Has my server been hacked?

Posted on

Problem :

Recently my host (OVH) shut down my server due to it spamming traffic to another IP:

enter image description here

I’ve got no idea what the other IP is. It doesn’t appear to be a web page (Or if it is, I can’t connect to it).

Here is my latest authentication logs:
enter image description here

My current IP at the time of writing is 146.90.203.194.

Have I been hacked, or is there simply a piece of faulty software? If I’ve been hacked, what can I do about it?

By the way, I don’t use any keys, I only use password authentication.

The server went down at approximately 11:30, which is the same time as the above displayed log.

Solution :

You haven’t been hacked, you’ve been DDoS.
Here’s a (french) page about how to deal with DDoS attacks: https://www.ovh.com/fr/anti-ddos/gestion-attaque-ddos.xml
Some documentation: http://en.wikipedia.org/wiki/Denial-of-service_attack

Also, you’re bruteforced: a bot tries to find your password. Make sure your password is strong, you can also install fail2ban to ban bruteforcing IP.

Leave a Reply

Your email address will not be published. Required fields are marked *