View Single Post
  #4  
Old 28th May 2013, 15:11
monkfish monkfish is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 106
Thanks: 9
Thanked 15 Times in 14 Posts
Default

Hello Nioubee,

I am still plagued with rogue traffic coming from OVH network but that is a different story. Trying to get OVH to acknowledge it is futile. This is occuring only a few weeks after a large-scale Bitcoin hack on servers hosted by them.

Never mind - see the log you were sent - suggests to me that its apache/ngingx that generated that traffic.

Did you look at the sites on your server? Are there any suspicious files on there, any recently changed files? Any spurious activity to/from your server?

Perhaps a "tcpdump port 80" or similar might reveal something.

On the firewall side, maybe if its relevant to you consider outgoing traffic rulesets as well as incoming. Checkout http://www.fwbuilder.org/ for a wonderful GUI tool for implementing firewall rulesets.
Reply With Quote