Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Active Attack

Discussion in 'General Discussion' started by ehsan, Jan 27, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    every single day i have a long report of active attack to my server.
    like :

    Connect from host: 217.219.3.132/217.219.3.132 to TCP port: 2000
    attackalert: Host: 217.219.3.132 is already blocked. Ignoring
    attackalert: Connect from host: raq569.uk2net.com/213.239.56.150




    what are these ? and where can i found a description for tcp/ip ports like 2000 or 111

    Thank you guys,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 ehsan, Jan 27, 2002
  2. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Spain
    Maybe you\'ll find this useful:
    http://www.robertgraham.com/pubs/firewall-seen.html

    Says nothing about port 2000 though.

    See http://archives.neohapsis.com/archives/sf/ms/2001-q4/0181.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Juanra, Jan 27, 2002
  3. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    Thank you,
    great links.
    any body else has the same reports?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 ehsan, Jan 27, 2002
  4. Koi

    Koi Registered

    Joined:
    Jan 27, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    301
    http://www.snort.org/ports.html
     
    #4 Koi, Jan 27, 2002
  5. hedgehog

    hedgehog Well-Known Member

    Joined:
    Nov 3, 2001
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    316
    I get them daily, contacted my provider about it wand he said it was nothing about unless you have security holes on your system...
     
    #5 hedgehog, Jan 28, 2002
  6. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    We get these 1000 page emails also

    We get these 1000 page emails also :

    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 TRAIN YARD SOFTWARE, Feb 20, 2002
  7. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    also in this email

    also in this email how do we fix this?

    Feb 19 04:03:35 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:38 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?

    this is huge errors everyday
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 TRAIN YARD SOFTWARE, Feb 20, 2002
(You must log in or sign up to post here.)
Loading...
Similar Threads - Active Attack
  1. 3awh

    New Thread Users can go above their accounts in FTP with cagefs active

    3awh, May 18, 2019 at 8:12 AM, in forum: CloudLinux
    Replies:
    1
    Views:
    36
    dalem
    May 18, 2019 at 5:24 PM
  2. axelg

    Active and Passive files on web site?

    axelg, Apr 16, 2019, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    182
    cPanelMichael
    Apr 17, 2019
  3. jmginer

    Changing PHP version issue if PHP-FPM is active

    jmginer, Jan 27, 2019, in forum: EasyApache
    Replies:
    1
    Views:
    306
    cPanelLauren
    Jan 29, 2019
  4. benito

    Edit packages without modify active accounts

    benito, Jan 16, 2019, in forum: General Discussion
    Replies:
    1
    Views:
    217
    cPanelLauren
    Jan 18, 2019
  5. Rajesh Chauhan

    Auto Terminate Inactive Accounts

    Rajesh Chauhan, Dec 25, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    317
    cPanelMichael
    Jan 8, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice