• UID4981
  • Fans0
  • Follows0
  • Posts1

anyone receives similar email before and what we should do ?

More Posted time:Jan 26, 2018 14:33 PM
Receive a email from Aliyun finding malicious packets on the ECS server. But, it has no detail information about mulicious packets.  we did basiclly security check on the server and could not find any securyt issue.  We raised ticket to the  Aliyun support team. They asked us to do the 3 steps in the email. my opinion is that those 3 steps should be done after the security issue has been identified.   Otherwise, it is waste/risky to format disk, reset servers as advised in the email.
Anyone has silimiar experience and advise please?
beow is email from Aliyun

Dear user,
Your ECS has been detected to transmit malicious packets with sessions that You need to check your security risks as soon as possible. If malicious packet transmissions exceed 12 hours, we will issue a script policy to ban your external packet transmission port. It will not affect your normal external services and applications. If the above action is ineffective and malicious packet transmissions continue, we will shut down your host after 36 hours. Please look into the issue seriously. Thank you.
Please execute the following actions as soon as possible
1. Clear viruses and Trojans
Please use anti-virus software to eliminate viruses, trojans or any abnormal programs in the system disk and data disk.
We recommend you reset the server. Copy important data from the system to the data disk first and then format the system disk. After resetting, transfer the data from the data disk to the system disk and format the data disk. Note: Default factory settings will be used after the system disk is reset, internal applications have to be reinstalled.
2. Enable Yundun to provide security protection for your host and prevent malicious attacks.
Implement defensive security protocol
Please enable Yundun as soon as possible.
3. If your system has been compromised, we strongly recommend that you back up data in the system disk and data disk to a local disk and reset all disks (log in to www.alicloud.com and go to Management control panel -> ECS console -> click on the instance to be initialized. Shutdown the instance after data backup is completed and click “Reset disk” to reset the system disk and data disk as required.) Then reinstall programs and upload anti-virus data. Finally, enable Yundun to protect your server from more malicious attacks.

Assistant Engineer
Assistant Engineer
  • UID3277
  • Fans3
  • Follows0
  • Posts65
1st Reply#
Posted time:Jan 27, 2018 14:19 PM
I suggest you enable Server Guard (Yundun) https://yundun.console.aliyun.com to scan your server

I wrote a post on Server Guard

Senior Engineer
Senior Engineer
  • UID105
  • Fans5
  • Follows0
  • Posts343
2nd Reply#
Posted time:Jan 29, 2018 16:23 PM
Alibaba cloud detected your instance send out transmit malicious packets, most of the time means your instance has been hacked, the hacker uses your instance to attack other instance, So you need clear the viruses and trojans In your instance.

Why suggest your reset your disk and format it?
The viruses and trojans are hard to clean and remove for instance, So suggest your reset the disk to make sure viruses and trojans removed.