Answer the question
In order to leave comments, you need to log in
D
D
Daniil Vshivtsev2018-04-09 10:14:59
Daniil Vshivtsev, 2018-04-09 10:14:59
How to stop ddos from your server?
Given: a server with centos 7.3 with private key authorization, the latest VestaCP installed.
There is one project on the server (access to which is limited by ip, I’m not afraid for it) and an abandoned wordpress blog, which, judging by the request logs, caused my problems (brute force password guessing).
Since yesterday morning, in the statistics of the hoster on network usage, the number of sent packets exceeded 600k in a few minutes (chart prntscr.com/j2re5n)
The server was blocked due to an outgoing flood. I safely demolished all the blog files, but after starting the server, sending packets in the same quantities continues, the server is blocked for flooding again.
Hence the question. What course of action is taken in such cases? How can I determine why the server is behaving this way and restore normal operation?
2 answer(s)
@dahujika
@morihaos
A
Alexander, 2018-04-09 @dahujika
https://forum.vestacp.com/viewtopic.php?f=10&t=16556
https://forum.vestacp.com/viewtopic.php?f=10&t=16558
https://forum.vestacp.com/viewtopic. php?f=28&t=16555
VestaCP has been compromised. The reason is her.
People point to /etc/cron.hourly/gcc.sh (XOR.DDoS) as malware.
M
Moris Haos, 2018-04-09 @morihaos
Hello,
1. Remove any panels (Vesta, SePe, etc.) and steer the server from the console, updating the software in a timely manner.
2. Hire a specialist who will conduct the necessary audit and bring the server back to normal.
To write here everything that a specialist will do is a very long time.
Similar questions
A
F
K
kira_izurudes2021-10-26 11:43:37
I can not reissue certificates on Zimbra, where is the problem?
2Reply
W
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question