Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Active Attack

Discussion in 'General Discussion' started by ehsan, Jan 27, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    every single day i have a long report of active attack to my server.
    like :

    Connect from host: 217.219.3.132/217.219.3.132 to TCP port: 2000
    attackalert: Host: 217.219.3.132 is already blocked. Ignoring
    attackalert: Connect from host: raq569.uk2net.com/213.239.56.150




    what are these ? and where can i found a description for tcp/ip ports like 2000 or 111

    Thank you guys,
     
    #1 ehsan, Jan 27, 2002
  2. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Spain
    Maybe you\'ll find this useful:
    http://www.robertgraham.com/pubs/firewall-seen.html

    Says nothing about port 2000 though.

    See http://archives.neohapsis.com/archives/sf/ms/2001-q4/0181.html
     
    #2 Juanra, Jan 27, 2002
  3. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    Thank you,
    great links.
    any body else has the same reports?
     
    #3 ehsan, Jan 27, 2002
  4. Koi

    Koi Registered

    Joined:
    Jan 27, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    301
    http://www.snort.org/ports.html
     
    #4 Koi, Jan 27, 2002
  5. hedgehog

    hedgehog Well-Known Member

    Joined:
    Nov 3, 2001
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    316
    I get them daily, contacted my provider about it wand he said it was nothing about unless you have security holes on your system...
     
    #5 hedgehog, Jan 28, 2002
  6. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    We get these 1000 page emails also

    We get these 1000 page emails also :

    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
     
    #6 TRAIN YARD SOFTWARE, Feb 20, 2002
  7. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    also in this email

    also in this email how do we fix this?

    Feb 19 04:03:35 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:38 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?

    this is huge errors everyday
     
    #7 TRAIN YARD SOFTWARE, Feb 20, 2002
(You must log in or sign up to post here.)
Loading...
Similar Threads - Active Attack
  1. electric

    Possible for end-user to see all their active mysql processes?

    electric, Sep 12, 2017, in forum: Database Discussions
    Replies:
    5
    Views:
    151
    cPanelMichael
    Sep 13, 2017
  2. jlord87

    Setup DNS for Microsoft Active Directory

    jlord87, Jul 21, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    163
    24x7server
    Jul 23, 2017
  3. Soporte Sysout

    Sync mailbox passwords with windows active directory

    Soporte Sysout, Jun 29, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    196
    cPanelMichael
    Jun 29, 2017
  4. DennisMidjord

    We're shutting down nameservers - what about active domains?

    DennisMidjord, Jun 22, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    4
    Views:
    216
    cPanelMichael
    Jun 22, 2017
  5. e0xbr

    Unresponsive PHP-FPM & chkservd active

    e0xbr, May 12, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    244
    cPanelMichael
    May 12, 2017

Share This Page