The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

active system attack

Discussion in 'General Discussion' started by totalufo, Jul 19, 2002.

  1. totalufo

    totalufo Well-Known Member

    Joined:
    Jan 17, 2002
    Messages:
    160
    Likes Received:
    0
    Trophy Points:
    16
    I get these every day but this one seems a little differnet. CAn somone explain to me what this means and if I have anything to worry about? Thanks!

    Active System Attack Alerts
    =-=-=-=-=-=-=-=-=-=-=-=-=-=
    Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: loaded serial 1027031784
    Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: sending notifies (serial 1027031784)
    Jul 18 20:29:01 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:29 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:29 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
    Jul 18 20:29:50 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:50 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
    Jul 18 18:35:20 one Cp-Wrap[20467]: Pushing &32033 ADD voyeurattack b1a2t3m4 & to '/usr/local/cpanel/bin/ftpadmin' for UID: 32033
    Jul 18 18:35:20 one Cp-Wrap[20481]: Pushing &32033 ADD voyeurattack& to '/usr/local/cpanel/bin/domainadmin' for UID: 32033
    Jul 18 18:35:21 one Cp-Wrap[20491]: Pushing &32033 ADD voyeurattack.com voyeurattack.drakecaviar.com& to '/usr/local/cpanel/bin/parkadmin' for UID: 32033
    Jul 18 18:40:24 one Cp-Wrap[20964]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
    Jul 18 18:40:25 one Cp-Wrap[20970]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
    Jul 18 18:48:21 one Cp-Wrap[21365]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
    Jul 18 18:48:21 one Cp-Wrap[21369]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033

    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: loaded serial 1027031784
    Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: sending notifies (serial 1027031784)
    Jul 18 20:29:01 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:29 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:29 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
    Jul 18 20:29:50 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
    Jul 18 20:29:50 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
    Jul 18 18:35:20 one Cp-Wrap[20467]: Pushing &32033 ADD voyeurattack b1a2t3m4 & to '/usr/local/cpanel/bin/ftpadmin' for UID: 32033
    Jul 18 18:35:20 one Cp-Wrap[20481]: Pushing &32033 ADD voyeurattack& to '/usr/local/cpanel/bin/domainadmin' for UID: 32033
    Jul 18 18:35:21 one Cp-Wrap[20491]: Pushing &32033 ADD voyeurattack.com voyeurattack.drakecaviar.com& to '/usr/local/cpanel/bin/parkadmin' for UID: 32033
    Jul 18 18:40:24 one Cp-Wrap[20964]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
    Jul 18 18:40:25 one Cp-Wrap[20970]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
    Jul 18 18:48:21 one Cp-Wrap[21365]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    I wrote about the answer in this thread

    http://forums.cpanel.net/read.php?TID=3523
     
Loading...

Share This Page