New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Constant unknown network usage on a VM.
anubhavhirani
Member
in General
I have a VPS from ExtraVM, I get constant network usage on fresh installs of any OS.
MikeA has been kind to block 2 IPs for me so far which solves the problem however new IPs are showing up now.
216.146.26.101 is not my VPS's IP.
I have tried blocking IP via iptables and ufw but none of those work.
Can I get some help?
Comments
Are you using Cloudflare? That's a CF IP.
Which IP are you talking about?
Cloudflare IP4 range:
https://www.cloudflare.com/en-gb/ips/
None of the IPs are owned by Cloudflare...
Yes, also 216.146.26.101 is not my VPS's IP but GBs of data are being sent and received to my system on a fresh install of OS. I am trying to understand if this is a misconfiguration of the network from my provider's end or if anything needs to be fixed by me. This has never happened before with any other provider.
Why is incoming requests bothering you so much?
I’d say block every IP but your own in that case..
If it is not your IP then how the connections are establishing?
Did you run tcpdump? What are the processes in top/htop? Have you booted into live system to check if your system is infected?
But your VM is on that IP range ?
Shared the tcpdump logs with provider, he is looking into it, IDK much about networking.
top/htop show nothing, have formatted system 3-4 times, on fresh install I see network usage.
Yes, instead of 101 in 216.146.26.101 my IP ends with a different digit.
I hope you use secure passwords and not something like
Admin123?Yes, I have a strong password.
Then it is certainly a misconfiguration on their side.
Yes, that's what I think as well, I have 2 other VPSs from other providers and both of them show VPS's IP instead of any other IP when using nethogs.
What's wrong with Admin123? Seems like a password that is easy to remember.
In the true spirit of Web 2.0 I use something similar, Temp1234, everywhere, even at LET. No issues so far, except some strange post every now and then where I can't remember that I posted it ...
@anubhavhirani, can I ask you to run https://www.caida.org/projects/spoofer/#download-client-software on this VPS? I suspect their network might have security vulnerability allowing malicious customers to spoof source IP.
I hope it is sarcasm and you do not use such weak passwords
So my provider is aware of the issue now and will fix it soon.
Thanks everyone for your help!