Hi, recently my server starter to suffer from "massive amounts of outbound udp packets", just from time to time. When it happens, my hosting company turns the server down for a day, then it re-enable it and for a couple of weeks everything seems ok, but after the problem happens again.
The hosting company is doing nothing to help me because it's an unmanaged server, and since I'm not a programmer or technician (I'm doing marketing!) I didn't know that I could encounter such big problems like these.
If they are going to solve the problem in my place, they want me to pay for their technical services that will cost me hundreds of pounds, so the best thing for me will just be to change host...
So, I started to learn from scratch the basics of ssh and with the help of some tutorial I installed fail2ban (that ban an ip for example after 3 times it tries to connect to ssh) and rkhunter , that search for maliciuous scripts in my server.
Both were not so useful... rkhunter only pointed out these warnings:
Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
Warning: Application 'php', version '5.2.10', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
Do you think that they REALLY need to be updated?
I asked my hosting company to update them, but they are REALLY SLOW to answer me. Imagine that to have my server online again I had to CALL THEM in the uk and wait 20 minutes for the customer service to answer...
So, in the end, my question is: I know that in the future someone will try to launch an attack from my server again, so how can I track what he is doing, and finally understand which is the hole in the server?