I have dedicated server for my personal projects on Hetzner and today was the second time I got email from them informing that they detected portscan coming from server (first time was in January). At the time I've read the email and logged in to the server it looked perfectly ok without any weird activity going on. I did some rootkit detection scans but with no luck.
What are my next steps here? Should I just ignore it, do clean system install or sth else?
Definitely don't ignore it!
Reinstall it immediately, if that's an option, or make completely sure you fix the problem.
Reinstalling is definitely the safer choice!
If reinstalling is an option, consider (depending on diskspace etc) if you can keep your data on a separate partition and just reset the system. Later dont(!) just restart your services, but make sure they aren't compromised.
If that's not an option, try to fix it good! Try to figure out if there are any processes running which you don't intend to run, check the logs, maybe you can get more details from the Hetzner admins about what to look for.
