Anti-Hack
Originally Posted by
Dani
Hi
Can you provide me with your NIC handle. I will check this for you.
Danny
ID sw27876-sys
You got hacked and your server was misused. Reinstall OS and everything should be fine. Make sure you identified the problem, that got you hacked in the first place, or you will be hacked again, and then OVH may cancel your contract due to breach of contract.
[UPDATE]Your server was put to rescue ftp??[/UPDATE]
Smally1997
18-12-2014, 18:28
The reason the IP was blocked wasn't due to him being DDOSed because we know SYS, have the vacuum process in place. It was because the traffic being sent was malicious search google:
TCP SYN ATTACK
Hi
Can you provide me with your NIC handle. I will check this for you.
Danny
ozgurerdogan
18-12-2014, 15:59
Originally Posted by
Gax
And what to do about this
How can I solve this problem?
Sys team already blcoked that ip. You can not do anything from this point. But you may try to find what they are attacking to and disable that user or service or whatever it is. Or better ask sys about this.
And what to do about this
How can I solve this problem?
ozgurerdogan
18-12-2014, 14:42
You were under syn attack. I guess its throughput 30Kpps/29Mbps was high and thats why they blocked your ip.
Hello
I have a problem I've got to mail this letter:
What does it mean that I do not understand
Can you help and what should I do?
Dear Customer,
The IP address 156.54.38.71 had to be blocked by our services due to
the various alerts received.
Please don't hesitate to contact out technical support team so that this situation does not become critical.
You can find the logs brought up by our system which lead to this alert.
- START OF ADDITIONAL INFO -
Attack detail : 30Kpps/29Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2014.12.18 00:56:24 CET 156.54.38.71:14941 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:49549 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:12459 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:35116 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:35116 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11492 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:52388 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:42873 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:51850 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:51850 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:7829 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:3957 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:15704 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:11879 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:32851 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:54695 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
2014.12.18 00:56:24 CET 156.54.38.71:15704 61.160.221.211:747 TCP SYN 1024 ATTACK:TCP_SYN
- END OF ADDITIONAL INFO -
OVH Customer Support.