OVH Community, your new community space.

Anti-Hack


adrien.timmer
11/01/2016, 20h33
Its possible that your DNS server was misconfigured and allowed recursive queries which are commonly used in DNS amplification attacks.

janus57
09/01/2016, 13h35
Hello,

simple, something or someone on your server attack other server, so OVH blocked your server to protect the network.

You have to find how he do that en repair it.

Cordialement, janus57

sodierlow
09/01/2016, 13h23
Hi,
Tonight i received an email which says that my server has been used for an attack on several servers


Code:
 - DEBUT DES INFORMATIONS COMPLEMENTAIRES -  Attack detail : 14Kpps/7Mbps 
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reaso  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.160.64:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 193.108.91.154:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 95.100.174.66:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 95.100.174.66:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 23.61.199.67:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 23.61.199.67:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 95.100.174.66:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 193.108.91.154:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 23.61.199.67:53 UDP --- 65 ATTACK:DNS 
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 95.100.174.66:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 193.108.91.154:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 184.26.161.65:53 UDP --- 65 ATTACK:DNS  
2016.01.09 03:12:16 CET 91.121.222.155:46334 96.7.49.67:53 UDP --- 65 ATTACK:DNS     

- FIN DES INFORMATIONS COMPLEMENTAIRES -
Now my server is blocked.
I have open the ticket (id 1729922), can you explain what happened?