New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to find out which VPS (NAT) hacked another website
Currently I have a dedicated proxmox server with 15 nat vps on it, all on the same 1 IP.
There were complaints from other parties stating that our IP carried out port scanning and hack attempts.
I don't know where the log that records outgoing connections is located.
I ask for enlightenment from the masters here.
Comments
Proxmox by default doesn’t do logging of network connections, you need to enable this. However be warned logging every connection can use up a relatively large chunk of storage over time
can you give the detail please ?
I can not found the config
Is there a way to force each NAT VPS to use only a certain range of ports?
This way, when the complaint can supply source port numbers (available in most HTTP server and firewall logs), it would be possible to identify who's the offender.
Blame the user you dislike the most and kick them off.
(I'm joking)
Install the conntrack package. That'll allow you to view which NAT IP address connects to which IP and/or port. If you know which IPs are being targeted just filter with that destination IP. If port scanning is the issue just filter by NAT IPs and see which connects to lots of ports.