Hi! About 3-4 days ago I installed an aapanel on a TEST VPS server which has nothing else. Today at 6:30 pm I received an email from my provider that I added the ip address of the server to the blacklist. Because it was an outbound attack. "Dear Customer, The IP address 54.37.180.64 had to be blocked by our services due to the various alerts received. Please don't hesitate to contact our technical support team so that this situation does not become critical. You can find the logs brought up by our system which lead to this alert. START OF ADDITIONAL INFO - Attack detail : 24Kpps/174Mbps dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason 2020.04.01 18:29:49 CEST my.vps.ip:40408 144.0.2.181:80 TCP SYN 16384 14860288 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:40780 144.0.2.181:80 TCP SYN 16384 15122432 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:39345 144.0.2.181:80 TCP SYN 16384 15024128 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:49380 144.0.2.181:80 TCP SYN 16384 15400960 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:28695 144.0.2.181:80 TCP SYN 16384 15302656 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:33122 144.0.2.181:80 TCP SYN 16384 14860288 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:64148 144.0.2.181:80 TCP SYN 16384 15368192 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:5796 144.0.2.181:80 TCP SYN 16384 15106048 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:49776 144.0.2.181:80 TCP SYN 16384 15597568 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:61022 144.0.2.181:80 TCP SYN 16384 15106048 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:45063 144.0.2.181:80 TCP SYN 16384 15433728 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:47176 144.0.2.181:80 TCP SYN 16384 15007744 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:19590 144.0.2.181:80 TCP SYN 16384 15073280 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:17835 144.0.2.181:80 TCP SYN 16384 15220736 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:14842 144.0.2.181:80 TCP SYN 16384 15548416 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:683 144.0.2.181:80 TCP SYN 16384 15532032 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:41231 144.0.2.181:80 TCP SYN 16384 15417344 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:53109 144.0.2.181:80 TCP SYN 16384 15482880 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:44914 144.0.2.181:80 TCP SYN 16384 14827520 ATTACK:TCP_SYN 2020.04.01 18:29:49 CEST my.vps.ip:22765 144.0.2.181:80 TCP SYN 16384 15433728 ATTACK:TCP_SYN " I'd like an explanation of the story!

DDOS outgoing traffic

raptor666

Hi!
About 3-4 days ago I installed an aapanel on a TEST VPS server which has nothing else.
Today at 6:30 pm I received an email from my provider that I added the ip address of the server to the blacklist.
Because it was an outbound attack.

"Dear Customer,

The IP address 54.37.180.64 had to be blocked by our services due to
the various alerts received.

Please don't hesitate to contact our technical support team so that this situation does not become critical.

You can find the logs brought up by our system which lead to this alert.

START OF ADDITIONAL INFO -

Attack detail : 24Kpps/174Mbps
dateTime srcIp:srcPort 2020.04.01 18:29:49 CEST my.vps.ip:40408 2020.04.01 18:29:49 CEST my.vps.ip:40780 2020.04.01 18:29:49 CEST my.vps.ip:39345 2020.04.01 18:29:49 CEST my.vps.ip:49380 2020.04.01 18:29:49 CEST my.vps.ip:28695 2020.04.01 18:29:49 CEST my.vps.ip:33122 2020.04.01 18:29:49 CEST my.vps.ip:64148 2020.04.01 18:29:49 CEST my.vps.ip:5796 2020.04.01 18:29:49 CEST my.vps.ip:49776 2020.04.01 18:29:49 CEST my.vps.ip:61022 2020.04.01 18:29:49 CEST my.vps.ip:45063 2020.04.01 18:29:49 CEST my.vps.ip:47176 2020.04.01 18:29:49 CEST my.vps.ip:19590 2020.04.01 18:29:49 CEST my.vps.ip:17835 2020.04.01 18:29:49 CEST my.vps.ip:14842 2020.04.01 18:29:49 CEST my.vps.ip:683 2020.04.01 18:29:49 CEST my.vps.ip:41231 2020.04.01 18:29:49 CEST my.vps.ip:53109 2020.04.01 18:29:49 CEST my.vps.ip:44914 2020.04.01 18:29:49 CEST my.vps.ip:22765 " dstIp:dstPort protocol flags packets bytes reason

144.0.2.181:80 TCP SYN 16384 14860288 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15122432 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15024128 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15400960 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15302656 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 14860288 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15368192 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15106048 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15597568 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15106048 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15433728 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15007744 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15073280 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15220736 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15548416 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15532032 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15417344 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15482880 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 14827520 ATTACK:TCP_SYN

144.0.2.181:80 TCP SYN 16384 15433728 ATTACK:TCP_SYN

I'd like an explanation of the story!

aaPanel_Jose

raptor666
Is your server ssh port the default port? Is the ssh password strong enough?

Stealth

Have a Wordpress site without security on it?

DidHT

Hi,
I got the same issue today. How did you re-establish the service and how many time did it take to get a good support from your hosting service (Which looks to be the same I'm using).
Thanks