In this post i will discuss about the DMCA notice that i have received some times ago. In that notice they have mentioned my server is being used to DDos to some other server via UDP ports. In other words my server was being used to launch DDos Attack on other server via UDP. i had search on google but did not able to find any proper solution to this problem and my bandwidth usage suddenly increased to 2TB+ in a day that was my monthly bandwidth usage before the notification. So i started searching to solve the issue and after 1 month i got a solution that is to check the each account for malicious scripts.
cPanel does not record outgoing traffic on UDP ports for the accounts, the only way to check the outbound traffic is bandmin that is available within cPanel.
You can see all traffic whether it is inbound or outbound from bandmin, to do so go to your browser and type : http://yourdomain.com/bandwidth at this point you will be asked to provide username and password for bandmin that can be changed from cPanel/WHM. Just find the option Bandmin Password Under Service Configuration in you WHM panel’s left side. Change the password and then use it to login to your bandmin stats from http://www.yourdomain.com/bandwidth
During the inspections of accounts hosted on my server i have found more than 5 accounts under a single reseller that were hosting the malicious scripts written in PHP and used to launch UDP attacks on other servers. I simply suspend those accounts and then informed the accounts owner.
So i have solved the issue after loss of about 100USD and suffered IP blockage two times during this time period.
You can execute the following command to monitor the all connections on UDP ports in realtime:
# netstat -au
Note: You cannot block UDP ports on cPanel as the DNS uses UDP ports to query your server for inbound and outobond connections.
You are free to ask any question regarding UDP flood and DDos attacks, i always welcome to the queries.
