Link to home
Start Free TrialLog in
Avatar of Roslan Ramli
Roslan RamliFlag for Malaysia

asked on

VPS Blocked due to brute force attacks

'We have received reports of abuse coming from your Spring Server. Your server is being used in a brute force attack as these logs we received show:'

I have manage to get into the server and the advise was as below:

Even though the server is blocked, you can still log into it via the
spring console. Once in there check all the processes that you are
running and kill the process that is performing these brute force
attacks. You should also enable the firewall and block your server from
performing these attacks on port 22. You'll probably want to check for
any accounts on your server that you do not recognize and change your
root password in case it has been compromised. Let me know when you have
taken care of this and I'll unblock the server.

How do I check what process is running and kill the process that is performing these brute force attacks.

Thank you.

Avatar of torimar
torimar
Flag of Germany image
In a terminal, type:
sudo top

This will give you a real time impression of what is going on on your server, which processes are active and running (the ones at the top) and which user accounts they are running under. Take note of the most active commands, their users and PIDs.
You leave 'top' by typing 'q'.

To get to know which exact process is using port 22, type:
sudo fuser -v 22/tcp

Make note of the process ID (PID) and kill any unwanted process by typing:
kill <PID>

Then proceed to secure your server following the instructions in the message you got.
ASKER CERTIFIED SOLUTION
Avatar of torimar
torimar
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of torimar
torimar
Flag of Germany image
/edit:
Please ignore that last line.