OVH Community, your new community space.

Anti-Hack Protection!


dselvey
30-11-2013, 16:49
Its vKimsufi Server running Debian 6.

NeddySeagoon
30-11-2013, 15:55
dselvey,

Eventually, you will be able to get control of your box in rescure mode and grab an image of the VM for analyisis.
Don't boot the image anywhere it can get on the internet. Its just a forensics exercise.

What OS were you running and what virtualisation did you use.

dselvey
30-11-2013, 13:40
Quote Originally Posted by ctype_alnum
Good advice and also make sure you have learned something from this.
Clearly without knowing how they got in, i'm probably just gonna create the same security hole again when i reinstall. I can make some guesses but without being able to do some sort of analysis on the logs/server, i can't learn from it.

dselvey
30-11-2013, 13:36
Quote Originally Posted by NeddySeagoon
dselvey,

If you have really been hacked, you need to wipe the box and reinstall from trusted backups. You cannot safely salvage anything since you cannot tell were any backdoor(s) have been installed.

Its not harsh at all. The alternative is about the same for you and much worse for all of the rest of OVH,s customers. That is, the rest ot the internet blacklists OVH.
True, however i really would like a copy of my most recent databases. It would be good to at least mount the VM or download a copy of it to extract this sort of stuff.

I think its lack of communication thats really bugging me.

ctype_alnum
30-11-2013, 13:23
Good advice and also make sure you have learned something from this.

NeddySeagoon
30-11-2013, 12:15
dselvey,

If you have really been hacked, you need to wipe the box and reinstall from trusted backups. You cannot safely salvage anything since you cannot tell were any backdoor(s) have been installed.

Its not harsh at all. The alternative is about the same for you and much worse for all of the rest of OVH,s customers. That is, the rest ot the internet blacklists OVH.

dselvey
30-11-2013, 00:19
Hi,

I'm really stuck at the moment my VPS has been offline for days and all my websites are down due to the anti-hack protection. I got the message with some logs in it, i replied to it asking what the next steps should be to gain access to the server to patch the problem, but got no reply. I then contacted customer service that told me i need to send an explanation on how i'm going to sort out the server in the reply to the alert, which i did. (Nowhere did it tell me this.) This has however got me nowhere.

I think that just "pulling the plug" is a bit harsh, particularly if there is no way to resolve it quickly. Instead i have to sit back and do nothing while my years of hard work i've put in to building up the websites contained on the VPS slips away.

Its punishing the victim.