How to Solve IP Abuse Issue Caused by Attack or Port Scan on a Linux Server

Introduction

This article introduces the steps on how to solve the IP Abuse issue caused by an attack or port scan on a Linux Server.
1 Check if your Linux server is hacked.
2 Check all installed software.
3 Secure the Linux server
4 Reload OS

1 Check if your Linux server is hacked

We provide a KB to help you check if your Linux server is hacked - How to Check if a Linux Server is Hacked.
 
If the Linux server was hacked, please try removing the hacked files, process, software, users, and so on.

2 Check all installed software

Common port scanning software on Linux servers are as follows:
Nmap, Unicornscan, Zenmap, ipscan, Netcat, Knocker, pnscan, nast                                                                                                             

2.1 Check if port scanning software is installed

Use the following command to check if the server has any port scanning software installed:
Centos: rpm -qa | grep -iE "Nmap|Unicornscan|Zenmap|ipscan|Netcat|Knocker|pnscan|nast"
Ubuntu: dpkg -l | grep -iE "Nmap|Unicornscan|Zenmap|ipscan|Netcat|Knocker|pnscan|nast"

2.2 Uninstall the port scanning software

If the software is detected, please uninstall it with the following command:
Centos:  yum remove [package_name]
Ubuntu: apt-get remove [package_name]
The following is an example of removing the Nmap package named “nmap-6.40-19.el7.x8” from the system:

3 Secure the Linux server

For how to secure a Linux, please refer to the KB - How to Secure Linux Server.
 

4 Reload OS

If the above actions cannot resolve the IP abuse issue, we can try reloading the operating system. It will create a fresh server. 

Add Feedback