Server Locking
There are some situations in which we are forced to lock a server. If your server gets locked you will be notified via a support ticket.
Reasons for Server Locking
The most common reasons for locking a server are:
- Attacks from/on your server
- Interference to the network by port scans
- Incorrect network configuration
- Non-payment of invoices
- Abuse (e.g. hosting a phishing site/malware/copyright infringing material, etc.)
We lock servers for multiple reasons, including protecting our infrastructure, as a precautionary measure to prevent any possible further abuses and to protect the server owner.
To assist in analyzing the problem, a log file with as much information as we have is added to the email. Please note that we don't have additional information or log files to those we provide. We don't have software access to the server and thus cannot see what exactly is going on. Please check your own internal server logs and analyze the issue yourself.
Log Files
Information on Port-/Netscans
################################################################### # Netscan detected from host x.x.x.x # ################################################################### time src_ip dest_ip:dest_port ------------------------------------------------------------------- Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.0: 22 Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.1: 22 Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.2: 22 Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.3: 22 .....
This log shows the exact time and the source IP, as well as the destination IP and port.
Summary on exceeded Packet Limits
Direction OUT Internal 178.63.65.85 Threshold Packets 100.000 packets/s Sum 40.674.000 packets/300s (135.580 packets/s), 40.673 flows/300s (135 flows/s), 5,909 GByte/300s (161 MBit/s) External 77.96.88.114, 40.668.000 packets/300s (135.560 packets/s), 40.667 flows/300s (135 flows/s), 5,909 GByte/300s (161 MBit/s) External 196.37.186.67, 5.000 packets/300s (16 packets/s), 5 flows/300s (0 flows/s), 0,000 GByte/300s (0 MBit/s) External 77.74.52.53, 1.000 packets/300s (3 packets/s), 1 flows/300s (0 flows/s), 0,000 GByte/300s (0 MBit/s)
This log does not list each connection separately but rather shows a summary of the traffic per destination IP. It shows the packet rates, the flow rate as well as the total connection speed.
Detailed Traffic Dump
21:44:53.145756 IP x.x.x.x.55008 > 76.9.23.182.29615: UDP, length 9216 21:44:53.145883 IP x.x.x.x.55030 > 76.9.23.182.45527: UDP, length 9216 21:44:53.146007 IP x.x.x.x.55046 > 76.9.23.182.1826: UDP, length 9216 21:44:53.146126 IP x.x.x.x.55064 > 76.9.23.182.34940: UDP, length 9216 21:44:53.146249 IP x.x.x.x.55080 > 76.9.23.182.20559: UDP, length 9216 21:44:53.146371 IP x.x.x.x.55093 > 76.9.23.182.31488: UDP, length 9216 21:44:53.146493 IP x.x.x.x.55112 > 76.9.23.182.56406: UDP, length 9216 21:44:53.146616 IP x.x.x.x.55132 > 76.9.23.182.43714: UDP, length 9216 21:44:53.146741 IP x.x.x.x.55147 > 76.9.23.182.64613: UDP, length 9216
In this case a detailed traffic dump is created which contains all (incoming and outgoing) connections. This shows the following information: destination IP, destination port and the size and type of packets. As each individual packet is shown, only a small part of the traffic is captured owing to the huge amount of information involved.
Server Unlocking
Before the server can be unlocked, the problem that caused it to be locked needs to be resolved. Once this has been conclusively done you need to send us an unblock request via the Support ticket, stating in it how this was happened and what are the preventive and corrective actions tacken towards that issue.
