• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Abuse from OVH

T

Trinoria

Member
Joined
Oct 12, 2014
Messages
17
Reaction score
5
So.. I have had ovh for a while now and this has never happend before, I am running ubuntu 20.04

Just wondering if somebody else has gotten these mails from them? This resulted in my server shutting down but luckily I had backups.. As I just thought they were SPAM
BLACKEDOUT are just my IP for my server!
wierd reports.PNG
 
Sounds like you were attempting to bruteforce into a ssh login, you deserve to have it suspended.
 
Trinoria said:
This resulted in my server shutting down but luckily I had backups
Click to expand...
Did they remove your server or only cut internet access to it?
Yeeeeears ago I had some VPS in OVH that I left not updated for few years and someone hacked it and used for attack.
I received e-mail from OVH about my server being part of some botnet and that they turned off all outgoing connections and all incoming except port 22.

After that, I had to run server in 'rescue mode' to get my files/databases:
docs.ovh.com

Activating and using rescue mode on a VPS

Find out how to use the OVHcloud rescue mode to troubleshoot your VPS and run system checks
docs.ovh.com docs.ovh.com
docs.ovh.com

How to activate and use rescue mode

Find out how to use the OVHcloud rescue mode to troubleshoot your dedicated server
docs.ovh.com docs.ovh.com
Then I had to reinstall OS. There was option to 'clean system' in rescue mode and click 'my server is clean, turn on internet access', but it's much easier to reinstall OS, than to search for every backdoor that hacker left on VPS.
 
Gesior.pl said:
Did they remove your server or only cut internet access to it?
Yeeeeears ago I had some VPS in OVH that I left not updated for few years and someone hacked it and used for attack.
I received e-mail from OVH about my server being part of some botnet and that they turned off all outgoing connections and all incoming except port 22.

After that, I had to run server in 'rescue mode' to get my files/databases:
docs.ovh.com

Activating and using rescue mode on a VPS

Find out how to use the OVHcloud rescue mode to troubleshoot your VPS and run system checks
docs.ovh.com docs.ovh.com
docs.ovh.com

How to activate and use rescue mode

Find out how to use the OVHcloud rescue mode to troubleshoot your dedicated server
docs.ovh.com docs.ovh.com
Then I had to reinstall OS. There was option to 'clean system' in rescue mode and click 'my server is clean, turn on internet access', but it's much easier to reinstall OS, than to search for every backdoor that hacker left on VPS.
Click to expand...

That's it. We have proof that gesior is a billionaire that doesn't care about paying for VPN for years.

make it rain money GIF by Allure
 
Itutorial said:
You ddosing people?
Click to expand...

Alpha said:
Sounds like you were attempting to bruteforce into a ssh login, you deserve to have it suspended.
Click to expand...

lmao, no I havent done anything the only thing I did on it was run this SIMPLE ALL IN ONE: From nothing to a fully working dedicated server on Ubuntu (https://otland.net/threads/simple-all-in-one-from-nothing-to-a-fully-working-dedicated-server-on-ubuntu.212117/) on it, then just left it running. There was nothing else installed on it. I wouldn't even know how to ddos someone using it.(I am not saying this caused it, just saying this is all that was installed on it)
Gesior.pl said:
Did they remove your server or only cut internet access to it?
Yeeeeears ago I had some VPS in OVH that I left not updated for few years and someone hacked it and used for attack.
I received e-mail from OVH about my server being part of some botnet and that they turned off all outgoing connections and all incoming except port 22.

After that, I had to run server in 'rescue mode' to get my files/databases:
docs.ovh.com

Activating and using rescue mode on a VPS

Find out how to use the OVHcloud rescue mode to troubleshoot your VPS and run system checks
docs.ovh.com docs.ovh.com
docs.ovh.com

How to activate and use rescue mode

Find out how to use the OVHcloud rescue mode to troubleshoot your dedicated server
docs.ovh.com docs.ovh.com
Then I had to reinstall OS. There was option to 'clean system' in rescue mode and click 'my server is clean, turn on internet access', but it's much easier to reinstall OS, than to search for every backdoor that hacker left on VPS.
Click to expand...
Well I couldn't find my files on the "rescue mode" they put it in. Don't know if its possible to gain access to it again or not, couldn't care so much as I had backups of my server. So I just reinstalled the VPS.
 
Trinoria said:
Well I couldn't find my files on the "rescue mode" they put it in
Click to expand...
First step after running rescue mode is to 'find your disk' (device in dedicated server/VPS with ID like /dev/hda1) and 'mount it', so it's available in some folder like /mnt/:
I did this procedure on someones VPS last week. He fucked up Linux and after 'reboot' SSH did not start, so it was not possible to connect to server. He had no backup of files. He ran it in rescue mode and gave me access to mount disk.
tejdi said:
That's it. We have proof that gesior is a billionaire that doesn't care about paying for VPN for years.
Click to expand...
See that status? :cool:

1647898729081.png
 
If you aren't doing shh attacks or ddosing then Gesior's situation is probably what is happening. It could of even been really bad luck and they just sent a false IP as the connection which happened to be yours. You should contact them and see if anything can be done about the IP or figure out someway for them to confirm you aren't doing anything.
 
Itutorial said:
If you aren't doing shh attacks or ddosing then Gesior's situation is probably what is happening. It could of even been really bad luck and they just sent a false IP as the connection which happened to be yours. You should contact them and see if anything can be done about the IP or figure out someway for them to confirm you aren't doing anything.
Click to expand...
I did contact them, all they are saying are like, "you need to secure your server more"
Nokturno said:
Same exact issue here.
@Trinoria if u found a solution please let me know
Click to expand...
I am not really looking into this matter so hard as I wont be using OVH for much longer(mostly using it rn for testing purposes since its cheap). but I would maybe recommend you to run updates more frequently maybe, this has made it stop atleast for me for now.
 
This does not seem like a legitimate email to me. I would have not responded to it.

abuse.OVH.net

My network is managed through "ovhcloud.com" and "ovh.com."
 
J.Dre said:
This does not seem like a legitimate email to me. I would have not responded to it.

abuse.OVH.net

My network is managed through "ovhcloud.com" and "ovh.com."
Click to expand...
Yes that was my thought aswell(I mean look at the email it looks so bad), but doesn't change the fact that my server got put in rescue mode hours after I recieved these emails.
 
Trinoria said:
Yes that was my thought aswell(I mean look at the email it looks so bad), but doesn't change the fact that my server got put in rescue mode hours after I recieved these emails.
Click to expand...

They may have access to your server and are messing with you.

Go through the admin panel and create a ticket. Do not reply to emails.
 
J.Dre said:
This does not seem like a legitimate email to me. I would have not responded to it.

abuse.OVH.net

My network is managed through "ovhcloud.com" and "ovh.com."
Click to expand...
Your server is, but not your network :)
Take some OVH server IP. Search for network info:
ipinfo.io

147.135.209.151 IP Address Details - IPInfo.io

Full IP address details for 147.135.209.151 (AS16276 OVH SAS) including geolocation and map, hostname, and API details.
ipinfo.io ipinfo.io
As you can see, official e-mail for network abuse reports is [email protected]
1647967822920.png
 
Gesior.pl said:
Your server is, but not your network :)
Take some OVH server IP. Search for network info:
ipinfo.io

147.135.209.151 IP Address Details - IPInfo.io

Full IP address details for 147.135.209.151 (AS16276 OVH SAS) including geolocation and map, hostname, and API details.
ipinfo.io ipinfo.io
As you can see, official e-mail for network abuse reports is [email protected]
View attachment 66365
Click to expand...

Seems like the US website is different. I don’t see “abuse.OVH.net” anywhere. I promise you this.

Regardless, if it is legitimate he should be conducting business through tickets on the admin control panel, not replying to emails. There are many fake emails.

__________

It seems [email protected] is legitimate. His image shows @abuse.OVH.net. My entire network is managed through US OVH Cloud services (OVHcloud.com). I don’t see the “.net” anywhere which is why I assumed it is illegitimate.
 
Last edited:
J.Dre said:
It seems [email protected] is legitimate. His image shows @abuse.OVH.net. My entire network is managed through US OVH Cloud services (OVHcloud.com). I don’t see the “.net” anywhere which is why I assumed it is illegitimate.
Click to expand...
@abuse.ovh.net is legit, assuming the e-mail here was not spoofed. And yes, US service of ovh is separated due to some law restrictions or tax regulations (or whatever).
 
If OVH receives an abuse report against the IP allocated to you, they will forward that abuse report to you - almost certainly automatically. It does not necessarily mean that you intentionally committed some kind of abuse or that your service has been compromised. Most attacks are not entirely 'direct' - they use spoofed source IP headers - it's part of the tactic to tie up as much bandwidth as possible - essentially setting the 'return address' of the connection to any other IP they choose.
Unfortunately there are many incompetent sysadmins out there that send through abuse reports to all the hosting providers without checking for full handshakes (which dont occur in a spoofed attack).

You should still take abuse reports seriously though, review them, and audit your services as necessary.

Also not to miss the opportunity: fuck ovh
 
Last edited:

Similar threads

K
Greetings OTland
Replies
1
Views
213
Tenzhiro
Tenzhiro
Joriku
Revoked permissions on Otland
Replies
4
Views
262
Tenzhiro
Tenzhiro
Damon
ZAP HOSTING (German Company) now offers Lifetime VPS/Rootservers (also Windows) - A chance for small OTS to stay online?
Replies
10
Views
2K
Damon
Damon
dnmk
  • Question
AAC MyAAC site not working after installation
Replies
7
Views
675
Acubens
Acubens
E
  • Solved
Windows RME on Windows 11
2
Replies
21
Views
2K
storms12
storms12
N
Older Style OT server Questions and Help please!
Replies
3
Views
318
Nuskigunit
N
Back
Top