DDos attack ToS Violation - Outbound DoS

Question

Fount ddos attack on ubuntu server

netstat -nputw

given outout

Local Address       Foreign Address        State        PID/Program name

55.57.72.37:59792   123.166.137.95:25000    SYN_SENT    2890/ip6tablesu.sh

I found on internet that 123.166.137.95 is China's ip address

How should I block outbound traffic to that address?

ip6tablesu.sh this program is running -- I think it's an maleware. How I should stop it? — mujaffars, Jan 06 '16 at 10:56
The f_c_in_ Linode server got hacked with ddos attack. That's why getting Outbound traffic. aaahhhhh (angry) — mujaffars, Jan 07 '16 at 12:38

score 1 · Answer 1 · edited Apr 13 '17 at 12:22

1

Try this:

sudo ufw deny out from any to 123.166.137.95

As far as dealing with or cleaning up your compromised server goes, see this previously answered question:

edited Apr 13 '17 at 12:22

Community

answered Jan 06 '16 at 11:08

JayMcTee

1 Answers1