Post by hopp on Jan 24, 2013 8:26:42 GMT -5
Would appriciate if someone would move this to announcements, but whatever.
After getting reports of unknown lag and scripts running on the server and a recent attack doing something called ScanSSH, I checked the SSH log and saw that the server has been attacked by dictionary bruteforce attacks, wich basically mean that someone has ran several guessing attacks by using words from a dictionary to try and guess the user and password.
I read over 47000 lines of log and sorted out over 50 unique IP adresses that came from well known spamming countries such as russia and china. Suspect this is a commercial / professional level of spam attack to get more servers in a botnet.
We suspect a rootkit / backdoor installed on the server and will be formating the hard drive to make sure this will not happen again.
That is why there might be some downtime on the server today and maybe tomorrow.
Sorry for the inconvenience.
-Hopp
Note: Map and plugins, ranks and all other goodies are of course backed up before formating!
After getting reports of unknown lag and scripts running on the server and a recent attack doing something called ScanSSH, I checked the SSH log and saw that the server has been attacked by dictionary bruteforce attacks, wich basically mean that someone has ran several guessing attacks by using words from a dictionary to try and guess the user and password.
I read over 47000 lines of log and sorted out over 50 unique IP adresses that came from well known spamming countries such as russia and china. Suspect this is a commercial / professional level of spam attack to get more servers in a botnet.
We suspect a rootkit / backdoor installed on the server and will be formating the hard drive to make sure this will not happen again.
That is why there might be some downtime on the server today and maybe tomorrow.
Sorry for the inconvenience.
-Hopp
Note: Map and plugins, ranks and all other goodies are of course backed up before formating!
