New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
need help, vps suspended by letbox because of port scanning.
need help to explain firewall log. they say my vps was port scanning on their network, (never do that).
my vps ip is
144.172.68.146
2a0b:ae41::35
2a0b:ae41::36
2a0b:ae41::37
2a0b:ae41::38
thank.
the log.
Comments
How about
Well
I dont know
Asking your provider through a ticket?
already on the ticket, they send me that log.
Your vps compromised?
I think the provider has a duty to prevent others on the node from being compromised. Letbox doesn't have poor reviews except for maybe less than competent English. If you don't know how it happened, I think it is more probable that you don't really know how to secure your server.
looking at that logfile, it seems that you have been owned by a martian source.
This may be a symptom of inferior pootassiums.
EDIT2: Good luck with your LetBox
EDIT3:
Seriously, I'll be interested to better understand the "martian source" entries.
Hopefully someone (not me) will have a clue or two to share ...
EDIT4:
https://serverfault.com/questions/244648/linux-martian-source-in-var-log-messages/
I learned something new today.
not sure, but found several trojan on my windows PC. and only using Public Key authentication to login.
using centminmod for the no panel and using the default firewall option from centminmod
Honestly, these information are not very inspiring in terms of how you have been managing your server...
Your VPS and workstation are compromised. Format both.
Also ... (to my way of seeing this)
it is your potatoe that is at odds with your buffaloe.
You must strive to embiggen the pootassiums for both.
EDIT2:
but yeah, if you don't know what's going on on your boxen to explain that network activitah ...
... kill -9 'em all and let Root sort it out.
Well, it is a short term solution but unlikely to be a long term one because it appears to me there are deeper underlying issues in terms of technical knowledge of security practices. I mean I haven't had any malware issue for over a decade on Windows, and it is actually quite easy to avoid trojans and stuff if you make it a habit not to click or tap something that doesn't look obviously legitimate.
yes, the support say my vps is compromised.
thank.
Ask them to secure for u
Sometimes ssh keys can be a weakness, like exporting inferior potassium.
I dunno ... do they claim to have "uncompromising support" ...?
If so then yes certainly fair to ask them to "uncompromise" it for you, LOL ...
Otherwise, maybe not so much.
EDIT2:
(Unless iyour LetBox was sold as a "managed" or even "semi-managed service. Otherwise it would be @key900 doing you a favor to go beyond the call of duty. This time. But probably will be wasted effort on his part if you don't study better security practice.)
its unmanaged. but letbox support is great and helping on this case.
i still think from the firewall log show, the attack is not from my ip, like
and here the reply from their support about above ip
Good on them for helping.
I am not surprised.
Windows is a trojan itself.
It even wipes the MBR
Interesting that they are assigned to Fran
I see nothing wrong in wiping the MasterBate Record.
I do, it helps me remember what I've already knocked one out to
We always do our best to help as we can even thought we are unmanaged, the client issue has been fixed, Hopefully don't got cracked again.
don't got confused We have our owned prefix too.
@blade88 It appears that you are a hakor and you should stop haxoring peoples.
Either that or some of them free hakors done haxored your box and now utilizes it to hak tex worlds.
Anyhow, it's your responsibility to secure your machine.
Reinstall from scratch and don't screw up on security this time.
PS: This too.
While your provider shouldn’t have to “uncompromise” it for you, a good one would be happy to wipe it and reinstate your access. That is assuming this doesn’t become a recurring problem.
Wow. I am going with Letbox for my next VPS when I need one. Incredible service (and they actually own their data centers so that's a great bonus). Plus they have good speeds to Asia from my testing of their looking glass (LA if I don't remember wrongly).
@poisson I've used Letbox @key900 for almost a year. Excellent value and good Support. So much so, I changed to another package from them last month (an upgrade, for my needs.)
How often do VPS's get compromised? Is it ever due to the configuration of the base OS template / image? Do providers have time to investigate or do they just destroy the VM?
If your VPS gets compromised it's usually your own fault.