My site was hacked and a DoS attack was performed from it - it was taken down by the ISP and is now in rescue state with SSH access only.
It's a dedicated server with SUSE 9.
Here is the description of the attack:
due to a DoS attack originating from your server we have just taken it offline.
An excerpt of the attack:
begin : [url removed, login to view] 07:00:00 (07:00:00.0282) CET/CEST*
end : [url removed, login to view] 07:05:00 (07:05:00.0226) CET/CEST*
src ip : XXX
dst ip : XXX
src port : XXX (I'll give you all the details when we start working)
dst port : XXX
protocol : udp
bytes : 1798159278 (1714.86 MBytes, 45.73 Mbps avg)
packets : 31546654 (30807.28 Kpackets, 105155.51 pps avg)
My ISP demands that I find out what was the reason and remove it (rootkit or whatever it is) - just after that I can restore my server.
5 freelancere byder i gennemsnit $82 for dette job
I have over 15 years of professional unix system administrative experience... please review my profile and let me know if you have any questions. Thanks. Ted.