Server suspended due to Conntrack Print

  • 111

Conntrack is a listing that a server uses to keep track of all incoming and outgoing connections to a server. For a normal server with a typical amount of traffic, a number below 10,000 conntrack is typical. Depending on what you are doing on a server, this number may reach 10,000 and slightly higher, but that is all.

If you are wondering what your active amount of conntrack sessions are your server are at any given time, you may do so via the following command:-

cat /proc/net/nf_conntrack

If your VPS is suspended, and you are not sure how your VPS has this many conntrack sessions, it is likely that your VPS has been access maliciously, and is being used for other purposes than what you have set it up for.

In this circumstance, we recommend the following :-

-Change the root password immediately
-Disable password logins for all users via the /etc/ssh/sshd_config and only allow public_key authentication
-Run 'top' and look if any non-standard programs are running that you are not familiar with

Was this answer helpful?

« Back