Anti Hack SRSLY?

Either your server originates harmful traffic towards other people (inside or outside OVH network)
Or your server is the target of coordinated attack against you, most often due to the nature of the activity carried out on that server.

In your case, from the fragment posted at the beginning of this conversation, your server repeateadly attacks 222.187.220.202 in China, on port 7007.
These are 25 SYN packets within less than one second, this kind of attack is named a SYN flood.

Either you know exactly what happens on your server and we close this conversation, or you don't know what happens on your server, and OVH has blocked it until you use your knowledge in order to locate and cure the malware that is running on it.
If this happens again, the only way to regain control will be to reformat your server from scratch.

No refund is expected if you don't have the required knowledge. Hire a competent sysadmin. OVH has not broken its terms and conditions.

Please note that I'm not from OVH either. I'm a customer like you.

You get blocked again if your server (better said: the software ON your server) start DOSSing again.

If you didn't already did so, backup everything (except the DOSS code.
RE-INSTALL your server (visit the manager, chose an OS, and hit the install button. The will nicely clean out your server's hard drive.
Your server will not get blocked anymore, because your server will NOT attack other servers any more.

If you do not re-install the OS: Do not unblock your server before you found, identified, and removed the offending code.

Be very carefull now: when your server is put into anti-doss (hack, or whatever) mode a third time, you will have a FTP read only access for backup purposes, and then, after a couple of days, you will be thrown of your server. This means you will lose your server, and NO, they will NOt refund because you broke the rules (having your server being hacked).
Don't feel offend, your not the only one with a server getting hacked, it happens all the time. Exemple : the FBI in the US just "lost" all personal files of all employees (acces codes, names, addresses, etc) because some 'chinese" people came by .........
(I guess the patriot act will get an extension now .... )

Please note : I'm a client as you - I rent servers from OVH - I'm NOT working for OVH.

and here we go again i am blocked and i dont install any script malicious you just steal 15€ form me

.. and here we go again.

You do not really need a firewall in front of your server, or a firewall ON your server.
I never had one in front, never used the one on my server.

Hackers can only enter by ports that are served by services like SMTP, POP, IMAP, HTML, SSH, telnet, FTP, etc.
They use (abuse) the lousy setup or very bad ugly written PHP code (Java, html, or whatever).

Do I have to remember you that scripts and services that run on your VPS are YOUR responsibility, and only YOURS. If you have ANY doubt about a program (service), script, game, or what ever, DO NOT install it.
If you chose to install it, YOU amuse responsibility.

If you think you can't handle the issue, that not a problem : contact some one to do so. DO NOT contact OVH, they only handle the physical matters of your VPS, not YOUR choice.


Btw: do THE test : re-install OS - install an OS without any gadgets (no http, ftp, pop, smtp, ntp, what ever pre-installed). It will have a working SSH access, that's it.
Receive the password, print it out, and throw away the mail.
Come back 2 years later : your servers wasn't touched, Its still running. No hacks - nothing.
This test NEVER fails .... and proofs that there is actually only ONE danger for your server : the admin that puts files on it, activated services that make the server hackable.

A solution is : learn about ANY issue on your server - install only what is really need - learn how to handle any software that you install - learn how to recognize hacking attempts (you gonna love these log files) - keep out the nasty ones (your new friends will be your best enemies tomorrow). Learn how to test. How to backup.
And the best one :
Know that your are always wrong about the security on your server. This will be valid upon the day that a more knowledge guy drops by and said you were wrong.

If your really need to activate a firewall, drop all connections that are coming in on port 21,22,23,25,110,443, etc. This will stop 99,9999 % of all hack attempts.

Yes and when the client have a bad service during night contact support they open all ports for solution lol, and client got hacked is that the contract? i dont do any atack nobody enter in my vps and it happends? Say thar its my fault but all know that isn t

Extract of the Terms and conditions:
< l’ensemble des connaissances techniques nécessaires pour assurer une
administration correcte d’un serveur informatique tel que les Instances
proposées par OVH, réaliser la sauvegarde des données stockées. Le Client
s’engage également à prendre connaissance de la documentation mise à
disposition par OVH et relative au service OVH Cloud. Le Client a la
possibilité d’installer par lui-même des logiciels sur l’Instance. Ces
installations se font sous son entière responsabilité, et OVH ne pourra
être tenu pour responsable d’un défaut de fonctionnement de l’Instance
consécutif à ces installations. OVH se réserve la possibilité de filtrer
certains ports jugés sensibles pour la préservation de l’Infrastructure.
De même, le Client reconnait que des limitations sur les flux UDP / ICMP
sont mises en place.
>>

Support only say "Currently your server is blocked" i go refund my money!

Hello,

in you panel or in another mail, don't know if it's the same and i was never in this situation.

Or open support ticket to know more.

Cordially, janus57

Where can i acess that?

Hello,

normally you have access to rescue mode to do the necessary.

Cordially, janus57

Service was suspensed what can i do?

This is so strange

Hello,

patch the VPS, clean the VPS and delete all scripts or whatever put/do by the hacker.

VPS are like dedicated server, if you don't know how to use it you should use shared hosting instead.

On VPS, you are the only administrator which need to secure from A to Z the VPS and the software and all the thing you have on the VPS (like website, web application, etc...)

Cordially, janus57

And i pay for nothing what i have suppose to do^? 24h seeing the vps? Omg i'm so hungry

Hello,

visibly you VPS got hacked and start DOS again 222.187.220.202

Cordially, janus57

I dont practice nothing illegal and today my vps go down with that message:


Ola,

Uma atividade anormal foi detetada no seu servidor VPS vps172540.ovh.net.


Isso constitui uma rutura de contrato, o seu servidor vps172540.ovh.net
foi bloqueado.

Podera encontrar aqui os logs que conduziram a criacao deste alerta:

- INICIO DAS INFORMAC?ES COMPLEMENTARES-

Attack detail : 7Kpps/7Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2015.06.03 16:31:50 CEST 151.80.156.241:56178 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:64785 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:30462 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:206 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:54095 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:27334 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:29265 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:23756 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:8217 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:55380 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:5814 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:43352 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:47883 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:62232 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:13773 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:54479 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:140 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:8862 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:7335 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN
2015.06.03 16:31:50 CEST 151.80.156.241:55756 222.187.220.202:7007 TCP SYN 1047 ATTACK:TCP_SYN



- INICIO DAS INFORMAC?ES COMPLEMENTARES -

Cordialmente,

Suporte OVH.

_____________________________________

No logic, i dont do nothing i pay 6 months! I can´t understand that and now nobody response me im waiting!