We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSI, a response.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 5050
Fax: +49 9831 5053
www.hetzner.com
Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
You have the option of making an appeal against a negative decision.
To do that, please reply directly to this ticket. If this is the Abuse
Teams final decision, you can also make a complaint by writing to
info@hetzner.com. The European Commission also provides a
platform that you can use as a platform for online dispute resolution
(ODR) at http://ec.europa.eu/consumers/odr. We are neither willing
nor required to participate in a dispute resolution process before a
consumer arbitration board.
For the purposes of this communication, we may save some of your
personal data. For information on our data privacy policy, please see:
www.hetzner.com/privacy-policy-notice
> Dear Sir or Madam,
>
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
>
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
>
> Over the past months, systems responding to Portmapper requests from
> anywhere on the Internet have been increasingly abused DDoS reflection
> attacks against third parties.
>
> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the openly accessible
> Portmapper service was identified.
>
> We would like to ask you to check this issue and take appropriate
> steps to secure the Portmapper services on the affected systems or
> notify your customers accordingly.
>
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue
> has been solved.
>
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | 46.225.227.27 | 2026-03-10 03:28:31 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
>
> Mit freundlichen Grüßen / Kind regards
> Team CERT-Bund
>
> Bundesamt für Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> CERT-Bund
> Godesberger Allee 87, 53175 Bonn, Germany
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSI, a response.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 5050
Fax: +49 9831 5053
www.hetzner.com
Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
You have the option of making an appeal against a negative decision.
To do that, please reply directly to this ticket. If this is the Abuse
Teams final decision, you can also make a complaint by writing to
info@hetzner.com. The European Commission also provides a
platform that you can use as a platform for online dispute resolution
(ODR) at http://ec.europa.eu/consumers/odr. We are neither willing
nor required to participate in a dispute resolution process before a
consumer arbitration board.
For the purposes of this communication, we may save some of your
personal data. For information on our data privacy policy, please see:
www.hetzner.com/privacy-policy-notice
> Dear Sir or Madam,
>
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
>
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
>
> Over the past months, systems responding to Portmapper requests from
> anywhere on the Internet have been increasingly abused DDoS reflection
> attacks against third parties.
>
> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the openly accessible
> Portmapper service was identified.
>
> We would like to ask you to check this issue and take appropriate
> steps to secure the Portmapper services on the affected systems or
> notify your customers accordingly.
>
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue
> has been solved.
>
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | RPC response
> 24940 | 46.225.227.27 | 2026-03-10 03:28:31 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;
>
> Mit freundlichen Grüßen / Kind regards
> Team CERT-Bund
>
> Bundesamt für Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> CERT-Bund
> Godesberger Allee 87, 53175 Bonn, Germany
şeklinde bir mail geldi. Bu mail önemli midir? Hetzner konusunda destek olmak isteyen arkadaşlar yazabilirler. Neye dikkat etmeliyim. İlk defa kullanıyorum. Şu an canlıda sunucum çalışıyor aktif kullanıyorum. Günlük yedekleme seçtim ona rağmen ben de günlük yedek alıyorum kendi pc me.
