Untitled

Dear Jur Koerts,

This is an important notice regarding your 1&1 IONOS Server.

Your server was found to be part of a network of compromised machines leading a Denial-of-Service Attack (DoS-Attack) against other servers. Please find details on the malicious processes at the end of this e-mail.

In order to prevent further criminal activity from your server, we have suspended access pending your investigation and resolution.

Please follow the instructions below, according to the category of your server, to re-establish the access to your 1&1 IONOS Server.

1. Dedicated Root Server
2. Virtual Private Server
3. Dynamic Cloud Server

   1. Dedicated Root Server:
      Log in via your Serial Console and take steps to secure your server.
      Determine the source of the compromise and disable the software
      that is controlling the attack.

      Once you have secured your server, get back to us stating the measures
      you have taken and it will be our pleasure to restore network connectivity.

      You will find instructions on using your Serial Console on the 1&1 IONOS Help Centre:
      - Linux Servers: https://www.ionos.co.uk/help/index.php?id=1895
      - Windows Servers: https://www.ionos.co.uk/help/index.php?id=1874

   2. Virtual Private Server:
      Please reply back to us when you are ready to take steps to secure your
      server. We will re-establish access at that time.

      Once the server is unlocked, we recommend you reboot into repair mode and
      fix the problem with the server off-line. This will avoid ongoing attacks.

      You can find instructions on using Repair Mode at:
      - https://www.ionos.co.uk/help/index.php?id=1853

   3. Dynamic Cloud Server:
      Please reply back to us when you are ready to take steps to secure your
      server. We will re-establish access at that time and stop the server. You can
      then restart it from your 1&1 IONOS Control Panel when you are ready to secure it.

To get back to us, simply reply to this e-mail keeping your reference number [Ticket AB116610417] in your message. You can also call us any time at 0333 336 5691.

We appreciate your cooperation and look forward to continuing to improve the security of your 1&1 IONOS Server.

- Details about the malicious processes:
###########################################
Attack type: DoS_OUT
Attack source IP/s: 74.208.81.35
###########################################
Time	Source Address	Source Port	Destination Address	Destination Port	Frames
22/04/2019 20:56:00	74.208.81.35	UDP:63197	80.57.123.190	UDP:80	18888000
22/04/2019 20:56:00	74.208.81.35	UDP:63199	80.57.123.190	UDP:80	17352000
22/04/2019 20:56:00	74.208.81.35	UDP:63198	80.57.123.190	UDP:80	17048000
22/04/2019 20:56:00	74.208.81.35	UDP:63196	80.57.123.190	UDP:80	16968000
22/04/2019 20:56:00	74.208.81.35	UDP:62869	80.57.123.190	UDP:80	11864000
22/04/2019 20:56:00	74.208.81.35	UDP:62888	80.57.123.190	UDP:80	8840000
22/04/2019 20:56:00	74.208.81.35	UDP:62889	80.57.123.190	UDP:80	8720000
22/04/2019 20:56:00	74.208.81.35	UDP:62896	80.57.123.190	UDP:80	8632000
22/04/2019 20:56:00	74.208.81.35	UDP:62895	80.57.123.190	UDP:80	8328000
22/04/2019
20:56:00	74.208.81.35	UDP:62894	80.57.123.190	UDP:80	8192000
22/04/2019 20:56:00	74.208.81.35	UDP:62899	80.57.123.190	UDP:80	7936000
22/04/2019 20:56:00	74.208.81.35	UDP:62898	80.57.123.190	UDP:80	7856000
22/04/2019 20:56:00	74.208.81.35	UDP:62892	80.57.123.190	UDP:80	7736000
22/04/2019 20:56:00	74.208.81.35	UDP:62893	80.57.123.190	UDP:80	7696000
22/04/2019 20:56:00	74.208.81.35	UDP:62891	80.57.123.190	UDP:80	7640000
22/04/2019 20:56:00	74.208.81.35	UDP:62872	80.57.123.190	UDP:80	6968000
22/04/2019 20:56:00	74.208.81.35	UDP:62890	80.57.123.190	UDP:80	6696000
22/04/2019 20:56:00	74.208.81.35	UDP:62897	80.57.123.190	UDP:80	6440000
22/04/2019 20:56:00	74.208.81.35	UDP:62880	80.57.123.190	UDP:80	6088000
22/04/2019 20:56:00	74.208.81.35	UDP:62878	80.57.123.190	UDP:80	5904000
22/04/2019 20:56:00					50816000

- End of details.

Best regards,

Hosting Security

--
1&1 Internet Ltd.