9556098 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_3_9_4_f_4_2_e_0_f_a_6_4_1_f_5_9_4_7_9_7_8_b_5_7_c_8_c_a_8_f_f_8_f_b_8_9_c_1_2_3
|2015-10-16 23:00:48
CEST |9556099 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_7_2_c_5_2_0_c_6_7_0_6_6_a_f_1_9_b_c_3_4_9_e_c_f_7_f_e_6_1_4_9_4_d_6_e_9_f_a_6_3
|2015-10-16 23:00:48
CEST |9556100 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_f_d_c_4_0_c_0_a_2_a_3_4_d_8_c_6_0_9_0_b_6_8_e_0_1_4_0_6_6_2_a_1_d_a_c_c_a_c_0_f
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network
block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to
the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case


yours

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing

GSM: ++49 171 4802507

Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
EG-Identnr: DE283762194

w3: http://www.clean-mx.de
e-Mail: mailto:EMAIL
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
------=_NextPart--

------------=_1444965142-7449-51935
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: inline; filename="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: Digital Signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWIGsWAAoJEBTGcx9kwGtzwawH/RJWAbFRExh2P2oHVWNlJDvk
nxTgut9xHSKs5/QzYPSZTTjdR5QJZSmRIXHoqq2zaTgrK9lIpgB83SZx0W2/e8BO
OK9QOOT7+GJvH2Oa9RhAzprS2uXVlliasIQVb8K68Wf6erTmUxlSMXDhE7QJPB8m
oAaoPFXd1e7jZUsdQR9rgNOedmjpB+5FWycg8OR5TUHJvyZVQXc5nfAnw1AQNJbb
PB+nn+EJzS3KGqcy40oVjnqczSXTodvjTwTtaBDV+tkCelYU0OCUAZt9+mQbEdg1
BN7jTYseBM1ogFsm6ylRH8zj5bdYqMW/0sLAQ3VmA26/tNDtHrAmCbo0vp6IFZc=
=9Hg6
-----END PGP SIGNATURE-----

------------=_1444965142-7449-51935--

Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Fri, 16 Oct 2015 23:13:36 +0200
Received: from [IP] (helo=relayn.net4sec.com)
by mail.hetzner.company with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.80)
(envelope-from <EMAIL>)
id 1ZnCJg-00009t-N9
for EMAIL; Fri, 16 Oct 2015 23:13:36 +0200
Received: from relayn.net4sec.com (localhost [IP])
by relayn.net4sec.com (Postfix) with ESMTP id 681981EB00B1
for <EMAIL>; Fri, 16 Oct 2015 23:12:22 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; q=dns; s=
sel; b=qWCsqdTi5t+5/NwQy5GIFoGHW1tZMh5qt5KWhKy4VJLRIjTcBK8jnUcgs
PUmVFVTC9Do465pl5DmqTzUNlqaf6aAfDoH0+4YKtILafHkRcEUZcQwLdg3RGVoE
Cr6HP65CqMs6aT4U+eFvSX2h4gcbgt9Efn5g/Aos9vaBpWrLEY=
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; s=sel;
bh=Hu+ejpID/Wv7HswMNkASbqvrWSg=; b=d5VWV2INmx22bl5UfA6Qe3SE5Wl0
osjUJU4g8LuorHz05xaNDK6nj7P76VEMVqSDNLtcNWUPu9n9PZo9OY0rnt3n5AgF
vdk+QdPafA9IbfW0gx+asPOEaQpvH6cFk7voj+OsVkycmJDSkvd3FfW6M0To7ij9
5Q5HBDEu1PjhVYo=
Received: from dbserv (unknown [IP])
by localhost (Postfix) with ESMTP id 526D91EB00AA
for <EMAIL>; Fri, 16 Oct 2015 21:12:22 +0000 (UTC)
From: EMAIL
to: EMAIL
Subject: [clean-mx-portals-9556098](IP)-->(EMAIL) portals
sites (3 so far) within your network, please close them! status: As of 2015-10-16
23:12:10 CEST
cc: EMAIL
MIME-Version: 1.0
X-Mailer: clean mx secure mailer
Date: Fri, 16 Oct 2015 23:12:10 +0200
content-Type: multipart/signed; boundary="----------=_1444965142-7449-51935";
micalg="pgp-sha1"; protocol="application/pgp-signature"
X-DKIM-Status: pass [(clean-mx.de) - IP]
X-Spam-Level: 0.5 (/)
Message-ID: 1ZnCJg-00009t-NEMAILpany
Delivered-To: EMAIL

This is a multi-part message in MIME format.
It has been signed conforming to RFC3156.
Produced by clean-mx transparent crypt gateway.
Version: 2.01.0619 http://www.clean-mx.de
You need GPG to check the signature.

------------=_1444965142-7449-51935
Content-type: multipart/mixed; boundary="----=_NextPart"

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"

Dear abuse team,

please have a look on these perhaps offending portals sites(3) so far.

Notice: We do NOT urge you to shutdown your customer, but to inform him about a
possible infection/misbehavior !

status: As of 2015-10-16 23:12:10 CEST

Please preserve on any reply our Subject:
[clean-mx-portals-9556098](IP)-->(EMAIL) portals sites (3 so
far) within your network, please close them! status: As of 2015-10-16 23:12:10 CEST


http://support.clean-mx.de/clean-mx/portals.php?email=EMAIL&response=alive

(for full uri, please scroll to the right end ...

This information has been generated out of our comprehensive real time database,
tracking worldwide portals URI's

If your review this list of offending site(s), please do this carefully, pay
attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

We denote domains and url in this fancy way, because your spamfilter will not pass
this !
If you lower your filter drop us a note to reset this attribute for your email contact!


|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2015-10-16 23:00:48
CEST |9556098 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_3_9_4_f_4_2_e_0_f_a_6_4_1_f_5_9_4_7_9_7_8_b_5_7_c_8_c_a_8_f_f_8_f_b_8_9_c_1_2_3
|2015-10-16 23:00:48
CEST |9556099 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_7_2_c_5_2_0_c_6_7_0_6_6_a_f_1_9_b_c_3_4_9_e_c_f_7_f_e_6_1_4_9_4_d_6_e_9_f_a_6_3
|2015-10-16 23:00:48
CEST |9556100 |cleanmx_spamvertized |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_f_d_c_4_0_c_0_a_2_a_3_4_d_8_c_6_0_9_0_b_6_8_e_0_1_4_0_6_6_2_a_1_d_a_c_c_a_c_0_f
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network
block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to
the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case


yours

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing

GSM: ++49 171 4802507

Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
EG-Identnr: DE283762194

w3: http://www.clean-mx.de
e-Mail: mailto:EMAIL
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
------=_NextPart--

------------=_1444965142-7449-51935
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: inline; filename="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: Digital Signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWIGsWAAoJEBTGcx9kwGtzwawH/RJWAbFRExh2P2oHVWNlJDvk
nxTgut9xHSKs5/QzYPSZTTjdR5QJZSmRIXHoqq2zaTgrK9lIpgB83SZx0W2/e8BO
OK9QOOT7+GJvH2Oa9RhAzprS2uXVlliasIQVb8K68Wf6erTmUxlSMXDhE7QJPB8m
oAaoPFXd1e7jZUsdQR9rgNOedmjpB+5FWycg8OR5TUHJvyZVQXc5nfAnw1AQNJbb
PB+nn+EJzS3KGqcy40oVjnqczSXTodvjTwTtaBDV+tkCelYU0OCUAZt9+mQbEdg1
BN7jTYseBM1ogFsm6ylRH8zj5bdYqMW/0sLAQ3VmA26/tNDtHrAmCbo0vp6IFZc=
=9Hg6
-----END PGP SIGNATURE-----

------------=_1444965142-7449-51935--

Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Fri, 16 Oct 2015 22:59:45 +0200
Received: from [IP] (helo=relayn.net4sec.com)
by mail.hetzner.company with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.80)
(envelope-from <EMAIL>)
id 1ZnC6H-0007Uf-QD
for EMAIL; Fri, 16 Oct 2015 22:59:45 +0200
Received: from relayn.net4sec.com (localhost [IP])
by relayn.net4sec.com (Postfix) with ESMTP id 94C5F1EB000B
for <EMAIL>; Fri, 16 Oct 2015 22:58:31 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; q=dns; s=
sel; b=tf4+gqzROnNR2m53f08Wdu1hOd3C4JNRQhv+NEDMKjgJFCvqO0r+WXdsH
/V4JK8rFSyEqs5okX2Ismu3pmpoCXc7ueFnzKri3oHXlx3jNIBTHKh609dq3/i4R
a1iRjd4dC07IQB0/4uRm4i8r+bGhk9cJqCC5b0JZT7kq9ekRjs=
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; s=sel;
bh=JYxAe6FLXMgzcTGEsMydtfk3Emc=; b=lm/zR8gZMesAEjtXZe6O7/LEsUVF
ZWHkXnwJFEaFX/zpzx/Fh6sL8HrMjAuSKhSxswfwyDINf0SfeexCjRH+0qHHs4r3
N1uzLS9Kk7e/X7vxoiATjypPnhZWc9ooGRLfiGq0jGCU7g9NLDG+ATojPFBUBpJp
5AUSOWAlgax17Ow=
Received: from dbserv (unknown [IP])
by localhost (Postfix) with ESMTP id 63B2D1EB0073
for <EMAIL>; Fri, 16 Oct 2015 20:58:31 +0000 (UTC)
From: EMAIL
to: EMAIL
Subject: [clean-mx-phishing-6639812](IP)-->(EMAIL) phishing
sites (1 so far) within your network, please close them! status: As of 2015-10-16
22:58:18 CEST
cc: EMAIL
MIME-Version: 1.0
X-Mailer: clean mx secure mailer
Date: Fri, 16 Oct 2015 22:58:18 +0200
content-Type: multipart/signed; boundary="----------=_1444964311-7449-51807";
micalg="pgp-sha1"; protocol="application/pgp-signature"
X-DKIM-Status: pass [(clean-mx.de) - IP]
X-Spam-Level: 0.5 (/)
Message-ID: 1ZnC6H-0007Uf-QD@mail.hetzner.company
Delivered-To: EMAIL

This is a multi-part message in MIME format.
It has been signed conforming to RFC3156.
Produced by clean-mx transparent crypt gateway.
Version: 2.01.0619 http://www.clean-mx.de
You need GPG to check the signature.

------------=_1444964311-7449-51807
Content-type: multipart/mixed; boundary="----=_NextPart"

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"

Dear abuse team,

please have a look on these perhaps offending phishing sites(1) so far.

Notice: We do NOT urge you to shutdown your customer, but to inform him about a
possible infection/misbehavior !

status: As of 2015-10-16 22:58:18 CEST

Please preserve on any reply our Subject:
[clean-mx-phishing-6639812](IP)-->(EMAIL) phishing sites (1
so far) within your network, please close them! status: As of 2015-10-16 22:58:18
CEST


http://support.clean-mx.de/clean-mx/phishing.php?email=EMAIL&response=alive

(for full uri, please scroll to the right end ...

You may also subscribe to our PhishWatch Mailinglist, updated hourly at:
http://lists.clean-mx.com/cgi-bin/mailman/listinfo/phishwatch

This information has been generated out of our comprehensive real time database,
tracking worldwide phishing URI's

If your review this list of offending site(s), please do this carefully, pay
attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

We denote domains and url in this fancy way, because your spamfilter will not pass
this !
If you lower your filter drop us a note to reset this attribute for your email contact!


|date |id |Target |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2015-10-16 22:40:23
CEST |6639812 |AOL |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_w_w_w_._a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_A_o_L_/
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network
block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to
the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case


yours

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing

GSM: ++49 171 4802507

Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
EG-Identnr: DE283762194

w3: http://www.clean-mx.de
e-Mail: mailto:EMAIL
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
------=_NextPart--

------------=_1444964311-7449-51807
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: inline; filename="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: Digital Signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWIGfXAAoJEBTGcx9kwGtz6rEIAIVSkyzbtrmQ3ys+ggsnnwNl
rLMittBt0or2s+n9AVyJYyymXLYW43c+c9bqJqO+12Z9XFlWD/IydXh2I9LTCxf0
LcAxFvPvqa81kbEUCwV3mQpnMu5syqe1XRZwYPlGjH97GwwvIjegwuiQPyZPBolX
D35BGcqthuIiVqkPSeit8u95FU1pS5b9UbZuEcsIfZgYTiQXUZ+76MRA/TqXme82
MHeeZY6vOxSkA/wW+0UQExXvSjXIk5beYK1g0bOuWgPGdLVk3LPVoBgfOPZwhMPi
kNqzO4wgHN80eEGYWZmVcQDh352Ws7OPYIVqvTOkkFexdBBYsqNG2GOYYq1TR6o=
=yaFV
-----END PGP SIGNATURE-----

------------=_1444964311-7449-51807--

Return-path: <EMAIL>
Envelope-to: EMAIL
Delivery-date: Sat, 17 Oct 2015 01:02:21 +0200
Received: from [IP] (helo=relayn.net4sec.com)
by mail.hetzner.company with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.80)
(envelope-from <EMAIL>)
id 1ZnE0v-0002Sn-FR
for EMAIL; Sat, 17 Oct 2015 01:02:21 +0200
Received: from relayn.net4sec.com (localhost [IP])
by relayn.net4sec.com (Postfix) with ESMTP id A554D1EB00B6
for <EMAIL>; Sat, 17 Oct 2015 01:01:06 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; q=dns; s=
sel; b=MqP4pBZef0Q8wqZ+lRrfrjonmBBPfI2kNhyfZUfINp/s82eNhcUiCsHMV
4upLZUD3KwGf6hNgscDF/oBSZ0wmHsyWygV94odc53GK5tA1kz03JmYrybJeEl2I
qQM40rU9ZpCLLf97wqR8lZ49RgkZ+BzyEOWIfDi99y6hvYNtvk=
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to
:subject:cc:mime-version:message-id:date:content-type; s=sel;
bh=3KATvtmQ7af5zbs5wF3bCajMlUw=; b=PB3DCmQG2y35R6rVi0T6Xer8N96y
2zOLU2W1ChiKUCb6l02NfPGyetirZjNECddopwDMMcHR3YEo7ri84vQYKOau/7Bh
y5BBSmfHDq+kRufECvBxyuMxuiMlRUu9/js2iZvQsVRdP2I8WyW64w9jLEwGZqLB
zRyY8Z+VGDod0ys=
Received: from dbserv (unknown [IP])
by localhost (Postfix) with ESMTP id 7983C1EB00B9
for <EMAIL>; Fri, 16 Oct 2015 23:01:06 +0000 (UTC)
From: EMAIL
to: EMAIL
Subject: [clean-mx-phishing-6640193](IP)-->(EMAIL) phishing
sites (3 so far) within your network, please close them! status: As of 2015-10-17
01:00:53 CEST
cc: EMAIL
MIME-Version: 1.0
X-Mailer: clean mx secure mailer
Date: Sat, 17 Oct 2015 01:00:53 +0200
content-Type: multipart/signed; boundary="----------=_1444971666-7449-52352";
micalg="pgp-sha1"; protocol="application/pgp-signature"
X-DKIM-Status: pass [(clean-mx.de) - IP]
X-Spam-Level: 0.5 (/)
Message-ID: 1ZnE0v-0002Sn-FR@mail.hetzner.company
Delivered-To: EMAIL

This is a multi-part message in MIME format.
It has been signed conforming to RFC3156.
Produced by clean-mx transparent crypt gateway.
Version: 2.01.0619 http://www.clean-mx.de
You need GPG to check the signature.

------------=_1444971666-7449-52352
Content-type: multipart/mixed; boundary="----=_NextPart"

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"

Dear abuse team,

please have a look on these perhaps offending phishing sites(3) so far.

Notice: We do NOT urge you to shutdown your customer, but to inform him about a
possible infection/misbehavior !

status: As of 2015-10-17 01:00:53 CEST

Please preserve on any reply our Subject:
[clean-mx-phishing-6640193](IP)-->(EMAIL) phishing sites (3
so far) within your network, please close them! status: As of 2015-10-17 01:00:53
CEST


http://support.clean-mx.de/clean-mx/phishing.php?email=EMAIL&response=alive

(for full uri, please scroll to the right end ...

You may also subscribe to our PhishWatch Mailinglist, updated hourly at:
http://lists.clean-mx.com/cgi-bin/mailman/listinfo/phishwatch

This information has been generated out of our comprehensive real time database,
tracking worldwide phishing URI's

If your review this list of offending site(s), please do this carefully, pay
attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

We denote domains and url in this fancy way, because your spamfilter will not pass
this !
If you lower your filter drop us a note to reset this attribute for your email contact!


|date |id |Target |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2015-10-17 00:00:42
CEST |6640193 |AOL |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_w_w_w_._a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_A_o_L_/_a_o_l_l_o_g_i_n_._p_s_p_._h_t_m
|2015-10-17 00:20:05
CEST |6640325 |AOL |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_A_o_L_/
|2015-10-17 00:20:06
CEST |6640367 |AOL |IP |_a_t_a_._m_d |_h_t_t_p_:_/_/_w_w_w_._a_t_a_._m_d_/_m_e_d_i_a_/_s_y_s_t_e_m_/_i_m_a_g_e_s_/_A_o_L_n_e_w_b_e_s_t_/_9_0_a_5_7_f_2_f_c_e_8_1_2_e_8_b_1_3_1_a_0_f_d_e_8_e_a_4_1_1_c_d_5_f_2_f_a_9_6_f_/_a_o_l_l_o_g_i_n_._p_s_p_._h_t_m
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network
block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to
the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic
walker process may not detect a closed case


yours

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing

GSM: ++49 171 4802507

Geschaeftsfuehrer: Martina Recher
Handelsregister Augsburg: HRB 27139
EG-Identnr: DE283762194

w3: http://www.clean-mx.de
e-Mail: mailto:EMAIL
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
------=_NextPart--

------------=_1444971666-7449-52352
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: inline; filename="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: Digital Signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJWIISSAAoJEBTGcx9kwGtzvv8H/2coFZfjx4/O/ESeu5vSqyYA
baWJ5XBx3EuklYin2c3FtiPoC+5+oGMI2yCgFG6ZtbXZg6tBwTGLBTgChIanLbYV
Wb3jWmwDYJVfvFiftzzYJ/o0svQrsuPCGjYWh1vdhIcF6bfnjS+/tSpnRpTzjYb2
EVqjqkfFkRa+sEP/8HnuPsUTjef+Oz+dczjeNuok7cN1P2LdnmbNr7P1AC99VEOR
TKgxIn204fZL0DQsz7P4EeIipcGGBYLOWb7PqlbRHbZyPFYKURWULO3U/WoML2d9
JzAFs6DnOC8rEp5DRoSccTrqcabDz1ZB4+I6+T3v+62u4Wa7SaITIbuhg6I7PHQ=
=u7yd
-----END PGP SIGNATURE-----

------------=_1444971666-7449-52352--

Вопрос: можно мне дать доступ я решу проблему почищу от вирусов и закрою уязвимости поменяю пароли
Вопрос: можно мне дать доступ я решу проблему почищу от вирусов и закрою уязвимости поменяю пароли
Ответ:

скажите пожалуйста каким образом Вы будете проводить чистку? и почему даннапя профилактика у Вас не делается постоянно? с учетом того, что на Вас поступает большое количество жалоб.

Сегодня их было сразу 5 одновременно.

Звонили из ДЦ с настойчивой просьбой наконец-то разобраться с данным VPS.

Вопрос: я каждый день раз в день в 22 часа делаю проверку на вирусы и профилактику(удаляю лишний кэш и устаревшие файлы) до сегодняшнего дня было нормально
Вопрос: буду скачивать архивы на комп и проверять на вирусы и уязвимость
Вопрос: потом на хостинге выставлю права 555 на уязвимые расширения
Вопрос: поменяю пароли
Вопрос: можно получить доступ чтобы проделать работу
Ответ:

может Вам стоит обратиться к услугам знающих специалистов, которые бы дли Вам заключение?

так как еще неколько подобных валовых жалоб и ДЦ просто запретит предоставлять Вам услуги.

Вопрос: я сейчас оплатил услугу по проверке на платном сервисе
Вопрос: мне нужен доступ чтобы они дали заключение и рекомендации почистили сайты
Вопрос: revisium.com
Вопрос: Стоимость услуги лечения сайта и защиты от взлома Стоимость комплексной услуги лечения и защиты сайта от взлома зависит от системы управления (CMS), на которой работает сайт. От 3000 до 5000 руб за сайт. Это небольшая сумма, за которую мы раз и навсегда избавим вас от проблем с вирусами и взломом сайтов. При одновременном заказе 3-х и более сайтов — скидка.
Вопрос: Стоимость услуги лечения сайта и защиты от взлома Стоимость комплексной услуги лечения и защиты сайта от взлома зависит от системы управления (CMS), на которой работает сайт. От 3000 до 5000 руб за сайт. Это небольшая сумма, за которую мы раз и навсегда избавим вас от проблем с вирусами и взломом сайтов. При одновременном заказе 3-х и более сайтов — скидка.
Ответ:

мы открыли доступ

Вопрос: спасибо сейчас займёмся
Ответ:

сообщиет пожалуйста о результате. если потребуются дополнительные настройки, сообщите

Вопрос: ок
Ответ:


ok


<< Назад