My server under attack by possible virus

Hi. for some reason whenever my server starts up. it spams this message

KILLING YOU SOFTLY :DA2C_Print from 87.176.62.89
The ports are generated randomly and Im not sure if this is a ddos attack or something. according to the ip, it is traced from Berlin, germany. but I think this might be a masked IP

Any solution to this

DDoS attack or Botnet, possibly?

call your isp bro

Wait. are you saying that this a botnet attack?

You don’t need to worry about that, it’s only killing you softly. You’ll hardly notice it.

You are not helping

Look through your server files and see which files have been editted recently.

Even files which appear harmless such as derma.lua could be the problem. Open recently editted files and see if there is anything shifty in it, it won’t be hard to spot.

do you think a reinstall of my server would help? because I just reported this to my ISP And I did remove the Lua, Cache and Cfg folders and it still persists oh and this is not client side. this is server side

Do you host your server or do you rent it off a GSP? If you rent it then contacting your ISP is pointless. Re-installing your server I am sure would fix the issue, however it is not totally needed. You said it was saying “Killing it softly” or whatever, which means there is a lua file making this happen on your server.

Look through your addon and lua folders, especially your lua folder for recently editted/files that you have never seen before in there. Also check your data file, I’ve had cases where theres been a shit storm in there.

hmmm. well heres what it does. it spams that message and at the same time, it slows my PC to a crawl to a point where I needed to do a hard report.It beeps every time it shows that message and no this is not a bought server, I actually made this server from a different computer that I have. I changed my rcon pass if in case it doing this from a bot that got my rcon pass

Either check all your files like I said or re-install it.

doesnt look like its doing it anymore. I think this is due to the fact that he got my rcon pass

Drop this in your addons folder http://www.sourceop.com/modules.php?name=Downloads&d_op=getit&lid=37
You will need to edit the VDF though.

Open dosattackfix in notepad and change this line:



"file"  "..	f\addons\daf\bin\dosattackfix"


to



"file"  "..\garrysmod\addons\daf\bin\dosattackfix"


Y’know that thing is usless…

No it isn’t. It protects your server from another form of DDoS however.

No, DoS.

Either way, let’s hope he dosn’t *overDoS :rimshot:.
*