We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Server Hacked and blocked


24x7servermanag
23-08-2016, 10:11
You will have to address the source of spamming and fix it permanently. Just removing or blocking the ip will not work. Since the server is in rescue mode you will be able to check the mail logs and identify the source of problem.

ArtiomF
23-08-2016, 02:06
Quote Originally Posted by alvaroag
Add me on Skype (a.aguayo). I've never handled a case with FTP rescue, but maybe I can help you.

With OVH, the fastest response you can get is always on the phone; tickets and email, which are both internally managed the same way. can take from hours to days.
I write to you on Skype, but you do not answer.

alvaroag
22-08-2016, 16:22
Add me on Skype (a.aguayo). I've never handled a case with FTP rescue, but maybe I can help you.

With OVH, the fastest response you can get is always on the phone; tickets and email, which are both internally managed the same way. can take from hours to days.

ArtiomF
22-08-2016, 15:21
I create ticket on friday but still no answer.

ArtiomF
22-08-2016, 15:20
Quote Originally Posted by alvaroag
Support usually takes a while to answer by email. For a fast answer, you can call them.

On the email you received, there are the username & password for you to access the server in read-only mode using any FTP Client. If you don't have one, try FileZilla, which is fairly good. The IP address is your server's main IP.

Basically. after backing up all your data, you will have to reinstall your server. However, you must consider:

- The problem started because your server was hacked, that is, because it lacked some security measures. Anytime you manage a server, you must set up a software firewall the most restrictive way, as well as put strong passwords on all users. That, along with good security practices, will avoid being hacked.
- OVH works on a warn-then-block basis. You first receive a warning and your server is put into rescue mode(with full root access, not to confuse with FTP rescue), and you are required to confirm you have solved the problem before the Manager lets you reboot into your operating system. That means, that you made a mistake when you ignored the first warning; you should not ignore any warning you get, specially hack warnings.
Yes, I did get a warning from one of IP addresses was spam. I was out of town and I was not able to take action. Today I removed the specified IP.

If I go to my FTP there is no data. I need to include a dedicated server that I could make a backup copy of everything, and then I reset the system.

alvaroag
22-08-2016, 15:11
Support usually takes a while to answer by email. For a fast answer, you can call them.

On the email you received, there are the username & password for you to access the server in read-only mode using any FTP Client. If you don't have one, try FileZilla, which is fairly good. The IP address is your server's main IP.

Basically. after backing up all your data, you will have to reinstall your server. However, you must consider:

- The problem started because your server was hacked, that is, because it lacked some security measures. Anytime you manage a server, you must set up a software firewall the most restrictive way, as well as put strong passwords on all users. That, along with good security practices, will avoid being hacked.
- OVH works on a warn-then-block basis. You first receive a warning and your server is put into rescue mode(with full root access, not to confuse with FTP rescue), and you are required to confirm you have solved the problem before the Manager lets you reboot into your operating system. That means, that you made a mistake when you ignored the first warning; you should not ignore any warning you get, specially hack warnings.

ArtiomF
22-08-2016, 11:55
Hello, in billing i have message: "Your server has been hacked. Please contact our support team for instructions on what to do next.". I write to support but dont get answer.
On email i get only this message:
Hello,

Your server has been started in rescue mode so you
can recover your data.

You only have FTP access read-only with the following
login details:
- Username: user
- Password: password
----------------------------------------------------------

How i can download my backup? Tnx for answer.