• 19
  • 1
  • 1
On our wavelength
Message 1 of 1
Flag for a moderator

DDoS Attack

I received an email from VM that says:

"A device using your internet connection may be infected with malware

We’ve been notified by a third party that malicious traffic has been detected coming from a device using your internet connection. We don’t know which device this is, but it does mean your personal data and online financial transactions, including credit card purchases, could be at risk.

It’s likely that a device connected to your broadband is infected with malware. This probably isn’t your fault, but it's important you get your device fixed so the malicious traffic stops as soon as possible. We’ll help you do this below.

We need to let you know that if you don’t get it fixed, to protect others we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy."

I'm not here looking for any advice, my problem is resolved but I just want to have my response on record in case there are any further repercussions, so here is my explanation...

For 3 years I've been hosting a small game server on my PC without incident. About a week ago a disgruntled banned player decided to launch a DDoS attack on me. At first I didn't realise what it was, my internet kept dropping so I called an engineer. They couldn't find anything wrong but the problem was resolved when they switched my router (it was the IP change that fixed it of course). Shortly afterwards I realised what was happening, so I've taken these steps:

1. Moved my game server to a remote host with DDoS protection (the attacker has continued to hit the new host).

2. Factory-reset my VM hub and also put it in modem mode, with another router attached. This has changed my IP again so it is no longer exposed anywhere.

I am 100% sure nothing on my end is infected. I have 2 Linux PCs on ethernet connections, nothing on wifi. If a 3rd party was hit by my IP address I would guess that their PC may be infected as part of the botnet used in the attack, and my router responded to their connections, or else the attacker may have spoofed my IP to attack others.

0 Kudos