Possibly Compromised VPS

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
User avatar
hakkuo23
This is my homepage
This is my homepage
Posts: 88
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Thu Aug 05, 2010 5:04 pm

Possibly Compromised VPS

Post by hakkuo23 »

So I just got rate-limited since my VPS was attacking various IPs. How can I check if my server is compromised or what script was launching attacks like that?

Thanks!
Top
User avatar
Edge100x
Founder
Founder
Posts: 13190
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Re: Possibly Compromised VPS

Post by Edge100x »

This would be your best starting point: http://www.nfoservers.com/forums/viewto ... =46&t=5059
Top
User avatar
hakkuo23
This is my homepage
This is my homepage
Posts: 88
Joined: Thu Aug 05, 2010 5:04 pm

Re: Possibly Compromised VPS

Post by hakkuo23 »

I did follow the guide but after reinstalling Gentoo it's happening again. It's probably something with my software but I don't know how to investigate this. What should I do?
Top
User avatar
Edge100x
Founder
Founder
Posts: 13190
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Re: Possibly Compromised VPS

Post by Edge100x »

Logs will usually show you the unusual behavior (Apache logs, for instance, or system logs). If you look through your server's files, you will also usually find the bot being run, such as in the webroot or /tmp or /var/tmp.
Top
Post Reply

Return to “Dedicated servers and Virtual Dedicated Servers”