I received a ticket for an outbound DoS. Why was my Linode restricted without warning?
When we detect an outbound Denial of Service attack originating from a Linode, or we are able to verify a report from a third party, it’s important for Linode Support to take immediate action to stop the attack. DoS attacks can harm important public services, and degrade performance on the Linode network, so we must immediately enable network restrictions to mitigate the attack.
While these restrictions are in place, your Linode is still accessible via Lish.
Linode Support also has the option to temporarily lift the restrictions if you boot your Linode into Rescue Mode.
We understand how disruptive these restrictions can be and we’ll get them removed as soon as we understand the source of the attack and what you’ve done to resolve the issue.
Scanning your server with ClamAV is one way to find malware on your server, and our guide on securing your server has some great recommendations on how to prevent compromises in the future. Using tools like Lynis can also help reveal potential vulnerabilities in your system’s configuration.
We can also recommend the following links if you’d like to learn more about DoS attacks and their impact:
Cloudflare Learning Library - Denial of Service Attacks
Incapsula Learning Center - DDoS Attacks