Messages

1

Installation / Re: Outgoing attacks to randomIPs "After clean cwp insallation"

« on: December 21, 2022, 06:41:44 PM »

1  week ago I do clean installation centos7 with centos web panel but I dont transfer my website and i dont start using this vps...

Vps created and builded with centos7 from Hetzner panel / new vps server with new ip (not blacklisted) maybe not used from long time ago.

- A few hours later i receive abuse warning mail from Hetzner and i see "17 TB traffic outgoing" used by my vps.
 (i never see up 100gb/per month in my life... and this vps not host website.)


- I check server logs, php files, nothing wrong and no one enter my vps via ssh/ftp or cwppanel.

 I do malware scan, clamav scan, rkhunter scan, chrootkit scan nothing found, no virus/exploit detected.

I format and rebuild my vps again but iftop screen same as old, i create new ip different vps and do same installation, same attacks happen again my fresh build vps attacking random ips.

When i power-on attacks start again
hetzner panel:
ssh iftop:

a few hours later
hetzner panel: (breaks=vps stopped)
ssh iftop:

When i create firewall rule from Hetzner panel (incoming 80 8080 53 (deny all other ports)) attacks stop


I think my vps has exploit or virus and i dont do anything but installing cwp...


Could i be missing something, do you have any advice that can help me with this?

 Thank you.

I have the same problem. Anybody who know about the solution please share exact answer here.