Hola, buenos días, tengo un problema serio y necesito alguien que me una mano.
A un cliente, desde el servicio de soporte del servidor dedicado que posee, le han dicho que el servidor fue hackeado y usado para hackear.
Le enviaron este log:
--------------------------- LOGS DE SCAN
---------------------------
DOS UDP attacks to port 80. Peer2peer mode.
startime endtime
scr:port dst:port
-----------------------------------------------------------
-----------------------------------
2012-04-21 13:04:49 2012-04-21 13:05:25
213.251.134.209:47876 94.23.11.167:80
2012-04-21 13:04:58 2012-04-21 13:05:41
213.251.134.209:41079 94.23.11.167:80
2012-04-21 13:05:03 2012-04-21 13:05:41
213.251.134.209:56396 94.23.11.167:80
2012-04-21 13:05:26 2012-04-21 13:05:58
213.251.134.209:52912 94.23.11.167:80
2012-04-21 13:05:25 2012-04-21 13:05:49
213.251.134.209:47876 94.23.11.167:80
2012-04-21 13:05:31 2012-04-21 13:06:14
213.251.134.209:41490 94.23.11.167:80
2012-04-21 13:05:30 2012-04-21 13:06:14
213.251.134.209:45740 94.23.11.167:80
2012-04-21 13:05:41 2012-04-21 13:06:03
213.251.134.209:56396 94.23.11.167:80
2012-04-21 13:05:41 2012-04-21 13:05:58
213.251.134.209:41079 94.23.11.167:80
2012-04-21 13:05:57 2012-04-21 13:06:25
213.251.134.209:52912 94.23.11.167:80
2012-04-21 13:06:00 2012-04-21 13:06:30
213.251.134.209:35327 94.23.11.167:80
--------------------------- FIN DES LOGS
---------------------------
--------------------------- LOGS DE SCAN
---------------------------
DOS UDP attacks to port 80. Peer2peer mode.
startime endtime
scr:port dst:port
-----------------------------------------------------------
-----------------------------------
2012-04-21 13:07:41 2012-04-21 13:08:21
213.251.134.209:33813 64.191.102.135:80
2012-04-21 13:07:43 2012-04-21 13:08:21
213.251.134.209:43322 64.191.102.135:80
2012-04-21 13:07:41 2012-04-21 13:08:21
213.251.134.209:42096 64.191.102.135:80
2012-04-21 13:07:48 2012-04-21 13:08:17
213.251.134.209:48229 64.191.102.135:80
2012-04-21 13:07:49 2012-04-21 13:08:14
213.251.134.209:55726 64.191.102.135:80
2012-04-21 13:07:48 2012-04-21 13:08:18
213.251.134.209:58335 64.191.102.135:80
2012-04-21 13:08:07 2012-04-21 13:08:37
213.251.134.209:52984 64.191.102.135:80
2012-04-21 13:08:04 2012-04-21 13:08:31
213.251.134.209:50408 64.191.102.135:80
2012-04-21 13:08:24 2012-04-21 13:08:54
213.251.134.209:44841 64.191.102.135:80
2012-04-21 13:08:19 2012-04-21 13:08:54
213.251.134.209:35514 64.191.102.135:80
2012-04-21 13:08:21 2012-04-21 13:08:42
213.251.134.209:43322 64.191.102.135:80
--------------------------- FIN DES LOGS
---------------------------
Es correcto el proceder del servicio de ovh? se han perdido más de cien gigas en datos :s
Cualquier dato lo agradezco. Saludos!