OVH: Ping = breach of contract?

Discussion in 'Hosting Advice' started by BadassDevelop, Jun 22, 2016.

  1. Well, this'll be great. I bought an OVH VPS for testing, and the first command I used was ping. I pinged GOOGLE with less than 10 bytes, ONCE.

    OVH sent an anti-hack email basically saying I am breaching the contract. They also said, however, that I apparently launched a 16 kbps attack. Let's be honest, who is this going to hit offline?!

    For those of you want proof:
    Dear Customer, Abnormal activity has been detected on your VPS vps85178.vps.ovh.ca. As this constitutes a breach of contract, your virtual server vps85178.vps.ovh.ca has been blocked. You will find the logs brought up by our system below, which led to this alert. - START OF ADDITIONAL INFORMATION - Attack detail : 14Kpps/99Mbps dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason 2016.06.22 17:43:15 CEST ***.**.***.**:46733 ***.**.***.***:80 TCP -62 892 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:8756 ***.**.***.***:80 TCP -62 930 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:25532 ***.**.***.***:80 TCP -62 897 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:30206 ***.**.***.***:80 TCP -62 935 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:20239 ***.**.***.***:80 TCP -62 935 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:8866 ***.**.***.***:80 TCP -62 932 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:47503 ***.**.***.***:80 TCP -62 903 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:42045 ***.**.***.***:80 TCP -62 888 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:24336 ***.**.***.***:80 TCP -62 905 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:32641 ***.**.***.***:80 TCP -62 927 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:53328 ***.**.***.***:80 TCP -62 928 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:27703 ***.**.***.***:80 TCP -62 932 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:6275 ***.**.***.***:80 TCP -62 910 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:64270 ***.**.***.***:80 TCP -62 889 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:60919 ***.**.***.***:80 TCP -62 931 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:46977 ***.**.***.***:80 TCP -62 915 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:40138 ***.**.***.***:80 TCP -62 900 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:33453 ***.**.***.***:80 TCP -62 930 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:39013 ***.**.***.***:80 TCP -62 930 ATTACK:TCP_SYN 2016.06.22 17:43:15 CEST ***.**.***.**:43425 ***.**.***.***:80 TCP -62 889 ATTACK:TCP_SYN - END OF ADDITIONAL INFORMATION - OVH Customer Support. OVH Support Call us at: 1-855-OVH-LINE (684-5463) 24/7/365

    This is the first time I've been awake since the date became the 22nd, and now I am apparently DDoSing in my sleep.

    My VPS was NOT hacked as I disabled root, put in a custom username with random characters, and switched to SSH logins.

    Any idea how to fix this?
     
  2. Highly unlikely they could confuse a ping for an attack. Something/someone is making it look like there is an attack. Message them back, tell them the only thing you did was send a ping out.

    Oh and after that, ignore them and move on.
     
  3. There is literally nothing on it, it's just been running. The only thing I've done to it is disable root, and ping Google.
     
  4. This happened to me as well, after going back and forth a few times saying that "I have not sent any DDoS attacks and have checked for any potential malware on my machine and am unable to find any", they dismissed it and I never got a notice about it again.
     
  5. 14kpps = 14k packets per second. Sure it was just a ping? :) maybe not hping3?
     
  6. Command:
    ping google.com
    <packet data here>
    *ctrl + c* -cancelled it after one ping-
     
  7. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    I don't think OVH would lie about it tbo. The logs they have are pretty apparent. Out of the dozens of physical servers, and multiple VPS I have with them I've never had them mail me about a false abuse report.
     
  8. 14kkps is 14.000 packets per second. ICMP generates 1 packet per second.
     
  9. Bought another one:

    This is EXACTLY what I did, except I am doing it on root.
    [​IMG]
     
  10. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    The hostname is "vpn", do you have a VPN server setup on it or the old one? Maybe the VPN isn't secure or maybe it is detecting certain traffic as bad?
     
  11. I named it VPN because I was going to use it setup a VPN.
     
    • Winner Winner x 1
  12. Usually they will reboot your server into rescue ftp for such of these things...
     
  13. JamesJ

    Supporter

    Have you got redis installed?
     
  14. 4chan

    Supporter

    I had a false email about this after pinging once. Called OVH and they said don't worry about it.

    Have you called?
     
  15. It's $4, I am not calling a company over it. I'll just move on and never use them again.
    Like I said, I have not changed the defaults other disabling root.
     
  16. It was just a little 'bug' of their system LOL.. And there is nothing wrong with OVH btw.
     
  17. I don't really care... I've switched to RamNode for my VPS servers & SoYouStart for dedicated servers. (and no shit, I know they're OVH)
     
  18. I'm not a fan of OVH, but it looks to me like you had something open. It wasn't the pinging that was the issue.
     
  19. This is the last time I say it

    I LOGGED IN
    I PINGED GOOGLE
    SET UP A NEW ACCOUNT ON THE VPS
    DISABLED ROOT
    WENT TO SLEEP
     
  20. 4chan

    Supporter

    Read my post here that I tried posting:
    [​IMG]
     
    • Funny Funny x 1