慎用第三方一键翻墙脚本

NOCO发布于 分类 Linux

11小时前 有1个用户阅读过

星期天早上

上周星期天起床后,看到手机上收到一封来自virmach的邮件:Service Suspension Notification。VIRMACH上年付只用了3个月的VPS被封了,Suspension Reason: PSN Hijacking

VPS只用于翻墙,只装了2个第三方一键脚本,一个是teddysun的shadowsocks,另一个是91yun的finalSpeed。所以导致此问题的原因应该就是他们其中之一!

PS:SS用于翻墙浏览网页几乎没什么问题,只是看youtube很卡,速度不行。FinalSpeed是用于OVZ架构的VPS网络加速工具,配合SS用来看youtube的!

之前在搬瓦工上的VPS也是装有这2个软件,smtp滥用导致服务被暂停过2次,因为teddysun的ss脚本我用在多个VPS上,但只有同时安装有91yun的finalSpeed的VPS才出现了这个问题。所以teddysun的脚本应该是可靠的。那时候我大概就怀疑91yun或者FinalSpeed不靠谱。但为了看youtube又不得不用!只是在vps上增加了防火墙限制了一些端口。心存侥幸的继续用着!

没想到,问题还是来了。只是VIRMACH上的这个VPS应该是无法恢复了,VIRMACH并不像搬瓦工那样每年能给用户3次恢复的机会!

通过Tickect,客服回复关于此事的具体原因

Here's the abuse report we've received regarding this service:

To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity.  The time stamps are approximate from our logs.  The actual timing of the events depend on the signature matched.  It is very likely to have occurred both before, during and following the times listed.

       Approximate Time Range (UTC),      IP Address, Reason
2017-09-16 12:06 ~ 2017-09-16 12:36 (UTC), 107.174.206.159, Account Takeover Attempts

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP 443.

Please take the necessary measures to correct the malicious activity from the above-listed IP addresses as soon as possible to avoid any further disruptions. If we were to remove any of these IP addresses from the blacklist and subsequent abusive activity is detected, the IP address will be promptly blacklisted again.


We thank you for your prompt attention to this matter. If you require assistance or additional information please contact snei-noc-abuse@am.sony.com and include the IP address in question.

Thank you

星期天晚上

我配置了 SS+finalSpeed 用于看youtube的纯翻墙VPS有2个,VIRMACH挂了,还有一个搬瓦工可以用。只是晚上youtube看着看着的时候,搬瓦工也挂了,因为搬瓦工之前恢复过2次,今年只剩最后一次了,前几天重装系统的时候可能是遗漏了防火墙对端口的限制,立马回复后再限制一下端口,几分钟后又挂了!年付方案还有2个月到期!

今天(星期一)

墙还是得继续翻下去,只是通过之前的经验,对于翻墙这种有风险的事情来说,月付也许比年付好一点。一来也便宜不了多少,另外黑5也快到了,等着新一波优惠也好!

因为OVZ导致SS加速的可选方案较少,换KVM比较好!

Virmach KVM 256月付,仅仅SS,又一次上路了!

-- The End --

参考与扩展阅读

Virmach
Virmach KVM 256

本文标题: 慎用第三方一键翻墙脚本

本文地址: https://seonoco.com/blog/caution-third-party-one-click-shell-script

本文是否有所帮助?
点赞 0
感谢支持
0
多谢反馈
评论 0
打赏

支持微信/支付宝

评论 ( 当前有 2 条评论 )

网友

最新最早
  • 网友2019-07-05 13:48:29
    如果第三方finalspeed脚本有问题的话,为什么没用finalspeed脚本的瓦工也挂了
  • noco @ 楼上 2019-07-05 13:52:10
    如果是干净的BWH,是没有问题的,肯定是安装了某个不干净或被污染的软件导致的。