以下是被列黑名單的原因
This IP address is infected with, or is NATting for a machine infected with Pushdo. Pushdo is a DDOS trojan - meaning that it was (at least of the timestamp given above) participating in a HTTP-based (web protocol) distributed denial of service attack on web server[s].
Pushdo is usually associated with the Cutwail spam trojan, as part of a Zeus or Spyeye botnet. Together, this provides the attacker with DDOS, email spam, and information theft capabilities. This is something you really want to get rid of. But remember, we detected this specifically by the DDOS traffic to a web server.
====================================
查看郵件主機,並無異常,流量也都很正常,除了在1個半月前,某一使用者密碼被猜中,導致發信異常外(當天排除,故暫時排除此原因)
查看防火牆log,近一個星期來,有明顯大量的外國ip一直在try我防火牆,換了一個IP,停了10多分鐘,又繼續try了(防火牆除了特定ip能進去外,其它通通禁止,也有擋所有ping),似乎不單純??
然道真的如CBL說的有使用者中了Pushdo木馬??
但查看內ip對外的情況...確看不出所以然來,沒有明顯大量連線或流量??
請問如果真的中了Pushdo,會有什麼特徵嗎!方便快速查到是誰??還是只能一台一台電腦去掃毒??
This IP address is infected with, or is NATting for a machine infected with Pushdo. Pushdo is a DDOS trojan - meaning that it was (at least of the timestamp given above) participating in a HTTP-based (web protocol) distributed denial of service attack on web server[s].
Pushdo is usually associated with the Cutwail spam trojan, as part of a Zeus or Spyeye botnet. Together, this provides the attacker with DDOS, email spam, and information theft capabilities. This is something you really want to get rid of. But remember, we detected this specifically by the DDOS traffic to a web server.
====================================
查看郵件主機,並無異常,流量也都很正常,除了在1個半月前,某一使用者密碼被猜中,導致發信異常外(當天排除,故暫時排除此原因)
查看防火牆log,近一個星期來,有明顯大量的外國ip一直在try我防火牆,換了一個IP,停了10多分鐘,又繼續try了(防火牆除了特定ip能進去外,其它通通禁止,也有擋所有ping),似乎不單純??
然道真的如CBL說的有使用者中了Pushdo木馬??
但查看內ip對外的情況...確看不出所以然來,沒有明顯大量連線或流量??
請問如果真的中了Pushdo,會有什麼特徵嗎!方便快速查到是誰??還是只能一台一台電腦去掃毒??