EvilZone

May i just point out the obvious... by stating that a single server does not 'DDoS'. The first D stands for Distributed. Your server could have been part of a DDoS attack... however it couldn't by definition be single handedly performing said attack...

Thanks for stating the obvious, wasnt aware of that.

I suggest you to run a shell detector with php as a base on your server. That may help you finding backdoors if any.

Very good tip, appriciate it, thanks for that.

Nope

You have been compromised, don't run the risk of it happening again. Reinstall and backup whatever is essential. Be careful that nothing you backup is compromised and just be generally vigilant

Do whatever is necessary to not publicly disclose your IP address, that will minimise your chances of actually being attacked.

You are absolutely right, its just that I am still learning ubuntu and its commands so I put alot of time into it, but in this case I really have to start over again, although I am thinking that D4rkcat is right and that wordpress or an old version of phpbb is to blame.

I might just remove wordpress and phpbb and see what has happened after 1 week.

Hi guys,

I got a phone call from my hosting provider telling me that there was a DDOS attack from my own VPS,
as I havent had virus problems on ubuntu I just googled an open source antivirus product and came to
ClamAV well installed it and ran a command to scan for virusses, nothing found but I want to be sure.

I got these services running atm:

TeamSpeak 3
Apache
MySQL
Postfix

Since I used TeamSpeak for online games such as world of warcraft, I got this feeling people are abusing it
and possibly use it for DDOS, or something else that got a false positive for DDOS.

I have done my best to secure it, like changing settings so no root logins are allowed over SSH, and setting
ownerships to users that have to have access to that folder etc.

Are there ways to make sure, that a DDOS has happened or has not happened from my server?