We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

My Server Is In FTP Rescue Mode/Anti-Hack Please Help!


24x7servermanagement
2016-06-24, 02:47 AM
It appears to be an outgoing attack and you haven't installed Firewall on the server. Install a firewall and run a complete malware scan on your websites.

Phil @ OVH
2016-06-23, 12:17 PM
Hello,

Penetration testing is specifically forbidden in our terms of service. I see you've already handled this issue with support.

Regards
Phil C.

shubhamc
2016-06-21, 08:27 AM
Dear Customer,

As your server ns384385.ip-46-105-123.eu is presenting too great a threat to our network,
we had no choice but to place it in 'rescue FTP' mode. An email
containing a username and password has been sent to you so that so you can
easily retrieve any data still located in the storage space.

Please do not hesitate to contact our technical support so that this
situation does not become critical.

You can find the logs brought up by our system below which led to this alert.

- START OF ADDITIONAL INFORMATION -

Attack detail : 12K scans
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2016.06.19 07:17:04 CEST 46.105.123.28:44473 82.110.51.245:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:44473 82.110.51.244:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:42394 62.186.124.29:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:44472 82.110.52.114:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:44473 82.110.51.255:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:50783 213.120.63.255:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:50783 213.120.64.1:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:49593 195.200.0.211:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:49593 195.200.0.223:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:50784 213.120.63.238:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:40684 82.32.178.2:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:49592 195.200.1.33:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:40684 82.32.178.1:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:49592 195.200.1.38:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:50783 213.120.64.15:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:61044 82.111.204.122:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:40684 82.32.178.20:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:40684 82.32.178.19:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:40684 82.32.178.27:443 TCP SYN 44 SCAN:SYN
2016.06.19 07:17:04 CEST 46.105.123.28:61044 82.111.204.137:443 TCP SYN 44 SCAN:SYN



- END OF ADDITIONAL INFORMATION -

Kind regards,

OVH Customer Support
Best regards,

Kimsufi.com Customer Service
Contact: http://forum.ovh.ca
---------------------------------------------------------------------------------------------------------------------------------------------
Kimsufi by OVH HOSTING INC. - http://www.kimsufi.com/us
800-625 av. du Président-Kennedy
Montréal (Québec) H3A1K2
Canada

Hello,

Your server has been started in rescue mode so you
can recover your data.

You only have FTP access read-only with the following
login details:
- Username: username
- Password: password


Best regards,

Kimsufi.com Customer Service
Contact: http://forum.ovh.ca
----------------------------------------------------------------------------------------------------------------------------------------------
I got two emails like this don't know what to do now i was just doing peneration testing is they have banned me? i also created a ticket but they haven't replied till now! Please Help I Need My Server Back