0

I have a Hetzner VPS and received an abuse complaint from a website owner that Hetzner forwarded to me. There have been a significant number of connections from multiple IP addresses from my server and due to their frequency and intensity users are adversely affected.

My VPS use case is VPN stuff.

I tried to block the domain, but could not due to the website is behind Cloud Flare CDN, so I can't reach the origin server.

Does anyone have any idea how to stop sending requests from my sever to the target?

Thanks.

2 Answers 2

2

(this was intended to be a reply to your comment under Massimo's answer, however, it grew past the character limit)

"Not knowing" who is sending them is simply irresponsible. By providing a service, you now are expected to protect Internet from your users misusing the service.

You are providing service, you are now in charge of what your users do. The service allows your users "anonymously" do stuff in the Internet; it's anonymous for them because they just do things under your name, and you chose to not record who does who.

So your name is the one known to blame. You were blamed for wrongdoings in the Internet; maybe, it's some of your users is doing something nasty, but nobody cares, it's now your problem because it's your service. For me (e.g. if I was the victim of that wrongdoings), it's Hetzner's IP address what is recorded, therefore it's Hetzner who is responsible. Hetzner knows to whom they lent this IP, it's you, so they pass this responsibility further to you. Now it's your turn to respond.

So, either you'll need to find out who is doing wrong and timely react, and, probably, even prevent this proactively in the future, or Hetzner will stop providing a service to you in turn, because this is the best thing they can do so your (or, your user's, nobody cares, because their contract is with you, not with your users) actions don't hurt their reputation.

Install at least the traffic flow recording tools, software like flow-tools. Forbid exiting to port 25 to prevent spamming; normal email sending won't be affected.

4

Does anyone have any idea what should I do to stop sending requests from my sever to the target?

You should be more worried about who or what is sending them in the first place. If you are not doing this on purpose, this means your server has been compromised.

3
  • 1
    I provide VPN to my users and I couldn't find the source to know who is sending them.
    – Zeroday
    Commented Jun 19 at 14:34
  • 2
    That's even worse - you shouldn't be providing a service to people you don't how to manage/secure.
    – symcbean
    Commented Jun 20 at 8:29
  • 1
    @Zeroday: I provide VPN to my users. No, this is not access to a private network. You are providing access to the public Internet, in an uncontrolled and irresponsible way. Your users almost certainly have Internet access without the "VPS". The VPS is created to bypass restrictions, and now you are in a jackpot. There isn't a technology solution to mismanagement. Turn off the VPS and get back to work.
    – Greg Askew
    Commented Jun 20 at 11:17

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .