OVH Community, your new community space.

Server nulled then non-optional rescue mode for 32.5 mbs incoming?


LawsHosting
18-12-2012, 22:50
It seems that SSH is worse to OVH than SMTP/POP? Although I block SMTP attempts (could be ~2,000 in 5 mins - I know I could help myself by limiting IP attempt via iptables), I haven't had a problem with OVH intervening. I do open SSH to only myself though (and OVH's cache), so presumably that's a bonus.

Marc
18-12-2012, 18:19
Quote Originally Posted by Andy
There are lots of ways to prevent SSH hammering:
1. Change the port to non standard port
2. Lock it down to set IPs only
3. Auto banning for X incorrect attempts

I agree OVH has little business blocking your server because of this as it's your security not theirs, but it does hurt the network and they did it in your best interests.
Hi Andy,

Thanks for the advice. Some of those methods you suggest are already in place.

OVH have put the server back up and I have dropped the Chinese IP/IPs that were targeting the server.

Fingers crossed

Andy
18-12-2012, 13:18
There are lots of ways to prevent SSH hammering:
1. Change the port to non standard port
2. Lock it down to set IPs only
3. Auto banning for X incorrect attempts

I agree OVH has little business blocking your server because of this as it's your security not theirs, but it does hurt the network and they did it in your best interests.

raxxeh
18-12-2012, 02:46
That is troubling indeed....

If that ever happened to my 10gbit server to something that i could not prevent (ssh hammering, for example) heads would be rolling.

I hope they unlock it for you, you did nothing wrong.

Marc
17-12-2012, 21:30
One of our servers was nulled for nearly 48 hours then put into FTP only rescue mode for traffic spikes not exceeding 100mbs. The last spike to throw the server into FTP only (get your files) rescue mode was 32.5. This is on a 2011 server with 1gbps connection.

The 'attacks' were SSH brute force attempts, which were being handled by measures on the server.

I am very disappointed that this has happened. To top it all off, the 'rescue mode' doesn't even work.

If OVH wish to check/respond, not giving nichandle, but service ID: ns228729

MRTG for the server: