vultr把我服务器suspended了……

hein

手动填了个网站参数，检测到服务器响应了，就给停了……
我本地测试，是直接跳转回自己域名的首页……
现在服务器都上不去，我特么怎么知道线上什么情况。数据都拿不回来……

---------------------------------------------------------
Hello,

Due to the sensitive nature of this item, we have proactively powered down the relevant instance.

You may restore power at any time via https://my.vultr.com [Manage > Restart] to troubleshoot, repair, replace or destroy as necessary. In the event of a compromise, we recommend instance destruction/replacement.

We will be forced to suspend this instance if we do not receive a response within 48 hours.

--Vultr Trust & Safety--
How do you rate this response?   
Netcraft Takedown Service2025-12-30 06:11:19Dear Sir or Madam,
We have detected a cryptocurrency investment scam hosted on your network:
hxxps://ac.stage3rd[.]com/forumSkin.asp?d=fwvaugt&url=https%3A%2F%2Fproxysales.cc%2Fgo%2F13b4y2%2Fy2%3Flabel%3D3&font=15&kanielauvergne=7263 [104.207.138.165]
Cryptocurrency investment scams are sites which impersonate brands and celebrities to promote potentially fraudulent cryptocurrency investments. They usually take the form of fake news articles, cryptocurrency scam sign-up pages or fake cryptocurrency giveaway pages. These scams often suggest high financial returns, but do not pay out the amounts promised. They also tend to tailor the content served based on the visitor's country to make the scam appear more convincing.
Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?
More information about the detected issue is provided at https://incident.netcraft.com/reports/jfyphsi7fm27bhdvyjtdtj
See https://incident.netcraft.com/about for more details including API support.
Regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 80213767
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.

5long

> You may restore power at any time

这意思是说还能开机的吧。

我以前也被 Vultr 给 suspend 过，原因是 bt 下的内容被版权方盯上了。不过上面也没什么重要数据，直接就销毁实例重建了。

hein

5long 发表于 2026-1-10 13:55
> You may restore power at any time

这意思是说还能开机的吧。

几小时了，看来美国半夜没客服，等我们半夜看看Subject怎么回复我了。

不过服务器全自动，我也从来不上vultr，看了眼他们发我的Subject最早的居然是11月底的，行吧可能我也有锅。

就一个客户端手动填写的url尝试从我这跳转，美国什么时候这么警惕……

=w=

netcraft

只要服务商收到了这家公司的投诉，就是不管你在干什么正经的还是不正经的，都是先给停了再说

可以搜索下怎么屏蔽这家公司的扫描，不给它扫描就行了，或者检查下是不是加了什么被这家公司给扫描了

不过现在你的这个服务器恐怕还是删掉重新开一个比较好

hein

=w= 发表于 2026-1-10 15:38
netcraft

只要服务商收到了这家公司的投诉，就是不管你在干什么正经的还是不正经的，都是先给停了再说

我英文没看仔细，具体是哪个公司扫了我。

最关键的是forumSkin.asp这个文件我很早就禁用了，只是没在服务器上删除……

=w=

hein 发表于 2026-1-10 15:43
我英文没看仔细，具体是哪个公司扫了我。

最关键的是forumSkin.asp这个文件我很早就禁用了，只是没在服 ...

可是看投诉内容是这个文件被利用了用来做重定向

你开机后主动删掉吧

然后回复下感谢 vultr 的通知和提前关机了，感谢 netcraft 的扫描，我并不知道自己的机器被人用来做 scams，已经根据邮件内容删除了这些文件，如果还有其他问题，请务必通知我，我会积极配合。

开机后就马上备份所有数据，最好是直接删掉重新建个新的，同个 ip 还被 netcraft 扫描了好多次的话风险还是有的，最坏的情况就是 vultr 直接删你机子都不提前跟你说

hein

=w= 发表于 2026-1-10 16:11
可是看投诉内容是这个文件被利用了用来做重定向

你开机后主动删掉吧

我本地测试是，这个手动添加url并不会重定向，只会在地址栏挂着这个参数
这都要被封，实在是难防…………

我等vultr回复了，直接备份删机器得了