Abuse Message

[edilsonlsouza]

Hi! I'm getting this warning:

---
We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
---

> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | 1.2.3.4 | 2022-06-07 06:00:59 | 100000 4111/udp; 100000 3111/udp; 100000 2 111/udp; 100000 4111/udp; 100000 3111/udp; 100000 2 111/udp;
> 24940 | 1.2.3.5 | 2022-06-07 07:59:30 | 100000 4111/udp; 100000 3111/udp; 100000 2 111/udp; 100000 4111/udp; 100000 3111/udp; 100000 2 111/udp;

How to solve this?

Thanks!

 

[cPRex]

Hey there! Whenever you receive a message like that, I would check the headers to ensure that it is legitimate.

The message itself doesn't seem to provide much information. Are they saying there is "bad" traffic coming from your server? If so, it looks like your server is making outbound UDP connections, leading to this issue.

This isn't something that would be related to the cPanel tools on the system, so I'd recommend checking the network activity on the server directly to see if you can isolate that traffic.