Server Locking
There are some situations in which we are forced to lock a server. If your server gets locked you will be notified via email.
If you didn't receive an email or are unsure if your server has truly been locked you can send us a support request via the support ticket in client area administration interface.
Reasons for Server Locking
The most common reasons for locking a server are:
- Attacks from/on your server
- Interference to the network by port scans
- Incorrect network configuration
- Non-payment of invoices
- Abuse (e.g. hosting a phishing site/malware/copyright infringing material, etc.)
We lock servers for multiple reasons, including protecting our infrastructure, as a precautionary measure to prevent any possible further abuses and to protect the server owner.
To assist in analyzing the problem, a log file with as much information as we have is added to the email. Please note that we don't have additional information or log files to those we provide. We don't have software access to the server and thus cannot see what exactly is going on. Please check your own internal server logs and analyze the issue yourself.
Log Files
Information on Port-/Netscans
###################################################################
# Netscan detected from host x.x.x.x #
###################################################################
time src_ip dest_ip:dest_port
-------------------------------------------------------------------
Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.0: 22
Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.1: 22
Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.2: 22
Thu Nov 13 18:14:27 2013: x.x.x.x => 65.98.236.3: 22
.....
This log shows the exact time and the source IP, as well as the destination IP and port.
Summary on exceeded Packet Limits
Direction OUT
Internal 178.63.65.85
Threshold Packets 100.000 packets/s
Sum 40.674.000 packets/300s (135.580 packets/s), 40.673 flows/300s (135 flows/s), 5,909 GByte/300s (161 MBit/s)
External 77.96.88.114, 40.668.000 packets/300s (135.560 packets/s), 40.667 flows/300s (135 flows/s), 5,909 GByte/300s (161 MBit/s)
External 196.37.186.67, 5.000 packets/300s (16 packets/s), 5 flows/300s (0 flows/s), 0,000 GByte/300s (0 MBit/s)
External 77.74.52.53, 1.000 packets/300s (3 packets/s), 1 flows/300s (0 flows/s), 0,000 GByte/300s (0 MBit/s)
This log does not list each connection separately but rather shows a summary of the traffic per destination IP. It shows the packet rates, the flow rate as well as the total connection speed.
Detailed Traffic Dump
21:44:53.145756 IP x.x.x.x.55008 > 76.9.23.182.29615: UDP, length 9216
21:44:53.145883 IP x.x.x.x.55030 > 76.9.23.182.45527: UDP, length 9216
21:44:53.146007 IP x.x.x.x.55046 > 76.9.23.182.1826: UDP, length 9216
21:44:53.146126 IP x.x.x.x.55064 > 76.9.23.182.34940: UDP, length 9216
21:44:53.146249 IP x.x.x.x.55080 > 76.9.23.182.20559: UDP, length 9216
21:44:53.146371 IP x.x.x.x.55093 > 76.9.23.182.31488: UDP, length 9216
21:44:53.146493 IP x.x.x.x.55112 > 76.9.23.182.56406: UDP, length 9216
21:44:53.146616 IP x.x.x.x.55132 > 76.9.23.182.43714: UDP, length 9216
21:44:53.146741 IP x.x.x.x.55147 > 76.9.23.182.64613: UDP, length 9216
In this case a detailed traffic dump is created which contains all (incoming and outgoing) connections. This shows the following information: destination IP, destination port and the size and type of packets. As each individual packet is shown, only a small part of the traffic is captured owing to the huge amount of information involved.
Server Unlocking
Contact to support in the client area creating a support ticket.----------
