P
postcd
Guest
Hello, i got this message (pastebin.com/T3zQa4iU) that one of VPS participated in NTP attack. Im providing an VPS to one person,
this is running on it:
"/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 102:103"
from /etc/passwd:
ntp:x:102:103::/home/ntp:/bin/false
from /etc/ntp.conf
restrict default kod notrap nomodify nopeer
i followed advices provided by that attack report, what else you see from outputs above please? Do you think that person is doing this intentionally?
this is running on it:
"/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 102:103"
from /etc/passwd:
ntp:x:102:103::/home/ntp:/bin/false
from /etc/ntp.conf
restrict default kod notrap nomodify nopeer
i followed advices provided by that attack report, what else you see from outputs above please? Do you think that person is doing this intentionally?