Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53.
Based on the source port number, this likely indicates an open DNS resolver on your network. Open resolvers are very commonly abused to conduct DDOS attacks. Please see http://openresolverproject.org/ or http://www.team-cymru.org/Services/Resolvers/ for more information.
We would ask that you either limit access to this resolver to prevent it from being abused, or implement one of the patches described on http://openresolverproject.org/ or http://www.team-cymru.org/Services/Resolvers/instructions.html . If you are not sure how to do this, we have some instructions available at http://abusereports.gameservers.com/#dns
You can confirm this host is vulnerable by running the following command:
dig example.com @108.61.1xx.xxx
If you see a valid response, this is proof that the machine is vulnerable and actively being used to conduct DDOS attacks. Please note that it's possible this machine has rate limits to help prevent abuse. We're unable to confirm if that's the case, but we can tell you with certainty this machine has been involved in an attack against us.
Our detection systems automatically merge duplicate log entries, however we have the following records:
[2014-12-15 11:52:36 GMT] IP 108.61.1xx.xxx:53 > 108.61.227.105:13134 UDP, length 132743168, packets 32768
If you have any questions about this report, please let us know: abusereports@gameservers.com
=========================================
The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:
https://abusix.com/global-reporting/abuse-contact-db
abusix.com is neither responsible nor liable for the content or accuracy of this message.

The user in question was still signed in to one of our public IPs he is apparently infected with malware. We have added a firewall rule to mitigate anymore potential damage caused by his infection and will contact him with a link to this ticket.

Also Read

NJ Hacking - 09/Oct/2014
A site was recently compromised from an IP in your allocation. Here is the log...
DoS attack
Dear Provider, I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m...
brute force attempt
> Your IP address [162.253.128.212] has been blocked for attacking sshd > on our network....
DoS attack from the LiquidVPN Network
Dear Provider I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to...
Brute Force Attempt
Dear Client, We have received the below abuse message regarding your services. Please deal with...