ToS Violation - Malicious Activity
Hello I am looking for some help, we have been given an error from linode with not alot of info. Can someone please help me workout what this is? from all I can tell it's just a port scan so nothing to worry about.
This is on a cpanel Server
port-scan <our ip=""> abuse-notify@abuse.espresso-gridpoint.net</our>
Extracted Details
ip 139.144.99.210
send_date 2024-04-15T20:01:32Z
received_date 2024-04-15T20:01:40Z
format espresso
Incident part
source_port: 60906
target_ip: 91.190.98.122
target_port: 443
1 Reply
mtcotton846
Linode Staff
From the looks of it, your Linode was scanning the ports of another compute instance on which was unauthorized, or was unexpected.
While there are legitimate reasons for port scanning, and other types of traffic and use cases can cause false flags, frequently port scanning is done for the purpose of malicious activity (gaining unauthorized access to a compute instance).
Tickets that Linode opens up on accounts like this usually are accompanied by instructions on next steps, but a pretty exhaustive list of next steps can be found in older Community Site posts such as this one:
https://www.linode.com/community/questions/20593/tos-violation-suspected-botnet-activity-how-do-i-do
Hopefully that helps!
-Micah