New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
What do you need to explain? Try sending a ticket to your provider
You should open support ticket. Basically your VPS was sending out a lot of bandwidth.
Yep contact the vps provider so that they can limit your port speed and provide you with access to your vps in order to fix your server.
Or you can ask for reinstall if you are not worried about data loss.
This is pretty standard issue support should be able to help you.
Something responding to extreme amounts of mail server connections from your VPS?
I just want to ask you what provider do you use? as I know ftpit uses some system like this that automatically suspends your vps if it detects things like this.....not that I use ftpit anymore though as I got dedicated servers now but anyway yes I would contact your provider and see what happened as I had this issue a couple of times with ftpit when randi and nipon was in charge of it(related to cpu use abuse which I couldn't see how since it was basically a web server, dns server on windows 2012R2)
but anyway this usually means you got hacked and that someone put a port scanner on your vps that basically scans for open mail server relays to send spam out through.
as what I would recommend you wipe that vps immediately if your host unsuspends it and get rid of whatever was causing it(had to do this a couple of times too with ftpit when nipon and randi was in charge.)
sounds like Crissic.
Edit: it is.. but now I noticed they have a $10 plan and I feel like signing up...
Your VPS was very likely breached and is being used as a bot to scan the Internet for open SMTP relays with which to send spam.
Contact your provider, download a copy of everything on its hard drive, then request the VPS be reinstalled from scratch. That is the safest way of ensuring whatever malware or rootkits on it are removed.
I'd also recommend inspecting your logs after you do so, so you can determine how it was breached in the first place.
I would if I were you, support is fantastic.
Yes...its crissic but its shutdown so i can fix the problem
I
@SkylarM
"Abuse" notifications should be written in English, that would help.
Here, no one understands what the problem is.
@noaman
Question: Was this written by a bot or an actual person?
You were possibly using too much I/O, which raises the CPU levels and then sets off flags.
Reinstall if it's hacked and restore from backups, or ask for a copy of your disk if no backups.
Redownload any executables, don't chance it running anything that used to be on the compromised server.
Just reinstalled it..
They replied
This VPS was pegging the load average of jax08 by constantly bruteforcing remote mail relays in attempt to try to send spam mail. This was impacting other customer's VPS experience.
These attempts were done thousands of times a minute.
It is possible your VPS or proxy itself were compromised.
We will unsuspend and shut the VPS down. You may turn it back on, on the condition that you immediately begin fixing it or reinstall the VPS.
We use systems like nodewatch on our servers, which allow us to auto suspend servers in case they go outside of acceptable boundaries. It may be that your VPS was compromised and had a trojan running that was essentially performing DoS attacks, or was using your box as a spam relay.
As those things impede the performance of the box as a whole, and can get the entire range of IPs blacklisted by spamhaus, the general defense for that kind of stuff is to suspend ASAP, and work with the client to get data back (some DC's will end up null routing the entire server, which takes the entire server offline, which is bad for all of the clients)
Looks like you got it back under control, which is good. I would advise looking into adding additional security to the server, and at the very least disable root password login.
okay....got it