|
|
Tue, 23 Jan 2018 18:58:09 -0800 VPS 32894 (我的ip) has 27065 UNREPLIED conntrack sessions
Tue, 23 Jan 2018 18:58:11 -0800 SUSPENDING VPS 32894 (我的ip); it has 27065 UNREPLIED conntrack sessions (DoS attack)
Wed, 24 Jan 2018 02:49:42 -0800 VPS 32894 (我的ip) has 15501 UNREPLIED conntrack sessions
Wed, 24 Jan 2018 02:49:46 -0800 VPS 32894 (我的ip) has 22589 UNREPLIED conntrack sessions
Wed, 24 Jan 2018 02:49:48 -0800 SUSPENDING VPS 32894 (我的ip); it has 22589 UNREPLIED conntrack sessions (DoS attack)
Thu, 25 Jan 2018 08:20:27 -0800 VPS 32894 (我的ip) has 15115 UNREPLIED conntrack sessions
Thu, 25 Jan 2018 08:20:32 -0800 VPS 32894 (我的ip) has 27628 UNREPLIED conntrack sessions
Thu, 25 Jan 2018 08:20:35 -0800 SUSPENDING VPS 32894 (我的ip); it has 27628 UNREPLIED conntrack sessions (DoS attack)
Thu, 25 Jan 2018 18:11:39 -0800 VPS 32894 (我的ip) has 11099 UNREPLIED conntrack sessions
Thu, 25 Jan 2018 18:11:44 -0800 VPS 32894 (我的ip) has 17536 UNREPLIED conntrack sessions
Thu, 25 Jan 2018 18:11:49 -0800 VPS 32894 (我的ip) has 24355 UNREPLIED conntrack sessions
Thu, 25 Jan 2018 18:11:51 -0800 SUSPENDING VPS 32894 (我的ip); it has 24355 UNREPLIED conntrack sessions (DoS attack)
Fri, 26 Jan 2018 08:24:11 -0800 VPS 32894 (我的ip) has 16677 UNREPLIED conntrack sessions
Fri, 26 Jan 2018 08:24:14 -0800 VPS 32894 (我的ip) has 21702 UNREPLIED conntrack sessions
Fri, 26 Jan 2018 08:24:16 -0800 SUSPENDING VPS 32894 (我的ip); it has 21702 UNREPLIED conntrack sessions (DoS attack)
Fri, 26 Jan 2018 18:06:34 -0800 VPS 32894 (我的ip) has 64932 UNREPLIED conntrack sessions
Fri, 26 Jan 2018 18:06:59 -0800 SUSPENDING VPS 32894 (我的ip); it has 64932 UNREPLIED conntrack sessions (DoS attack)
Fri, 26 Jan 2018 22:25:09 -0800 VPS 32894 (我的ip) has 17530 UNREPLIED conntrack sessions
Fri, 26 Jan 2018 22:25:13 -0800 VPS 32894 (我的ip) has 25002 UNREPLIED conntrack sessions
Fri, 26 Jan 2018 22:25:15 -0800 SUSPENDING VPS 32894 (我的ip); it has 25002 UNREPLIED conntrack sessions (DoS attack)
Sat, 27 Jan 2018 03:06:45 -0800 VPS 32894 (我的ip) has 13180 UNREPLIED conntrack sessions
Sat, 27 Jan 2018 03:06:49 -0800 VPS 32894 (我的ip) has 21078 UNREPLIED conntrack sessions
Sat, 27 Jan 2018 03:06:51 -0800 SUSPENDING VPS 32894 (我的ip); it has 21078 UNREPLIED conntrack sessions (DoS attack)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Conntrack is a listing that a server uses to keep track of all incoming and outgoing connections to a server. A normal Linux OS has a maximum of 65536 conntrack sessions by default, these sessions all require memory which is used by the host node and not by the VPS so setting this limit to high can impact the whole node and allow users to use more RAM than their VPS has allocated by eating up the host's RAM. Any VPS that uses over 20000 conntrack sessions will automatically be suspended by our automated system.
A typical VPS should never use more than 10000 sessions at any given time although we do have some busy NTP servers that peak at 20000 once in a while. To check your conntrack sessions, run the following command in your VPS: cat /proc/net/nf_conntrack
If your VPS was suspended, that was because it passed the threshold of 55000 conntrack sessions. This is to prevent abuse from any particular VPS on the Node, and to help ensure that all other users in the system have a responsive and working VPS.
If your VPS is suspended, and you are not sure how your VPS has this many conntrack sessions, it is likely that your VPS has been access maliciously, and is being used for other purposes than what you have set it up for.
In this circumstance, we recommend the following
-Change the root password immediately
-Disable password logins for all users via the /etc/ssh/sshd_config and only allow public_key authentication
-Run 'top' and look if any non-standard programs are running that you are not familiar with
--a good example of a non-standard program is one that does not look like a normal name. We have seen groups of five programs with names like 'dmsFZqnoz13z' which run for 10 seconds, and then switch to a new random string to prevent you from removing them.
谷歌翻译了下,说是我超过了50000会话阈值,让我改密码,禁用别的用户登录,可我只有一个用户,出现这个问题后我删除了机器重建了一个,换了一个ss服务端,可是还是会照样重启,新人报道,希望各位MJJ支支招 |
|
发表于 2018-1-30 03:30:13