Introduction
This article introduces the steps on how to solve the IP Abuse issue caused by an attack or port scan on a Linux Server.
1 Check if your Linux server is hacked.
2 Check all installed software.
3 Secure the Linux server
4 Reload OS
1 Check if your Linux server is hacked
If the Linux server was hacked, please try removing the hacked files, process, software, users, and so on.
2 Check all installed software
Common port scanning software on Linux servers are as follows:
Nmap, Unicornscan, Zenmap, ipscan, Netcat, Knocker, pnscan, nast
2.1 Check if port scanning software is installed
Use the following command to check if the server has any port scanning software installed:
Centos: rpm -qa | grep -iE "Nmap|Unicornscan|Zenmap|ipscan|Netcat|Knocker|pnscan|nast"
Ubuntu: dpkg -l | grep -iE "Nmap|Unicornscan|Zenmap|ipscan|Netcat|Knocker|pnscan|nast"
2.2 Uninstall the port scanning software
If the software is detected, please uninstall it with the following command:
Centos: yum remove [package_name]
Ubuntu: apt-get remove [package_name]
The following is an example of removing the Nmap package named “nmap-6.40-19.el7.x8” from the system:
3 Secure the Linux server
4 Reload OS
If the above actions cannot resolve the IP abuse issue, we can try reloading the operating system. It will create a fresh server.
Article ID: 752, Created: February 1, 2021 at 2:16 AM, Modified: April 30, 2021 at 2:30 AM