Learn what information will be visible and provided when the OVHcloud's internal Anti-DDoS protection is triggered on behalf of your Dedicated Server or VPS.
Requirements
- a Dedicated Server or VPS that has been hacked
- access to the OVHcloud Control Panel
Anti-Hack information
Dedicated Server
When Anti-DDoS protection is triggered on your Dedicated Server, you will see a message in the OVHcloud Control Panel: "Your server has been hacked. Please contact our support team for instructions on what to do next."
Your server can be booted in rescue, which will allow a restart and the installation of the operating system. Below are the boot options for your server:
| Name | Function | Status |
|---|---|---|
| Rescue | Will allow a restart or the reinstallation of the operating system. | Hacked |
| Rescue FTP | Will allow a restart or the reinstallation of the operating system. | Hacked |
| rescue-ftp - OVH Anti-Hack rescue | Will not allow a restart or the reinstallation of the operating system. | Hacked and blocked |
In addition, a support ticket stating the following will be opened on your behalf.
From: You
This is an auto-generated notice.
This is an auto-generated notice. Please do not respond to it directly.
Dear Customer,
Your server nsXXXXXXX.ip-XXX-XXX-XXX.us is presenting too great a threat to our network, we had no choice but to place it in the 'rescue FTP' mode. An email containing a username and password has been sent so that you can retrieve your data located in its disks.
Please do not hesitate to contact our support via a new support ticker for some initial guidance so that this situation does not become critical. You can find out how to contact support here: https://support.us.ovhcloud.com/hc/en-us/articles/115001819764-How-to-Contact-OVHcloud-US-Support
You can find the log returns from our system below that led to this alert.
- START INFORMATION -
<Attack Details>
- END INFORMATION -
Kind regards,
OVH Customer Support
VPS
When Anti-DDoS protection is triggered on your VPS, your VPS will be placed in rescue mode.
In addition, a support ticket stating the following will be opened on your behalf.
From: You
This is an auto-generated notice.
Dear Customer,
Abnormal activity has been detected on your VPS vps-XXXXXXXX.vps.ovh.us.
Your VPS has been placed in rescue mode. This is so that you can intervene on your VPS and resolve the issues flagged up. An email containing information on rescue mode has been sent to you.
Actions can no longer be carried out on your VPS via your Manager/API. Only the following actions are possible:
- Reinstallation of your VPS.
- Use of rescue mode to resolve the problems flagged.
Once the issues have been resolved, please contact our technical support to get it restored to normal mode. Please do not hesitate to contact our technical support team so that this situation does not become critical.
OVH Customer Support
Please take note of the bottom part of the message stating: "Once the issues have been resolved, please contact our technical support to get it restored to normal mode. Please do not hesitate to contact our technical support team so that this situation does not become critical."
Go further
For more information and tutorials, please see our other Dedicated Servers support guides or explore the guides for other OVHcloud products and services.