[Abuse #GFKQNZPDVS] Malicious files hosted on your service ns388816.ip-176-31-255.eu

Тупость этого списка malware, то что когда он находит вирус какой он просто начинает срать на почту, тоннами писем и на домены и в ДЦ и на личные почты. Я и так вижу когда что то приходить, нахуй мне везде это дублировать. Они даже эту жалобу продублировали вообще на сервер какой никак не связан с этим серверов, с тем же IP что тут в жалобе.

Первая пришла: https://abuse.watch/2021/12/19/abuse-gfkqnzpdvs-malicious-files-hosted-on-your-service-ns388816-ip-176-31-255-eu/

Но за минуту приходят еще пачка других с тем же содержимым. 


Hello,

The hosting of malicious files (Malware) on your dedicated server ns388816.ip-176-31-255.eu has been reported to or noticed by our Abuse Team.
Technical details (such as URLs) showing the aforementioned problem follow :
— start of the technical details —
=================================================
= This message has been generated automatically =
=================================================

Hello

You are receiving this email because your email address is recognized by Abuseix [1] as abuse-mail for the IP address 176.31.255.147.

This email has been generated automatically by URLhaus [2] to inform you about one or more malware distribution sites that are currently being hosted on 176.31.255.147:

* Host information
IP address: 176.31.255.147
Hostname: 647.rbx.abcvg.ovh
AS number: 16276
AS name: OVH

* Malware URL(s)
URL: http://176.31.255.147/file/huesosik.exe
Proof: https://urlhaus.abuse.ch/url/1897090

URL: http://176.31.255.147/file/youtubenew1.exe
Proof: https://urlhaus.abuse.ch/url/1897104

The said URLs are actively being used at the moment to distribute malware. I therefore kindly ask you to remove the said files at your earliest convenience to prevent that other internet users get infected with malware.

As the said website(s) have been likely compromised, you may also want to reset the customer’s FTP account and make sure that any installed content management system (CMS) like WordPress, Typo3 or Joomla (including any 3rd party plugins) are up to date.

Should you have any question please do not hesitate to drop a line to: admin[at]abuse{dot}ch

Best regards,
abuse.ch

[1] https://www.abusix.com/contactdb
[2] https://urlhaus.abuse.ch/ \— Forwarded email(s) —

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
In order to fix this issue, we recommend you to follow the following steps :
1. Reinstall a previous safe backup of your website. Otherwise, delete every suspicious files to avoid being infected afterward.
2. Change your password (FTP, CMS, Database, …).
3. Update / Upgrade your CMS to install the new vulnerability patches.
If you need assistance, you can reach our support or ask a IT professional.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Abuse team.

Добавить комментарий

Ваш адрес email не будет опубликован.