• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

find a UDP threat

W

wildwilla

New Pleskian
Hiya All

My ISP ha just contacted me to say one of our hosted VPS Plesk severs has a UDP attack emanating from it.

How best can i trouble shoot this ?

the server runs plesk "Parallels Plesk Panel version 9.5.4"
 
Last edited:
Sounds similar to what I had to deal with yesterday. There are two avenues that you need to take -- what's causing the UDP flood and how it is being caused.

I suspect you need to look for created this week that container code similar to:
eval(urldecode(@$_REQUEST['encoded_bad_stuff']

We had 3 servers that had a few hundred of these files created through an exploit in Plesk Panel on Tuesday evening. Yesterday, those files were accessed and triggered a UDP flood on our network.

Talk to parallels support about the hotfix issued last night for 9.5.4 that supposedly resolves the sql injection vulnerability in Plesk Panel.

more information on my situation in this other thread:
http://forum.parallels.com/showthread.php?t=257260
 
You must log in or register to reply here.

Similar threads

T
Resolved Plesk license renewal - help
Replies
3
Views
2K
tonyolm
T
B
Question IP Address Mail Blacklisted SORBS- Cannot remove
Replies
3
Views
1K
Peter Debik
P
marvin
Issue IMAP requires security certificate? Maybe?
2 3
Replies
40
Views
4K
Peter Debik
P
marvin
Issue Plesk-hosted Email down
Replies
7
Views
950
Peter Debik
P
J
Issue Random 403 Forbidden errors
Replies
6
Views
2K
ic3_2k
I
Back
Top