Ddos атака с сервера Topic is solved

[nitsik]

Здравствуйте. Вчера хостер Hetzner заблокировал сервер за ddos атаку с сервера.

Dear Mr,

We have indications that there was an attack from your server.
Please take all necessary measures to avoid this in the future and to solve the issue.

We also request that you send a short response to us. This response should contain information about how this could have happened and what you intend to do about it.
In the event that the following steps are not completed successfully, your server can be blocked at any time after the 2018-04-07 17:28:12 +0200.

How to proceed:
- Solve the issue
- Test if the issue still exists by using the following link: ...
- After successfully testing that the issue is resolved, send us a statement by using the following link: ...

Important note:
When replying to us, please leave the abuse ID [AbuseID] unchanged in the subject line. Manual replies will only be handled in the event of a lock down. Should you have any questions relating to this, please contact our support staff at [email protected].
Please note that we do not provide telephone support in our department.
If you have any questions, please send them to us by responding to this email.

Kind regards

Network department

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 505-0
Fax: +49 9831 505-3
[email protected]
www.hetzner.com

Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner

On 07 Apr 13:27, [email protected] wrote:
> Direction OUT
> Internal ...
> Threshold Flows 200 flows/s
> Sum 65.272 flows/300s (217 flows/s), 154.730.000 packets/300s (515.766 packets/s), 6,922 GByte/300s (189 MBit/s)
> External 111.231.132.129, 22.545 flows/300s (75 flows/s), 60.742.000 packets/300s (202.473 packets/s), 2,715 GByte/300s (74 MBit/s)
> External 183.131.222.44, 16.264 flows/300s (54 flows/s), 36.588.000 packets/300s (121.960 packets/s), 1,636 GByte/300s (44 MBit/s)
> External 111.230.105.177, 16.062 flows/300s (53 flows/s), 36.220.000 packets/300s (120.733 packets/s), 1,619 GByte/300s (44 MBit/s)
> External 60.191.186.90, 1.816 flows/300s (6 flows/s), 3.688.000 packets/300s (12.293 packets/s), 0,165 GByte/300s (4 MBit/s)
> External 60.191.186.95, 1.773 flows/300s (5 flows/s), 3.616.000 packets/300s (12.053 packets/s), 0,162 GByte/300s (4 MBit/s)
> External 60.191.186.91, 1.761 flows/300s (5 flows/s), 3.582.000 packets/300s (11.940 packets/s), 0,160 GByte/300s (4 MBit/s)
> External 60.191.186.96, 1.748 flows/300s (5 flows/s), 3.562.000 packets/300s (11.873 packets/s), 0,159 GByte/300s (4 MBit/s)
> External 60.191.186.3, 1.683 flows/300s (5 flows/s), 3.430.000 packets/300s (11.433 packets/s), 0,153 GByte/300s (4 MBit/s)
> External 60.191.186.2, 1.618 flows/300s (5 flows/s), 3.298.000 packets/300s (10.993 packets/s), 0,147 GByte/300s (4 MBit/s)
> External 188.244.209.65, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,003 GByte/300s (0 MBit/s)
> External 37.9.113.143, 1 flows/300s (0 flows/s), 2.000 packets/300s (6 packets/s), 0,003 GByte/300s (0 MBit/s)
>

Сегодня они прислали следующее сообщение:

Dear Client

Your server is looked regarding an outgoing DDOS attack. So your server has attacked other server. Please check your server for foreign scripts and processes. We have seen that you are using VestaCP on the server. Regarding the VestaCP forum there is some exploit which uses the API of the control panel.

For further information take a look on the forum of VestaCP please.

Kind regards

Stefan Warsinke

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 505-0
Fax: +49 9831 505-3
www.hetzner.com

Registergericht Ansbach, HRB 6089
Geschäftsführer: Martin Hetzner

08.04.2018 20:45 - ... schrieb:

>
> Vorgang: L00038BA9
> Person: ...
> Ursache:
> The problem is because ddos attack
> Maßnahmen:
> I plan to find ddos ips and ban them.
>
>
>

Соответственно обращаюсь к вам за помощью, можете что-то посоветовать? Спасибо.

[artscripts]

viewtopic.php?f=28&t=16555