Answer the question
In order to leave comments, you need to log in
Suspicious activity on the hetzner server. How to discover?
Yesterday I rented a server from hetzner.de
Installed an ISPlite5 panel. In less than a day, I received a letter from them about suspicious activity, and after another 4 hours, that ddos was being conducted from my server.
Not strong in administration. More precisely, zero in administration.
How to detect this activity?
ddos-abuse
An IP address (xxxxxxxxxx) under your control appears to have attacked=
one of our customers as part of a coordinated DDoS botnet. We manually rev=
iewed the captures from this attack and do not believe that your IP address=
was spoofed, based on the limited number of distinct hosts attacking us, t=
he identicality of many attacking IP addresses to ones we've seen in the pa=
st, and the non-random distribution of IP addresses
We have received information that there was an attack from your server.
Direction OUT
Internal xxxxxxxxx
Threshold Packets 100.000 packets/s
Sum 75.987.000 packets/300s (253.290 packets/s), 4 flows/300s (0 flows/s), 2.052 GByte/300s (56 MBit/s)
External 104.85.165.1, 75.987.000 packets/300s (253.290 packets/s), 4 flows/300s (0 flows/s), 2.052 GByte/300s (56 MBit/s)
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question