OVH Community, your new community space.

Anti-Hack [HELP FAST]


marks
26-01-2016, 11:41
Quote Originally Posted by aftkrt
what you mean about the server [Windows or VMware vSphere Client ] ? ?
yes, the IP that appears in the hack logs is not your main IP, so you can just remove the VM. Do check the security of your VMs, they are as vulnerable like any normal server.
aftkrt
26-01-2016, 00:52
Quote Originally Posted by alvaroag
Then you can try reinstalling only that VPS; that should do the trick.
LOVE YOU :d

BIG THANKS

i'm hope you add me at skype

Nour.elhop1

add me,i'm want give you free as Gift: ) and really want thank you for this help )
alvaroag
26-01-2016, 00:30
Then you can try reinstalling only that VPS; that should do the trick.
aftkrt
25-01-2016, 23:09
Quote Originally Posted by alvaroag
The IP 51.254.230.105 is the IP for the VPS or the server?
yes it's ip have windose server 2012 and it's [VPS AT MY dedicated server ]
alvaroag
25-01-2016, 22:56
Quote Originally Posted by aftkrt
thanks for answer me :

i'm installed from sys > VMware ESXi 5.0 Update 1 (64bits)

than setup windoser server 2012 [vps ] ... what i'm must did reinstall THE DEDICATED SERVER OR THE VPS who have this ip ? ?

thanks
The IP 51.254.230.105 is the IP for the VPS or the server?
aftkrt
25-01-2016, 22:15
Quote Originally Posted by alvaroag
Reinstall the OS you installed from the Manager. VMs don't count. if you installed Windows from the manager, then reinstall Windows; if you installed vmware from the Manager, then reinstall vmware.

vSphere Client is a client application, is does not runs on the server, but on your computer.
thanks for answer me :

i'm installed from sys > VMware ESXi 5.0 Update 1 (64bits)

than setup windoser server 2012 [vps ] ... what i'm must did reinstall THE DEDICATED SERVER OR THE VPS who have this ip ? ?

thanks
alvaroag
25-01-2016, 22:09
Quote Originally Posted by aftkrt
what you mean about the server [Windows or VMware vSphere Client ] ? ?
Reinstall the OS you installed from the Manager. VMs don't count. if you installed Windows from the manager, then reinstall Windows; if you installed vmware from the Manager, then reinstall vmware.

vSphere Client is a client application, is does not runs on the server, but on your computer.
aftkrt
25-01-2016, 19:28
Quote Originally Posted by marks
yes, it's very much recommended that you reinstall the server, as it's quite difficult to be 100% that your server is clean if it's already been infected
what you mean about the server [Windows or VMware vSphere Client ] ? ?
marks
25-01-2016, 19:23
yes, it's very much recommended that you reinstall the server, as it's quite difficult to be 100% that your server is clean if it's already been infected
aftkrt
25-01-2016, 19:19
Quote Originally Posted by alvaroag
It can be really difficult to delete the bot/rootkit that may have got into your server; I've tried that on some cases I've seen in the past, but with no luck. That's why I consider reinstalling the server as the best option. After that, of course, you must ensure your server is correctly secured: a strong root password, a strict firewall, and so on, so you won't get hacked by a bot again.
thanks very much for this indo but you talk about reinstall Windows Or reinstall VMware vSphere Client ???????
alvaroag
25-01-2016, 19:05
Quote Originally Posted by aftkrt
did you have any idea to can catch the virus or what ever did it ! i'm want know it
It can be really difficult to delete the bot/rootkit that may have got into your server; I've tried that on some cases I've seen in the past, but with no luck. That's why I consider reinstalling the server as the best option. After that, of course, you must ensure your server is correctly secured: a strong root password, a strict firewall, and so on, so you won't get hacked by a bot again.
aftkrt
25-01-2016, 18:46
did you have any idea to can catch the virus or what ever did it ! i'm want know it
aftkrt
25-01-2016, 18:45
Quote Originally Posted by alvaroag
A correction: 6667/TCP is used for IRC; 6667/UDP is not assigned, so it's not clear what kind of traffic the server generated.

Most probably the server was infected by a bot/rootkit, which performed random attacks.

Even when it's possible to disinfect the server, your best option is to reinstall the OS, as cleaning it may give you the wrong impression, and you will end up being blocked again.
thanks for answer me the problem i'm don't attack this ip :

OS mean new Windows or new VMWAVE for all dedicated ???
alvaroag
25-01-2016, 16:41
A correction: 6667/TCP is used for IRC; 6667/UDP is not assigned, so it's not clear what kind of traffic the server generated.

Most probably the server was infected by a bot/rootkit, which performed random attacks.

Even when it's possible to disinfect the server, your best option is to reinstall the OS, as cleaning it may give you the wrong impression, and you will end up being blocked again.
HostRange
25-01-2016, 16:26
Port 6667 is IRC. Your server 51.254.230.105 is attacking it. Your server is probably infected.
aftkrt
25-01-2016, 15:45
Hello

I have a problem I've got to mail this letter:

What does it mean that I do not understand
Can you help and what should I do?

+I'M DON'T ATTACK ANYONE AND I'M DON'T WANT LOSE MY ACCOUNT

-----------------------------------------
Dear Customer,

The IP address 51.254.230.105 had to be blocked by our services due to
the various alerts received.

Please don't hesitate to contact our technical support team so that this situation does not become critical.

You can find the logs brought up by our system which lead to this alert.

- START OF ADDITIONAL INFO -

Attack detail : 184Kpps/123Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58708 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP
2016.01.25 11:45:34 CET 51.254.230.105:58709 172.85.107.206:6667 UDP --- 88 ATTACK:UDP



- END OF ADDITIONAL INFO -


OVH Customer Support.


----------------------------------------------