Active system attach
- Thread starter hst
- Start date
tried graceful restart but its still not sending
I tried the graceful restart as you suggested but it's still not sending the alerts. I know the email address is right because I'm getting the other messages like cgi scripts installed but not the system attack messages. Im stumped
I tried the graceful restart as you suggested but it's still not sending the alerts. I know the email address is right because I'm getting the other messages like cgi scripts installed but not the system attack messages. Im stumped
[quote:47dd99347b][i:47dd99347b]Originally posted by hst[/i:47dd99347b]
I tried the graceful restart as you suggested but it's still not sending the alerts. I know the email address is right because I'm getting the other messages like cgi scripts installed but not the system attack messages. Im stumped[/quote:47dd99347b]
Because you haven't any active system attack, means there is no attack to your system
I tried the graceful restart as you suggested but it's still not sending the alerts. I know the email address is right because I'm getting the other messages like cgi scripts installed but not the system attack messages. Im stumped[/quote:47dd99347b]
Because you haven't any active system attack, means there is no attack to your system
[quote:d2cd445d59][i:d2cd445d59]Originally posted by hst[/i:d2cd445d59]
I was getting one meg files about attacks until the apache and cp upgrade and then they stopped. Other servers continue to get the messages.[/quote:d2cd445d59]
You are seriously under attack! We usually under attack, but when and exploit is known in server softwares then we are heavily under attack i.e. last know vulnerabilities in Apache 1.3.24
Did you update your Apache to 1.3.26? However there is another known exploit in bind which will be resolved in bind 9.2.2 or 9.3.0
What kinds of attack alerts did you receive?
I was getting one meg files about attacks until the apache and cp upgrade and then they stopped. Other servers continue to get the messages.[/quote:d2cd445d59]
You are seriously under attack! We usually under attack, but when and exploit is known in server softwares then we are heavily under attack i.e. last know vulnerabilities in Apache 1.3.24
Did you update your Apache to 1.3.26? However there is another known exploit in bind which will be resolved in bind 9.2.2 or 9.3.0
What kinds of attack alerts did you receive?
[quote:8f856fa3e2][i:8f856fa3e2]Originally posted by xnull[/i:8f856fa3e2]
Heh, that's nothing.. We were getting 2mb-20mb attack logs by email every day for about 8 months.. They stopped for a while and I'm getting them again every once in a while now (software error? or no attacks?) lol..[/quote:8f856fa3e2]
it seems that you are new to hackers I wrote it in this thread about what they want to do
http://forums.cpanel.net/read.php?TID=3523
RPC information located at Port 111 is a place to find out where services are running. Numerous vulnerabilities exist, along with exploits ready and waiting for services such as rpcbind and rpcmountd. Network File Service (NFS) has a known rpc-update exploit, the Network Information Service (NIS) update daemon rpc.ypupdated contains vulnerabilities in how it passes commands to certain function calls. This could allow a remote attacker to trick the service into executing arbitrary commands on the system with root privileges. Additionally, client server environments that use remote program calls and port 111 to register and make themselves available, are unfortunately also listing their availability to the less-than nice people who are trying to crack your system. For the unprotected systems that have portmapper running on port 111, a simple &rpcinfo& request is adequate for the potential exploiter to obtain a list of all services running.
Also bind 9.2.1 has vulnerability now that will be resolved in the next version 9.2.2 or 9.30
There are some of these exploits that hackers try to get into your system
Heh, that's nothing.. We were getting 2mb-20mb attack logs by email every day for about 8 months.. They stopped for a while and I'm getting them again every once in a while now (software error? or no attacks?) lol..[/quote:8f856fa3e2]
it seems that you are new to hackers I wrote it in this thread about what they want to do
http://forums.cpanel.net/read.php?TID=3523
RPC information located at Port 111 is a place to find out where services are running. Numerous vulnerabilities exist, along with exploits ready and waiting for services such as rpcbind and rpcmountd. Network File Service (NFS) has a known rpc-update exploit, the Network Information Service (NIS) update daemon rpc.ypupdated contains vulnerabilities in how it passes commands to certain function calls. This could allow a remote attacker to trick the service into executing arbitrary commands on the system with root privileges. Additionally, client server environments that use remote program calls and port 111 to register and make themselves available, are unfortunately also listing their availability to the less-than nice people who are trying to crack your system. For the unprotected systems that have portmapper running on port 111, a simple &rpcinfo& request is adequate for the potential exploiter to obtain a list of all services running.
Also bind 9.2.1 has vulnerability now that will be resolved in the next version 9.2.2 or 9.30
There are some of these exploits that hackers try to get into your system
sorry to bring this thread from the dead, but it seems no one really answered why the monitoring stopped, likewise on our systems, it seems the emails stopped over time, nothing has really changed over the months instead of the usual cpanel updates etc...
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| T | cpHulk security warning on deactived sshd service. | Security | 2 | |
|
In Progress CPANEL-40545 - No brute force protection detected while Imunify360 active | Security | 5 | |
|
firewalld.service = Active: inactive | Security | 13 | |
| T | active system attack | Security | 1 | |
| M | ACTIVE system attack...how? | Security | 1 |