上篇帖子,我的ccs杜甫被搞
https://www.nodeseek.com/post-398953-1
今天,我的机器被暂停,服务商说吃abuse了。

这两有个共同点,都是装了哪吒探针没多久出事了,
杜甫新入手,第二个已经持有很久了,之前(一年前)也装过哪吒探针,没事,这次很快就中招了
不管与它有没有,垃圾哪吒,反正我是不敢用了。
比较菜
只会看history
不是我操作的。

附abuse内容
Hello
Suspend Reason: Greetings, the security team CSIRT-MU has detected involvement of the IP address 45.159.48.223 into the following incident: Active scanning Incident Active scanning type: Detection time 2025-07-23T13:45:00+02:00 - 2025-07-23T13:50:04+02:00 window: Source IP 45.159.XXX.XXX address: Source domain --- name: Target IP address 429 count: Target IP 147.251.185.36, 147.251.214.108, 147.251.193.172, 147.251.141.166, addresses: 147.251.44.121, 147.251.196.68, 147.251.84.57, 147.251.51.135, >>> 147.251.92.28, 147.251.102.156, ... >>> A computer use active scanning to contact other computers in a Description network to find what services are remotely accessible. Users of the cannot trigger the scanning by chance and rarely experienced users incident: do so intentionally. This activity most often means that the >>> computer is infected by a virus or other malicious code, or runs >>> some misconfigured service. Security issue solution We strongly recommend to check the computer with up-to-date antivirus software and eventually check the configuration of network services. Because of the severity of the security issue, the IP address 45.159.XX.XXX was blocked for 1 hour. The block was performed to protect the network and can be lifted earlier only after the security issue that led to it is resolved. How to communicate with the CSIRT-MU team? [2] Please review the source of the incident and fix the issue. Inform us about the result within 5 business days. Best regards, CSIRT-MU The security team of Masaryk University https://csirt.muni.cz
Thanks, and have a nice day!
Tam Tran,
Support Engineer - GreenCloud