OVH Community, your new community space.

Anti-Hack


Gax
18-12-2014, 23:22
Quote Originally Posted by Dani
Hi

Can you provide me with your NIC handle. I will check this for you.

Danny
ID sw27876-sys

heise
18-12-2014, 21:04
You got hacked and your server was misused. Reinstall OS and everything should be fine. Make sure you identified the problem, that got you hacked in the first place, or you will be hacked again, and then OVH may cancel your contract due to breach of contract.

[UPDATE]Your server was put to rescue ftp??[/UPDATE]

Smally1997
18-12-2014, 19:28
The reason the IP was blocked wasn't due to him being DDOSed because we know SYS, have the vacuum process in place. It was because the traffic being sent was malicious search google:
TCP SYN ATTACK

Dani
18-12-2014, 18:00
Hi

Can you provide me with your NIC handle. I will check this for you.

Danny

ozgurerdogan
18-12-2014, 16:59
Quote Originally Posted by Gax
And what to do about this
How can I solve this problem?
Sys team already blcoked that ip. You can not do anything from this point. But you may try to find what they are attacking to and disable that user or service or whatever it is. Or better ask sys about this.

Gax
18-12-2014, 15:47
And what to do about this
How can I solve this problem?

ozgurerdogan
18-12-2014, 15:42
You were under syn attack. I guess its throughput 30Kpps/29Mbps was high and thats why they blocked your ip.

Gax
18-12-2014, 10:02
Hello

I have a problem I've got to mail this letter:

What does it mean that I do not understand
Can you help and what should I do?


Dear Customer,

The IP address 156.54.38.71 had to be blocked by our services due to
the various alerts received.

Please don't hesitate to contact out technical support team so that this situation does not become critical.

You can find the logs brought up by our system which lead to this alert.

- START OF ADDITIONAL INFO -

Attack detail : 30Kpps/29Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2014.12.18 00:56:24 CET 156.54.38.71:14941 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:49549 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:12459 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:35116 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:35116 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11492 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:52388 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:42873 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:51850 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:51850 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:7829 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:3957 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:15704 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:32851 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:54695 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:15704 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN



- END OF ADDITIONAL INFO -


OVH Customer Support.