My VPS is being used to DDoS an IP? WTH!

[Invisible121]

My VPS was suspended because according to my provider, my IP is used to DDoS another IP. Is that possible? My details are below

OS: OpenVZ CentOS x86
Control Panel: Kloxo

All I have is a wordpress blog and I added cloudflare on my domain. Anybody experience the same thing on their vps with similar setup to mine? Thanks in advance!

 

[goodboy]

i think its not possible to Use Same IP as Yours (dupe) IP ... Kindly Check Your VPS Log to Check Any Unwanted Visit TO your Panel

 

[marhahajcs]

This is a cheap trick,before few months i also got my vps susspended with similar reason.the provider claimed that i have used the vps for malicious purposes,but the fact was i never done anything wrong.He told me my ip got flagged by sp4mhaus,and my account will stay susspended until the future news.
I told him Gfy! im 100% clean.
After that i made a dispute on the paypal website,and after few days i got a refund.I have purchased a new vps from another provider and no problem till now.Stay away from cheap vps services!

 

[DaniaLLL]

I don't think its possible until you give your root password to anyone else

 

[Cydex]

You probably got hacked and somebody got your root rights. If your host complaints about DDoS attacks originating from your server, ask them to show proof first.

 

[HostUS]

Most likely infected wordpress plugin or theme etc. You don't need root.

 

[mikho]

If it wasn't you who did it, your vps was probably hacked becuause of unsafe wordpress plugin, perhaps not updated.
Kloxo have had a few security issues, if not updated you will eventually end up in trouble.

Ask the provider to show some logs and tall them that you need access and will clean it since it was hacked.
If the provider uses SolusVM I guess you can use the java cosole to access your vps.

@marhahajcs

perhaps your vps was also hacked? Or you had an open mailrelay on your vps?

 

[infinitnet]

Most likely your VPS was hacked. As others mentioned, it might already be enough to have a website infected without root. Another possibility is that you were running an open DNS resolver and it was used as a "zombie" as part of a DNS reflection attack, if you didn't properly lock down your DNS. Read how to do so here: HOWTO Prevent an Open DNS
In any case you should tell your provider that you didn't do this on purpose and that you'd like to have access to your VPS to resolve the issue and then start investigating immediately.