因搬瓦工提供的系统漏洞而被黑， vps 被搬瓦工禁用 1 年

事情是这样的，去年年底时再搬瓦工买了 29.9 刀的 VPS，安装了搬瓦工提供的 CentOS7-x64-bbr，系统中只安装了梯子。这个梯子一直用到 8 月初。

就在这个月初，我的 VPS 被搬瓦工禁用了。禁用的理由是：

Network abuse: Mass Mailing

提示我还有两次机会（如果被禁用三次，一年内服务无法恢复）。初步看了下应该是 vps 被黑了，再一直发送垃圾邮件。 这时我申请了恢复，并重启了 vps，打算排查下问题。很快 vps 又被禁用。原因同上，因为恶意程序又在发送垃圾邮件。根本没有时间排查问题。

这次不敢大意了，给搬瓦工提了工单。一天后客服给了句重新安装系统。我想重装就重装吧，反正也没有使用重要数据，最多重新搭下，麻烦点就麻烦点。按照搬瓦工客服的方法，又重新安装了搬瓦工提供的 CentOS7-x64-bbr。但刚装了梯子，vps 又被搬瓦工停用了。原因一模一样。也就十来分钟的时间。这时，系统被停用了 3 次，被搬瓦工禁用一年。

可这次是安装了全新的搬瓦工提供的系统，却立刻被中毒，说明搬瓦工提供的系统有严重漏洞。在这种情况下按说应该给我恢复系统，因为责任不在为这。可搬瓦工不光不给恢复使用，甚至提出要求我付 50 刀才肯恢复的无理要求。

我想，这段时间因这个系统漏洞被搬瓦工禁用的绝对不止我一个。大家有没有遇到过被搬瓦工禁用的问?可一起讨论下，看有没有什么对策。

这件事前前后后耗了我一周的时间。对搬瓦工的服务质量、服务态度彻底失望。

下面是与搬瓦工客服的沟通：

我，Sunday, August 5th, 2018 (03:16 ）

My vps is hacked, the system has detected a large number of smtp connections originating from my server. New it has been suspended. how can i resolve the issue?

客服, Monday, August 6th, 2018 (02:28)

We do not tolerate any abuse on our network, no matter what it is intentional or not. However, we will give our customers 3 chances in a calendar year. You have 1 more chances and your account will be suspended until January 1 next year if you do not take care of this issue seriously.

Please note that we don't have any intention to suspend your account, but we need to make sure that we are providing the best services to our customers all over the world and we do not tolerate anything that affects our customers from using our VPS's.

So, now you can login back to the KiwiVM control panel and resolve this isse without any difficulties by agreeing to the conditions displayed in the control panel and pressing the button which says "I understand the issue and ready to resolve it right away".

This issue usually happens when your server is rooted/hacked. Make sure you install clean OS immediately after resuming service, otherwise the issue will repeat. Also, make sure that there are no viruses on your installed programs which may cause this issue to happen again.

Please do not hesitate to contact us if you need any further assistance in the future.

我，Monday, August 6th, 2018 (19:13 ）

I take your advice and I have reinstalled my server, now the vps is a clean centos-7-bbr provided by you. but the issue is still existing. And now my server is suspended during this year. I hope my service and be recovered as soon as possible.

客服，Tuesday, August 7th, 2018 (14:36)

We do not tolerate any abuse on our network, no matter intentional or not. You have been warned 3 times, but the issue was not fixed, so now you would have to wait until next year before VPS can be unsuspended again.

If you'd like to download a full backup of your VPS, you can do that in the KiwiVM panel (Snapshots menu).

Please note that per our Terms of Service we reserve the right to charge $50 fee for each repeat incident, which means we would have already billed you twice for the last two incidents. We did not do that in your case because we value our relationship with our customers. We trust that our customers take abuse issues seriously and fix them promptly.

Having said all that, what we can do is the following: we can issue you the $50 bill for the last abuse incident as per our Terms of Service. Once paid, we will reset your suspension count to zero so you can resume operation. Let us know if this works for you.

In the meantime, we highly recommend hiring an experienced Linux administrator who can help you secure your VPS. Also, note that in many cases abuse issues are caused by a virus on the client's PC.

Please do not hesitate to contact us if you need any further assistance in the future.

我，Tuesday, August 7th, 2018 (22:02 ）

I have taken your advice and reinstalled a new clean OS, the OS was 'Centos 7 x86_64 bbr'. But after I have reinstalled the OS, a mail notification told me that my server was suspended. I Think the problem is that there are some vulnerabilities in 'Centos 7 x86_64 bbr ' provided by your platform. My server was hacked because of your platform security problems. I don't do anything to violate your Terms of Service, I don't think the problem is on me. Your platform security problem has impacted my service seriously, I hope to recover my service AS SOON AS POSSIBLE and FREE.

客服，Wednesday, August 8th, 2018 (12:40)

My sincere apologies for any inconvenience. However, please note that all our services are self-managed. While we invest heavily into making sure all our equipment and networks are kept in the best possible shape, we do not manage or offer support for customer's applications. In other words, we do not assist with installing and configuring applications, troubleshooting, recovering from backups, etc. - these are the sole responsibility of the Customer. Should you need assistance of such level, then we highly recommend hiring a Linux administrator who can help you with these tasks.

We must be strict about this rule in order for our pricing to stay sustainable - we want to keep delivering rock-solid, stable service at a very low cost.

I can confirm that currently we are not experiencing any service interruptions; all our equipment and network are functioning normally.

If you have difficulties connecting to the server, we highly recommend trying out our Interactive console (available in KiwiVM) as it allows to access your VPS even if SSH is disabled.

If you do not have root login info, then you may either reset root password via KiwiVM, or use Interactive console to boot your VPS in single user mode to reset root password.

To download a full copy of your VPS please use Snapshots menu in the KiwiVM.

Please do not hesitate to contact us if you need any further assistance in the future

我，Wednesday, August 8th, 2018 (21:14 ）

I don't think so. The OS that I have installed is provided by you, and after a very short time I reinstalled the system, my server was hacked, then my server was suspended by you. I even have no time to maintain the server.

We have Linux administrator maintain the server, but because of your OS's vulnerabilities, we have NO TIME and NO METHOD to maintain the server. We can't access the server by ssh and kiwi panel. The responsibility is not on our.

I hope to recover our server or get my refund.

客服，Thursday, August 9th, 2018 (14:06 ）

Please do not try to shift the blame to us. I am afraid we are not going to be able to add anything to this discussion.

我，Thursday, August 9th, 2018 (21:45 ）

I have payed you money, but now you suspend my service on no reasonable reason. Your behavior is telling us that you are fucking your customers.

At last, there only two actions I can take:

1. Post the issue to community forum.
2. NEVER USING YOUR SERVICE.

这时，客服关闭了我的工单。