Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Active Attack

Discussion in 'General Discussion' started by ehsan, Jan 27, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    every single day i have a long report of active attack to my server.
    like :

    Connect from host: 217.219.3.132/217.219.3.132 to TCP port: 2000
    attackalert: Host: 217.219.3.132 is already blocked. Ignoring
    attackalert: Connect from host: raq569.uk2net.com/213.239.56.150




    what are these ? and where can i found a description for tcp/ip ports like 2000 or 111

    Thank you guys,
     
    #1 ehsan, Jan 27, 2002
  2. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Spain
    Maybe you\'ll find this useful:
    http://www.robertgraham.com/pubs/firewall-seen.html

    Says nothing about port 2000 though.

    See http://archives.neohapsis.com/archives/sf/ms/2001-q4/0181.html
     
    #2 Juanra, Jan 27, 2002
  3. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    Thank you,
    great links.
    any body else has the same reports?
     
    #3 ehsan, Jan 27, 2002
  4. Koi

    Koi Registered

    Joined:
    Jan 27, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    301
    http://www.snort.org/ports.html
     
    #4 Koi, Jan 27, 2002
  5. hedgehog

    hedgehog Well-Known Member

    Joined:
    Nov 3, 2001
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    316
    I get them daily, contacted my provider about it wand he said it was nothing about unless you have security holes on your system...
     
    #5 hedgehog, Jan 28, 2002
  6. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    We get these 1000 page emails also

    We get these 1000 page emails also :

    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
     
    #6 TRAIN YARD SOFTWARE, Feb 20, 2002
  7. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    also in this email

    also in this email how do we fix this?

    Feb 19 04:03:35 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:38 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?

    this is huge errors everyday
     
    #7 TRAIN YARD SOFTWARE, Feb 20, 2002
(You must log in or sign up to post here.)
Loading...
Similar Threads - Active Attack
  1. Elizabeta

    SOLVED Main domain is inactive domain?

    Elizabeta, Apr 13, 2018, in forum: Bind / DNS / Nameserver Issues
    Replies:
    15
    Views:
    153
    cPanelMichael
    Apr 20, 2018
  2. USA_Webmaster

    SOLVED AIM is no longer an active service

    USA_Webmaster, Mar 1, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    70
    cPanelKenneth
    Mar 1, 2018
  3. grabyourhosting

    SOLVED The store local backup option is disabled and no active transports exist

    grabyourhosting, Feb 18, 2018, in forum: Data Protection
    Replies:
    5
    Views:
    209
    grabyourhosting
    Feb 21, 2018
  4. anderson.deda

    Inactive e-mails

    anderson.deda, Dec 8, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    116
    cPanelMichael
    Dec 8, 2017
  5. Rajesh Chauhan

    Detect inactive accounts in WHM or any Plugin

    Rajesh Chauhan, Dec 2, 2017, in forum: Security
    Replies:
    3
    Views:
    167
    cPanelMichael
    Dec 4, 2017

Share This Page