totalufo

Well-Known Member
Jan 17, 2002
160
0
316
I get these every day but this one seems a little differnet. CAn somone explain to me what this means and if I have anything to worry about? Thanks!

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: loaded serial 1027031784
Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: sending notifies (serial 1027031784)
Jul 18 20:29:01 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:29 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:29 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
Jul 18 20:29:50 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:50 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
Jul 18 18:35:20 one Cp-Wrap[20467]: Pushing &32033 ADD voyeurattack b1a2t3m4 & to '/usr/local/cpanel/bin/ftpadmin' for UID: 32033
Jul 18 18:35:20 one Cp-Wrap[20481]: Pushing &32033 ADD voyeurattack& to '/usr/local/cpanel/bin/domainadmin' for UID: 32033
Jul 18 18:35:21 one Cp-Wrap[20491]: Pushing &32033 ADD voyeurattack.com voyeurattack.drakecaviar.com& to '/usr/local/cpanel/bin/parkadmin' for UID: 32033
Jul 18 18:40:24 one Cp-Wrap[20964]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
Jul 18 18:40:25 one Cp-Wrap[20970]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
Jul 18 18:48:21 one Cp-Wrap[21365]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
Jul 18 18:48:21 one Cp-Wrap[21369]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033

Security Violations
=-=-=-=-=-=-=-=-=-=
Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: loaded serial 1027031784
Jul 18 18:36:24 one named[4742]: zone voyeurattack.com/IN: sending notifies (serial 1027031784)
Jul 18 20:29:01 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:29 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:29 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
Jul 18 20:29:50 one portsentry[1403]: attackalert: Connect from host: 218.63.121.2/218.63.121.2 to TCP port: 111
Jul 18 20:29:50 one portsentry[1403]: attackalert: Host: 218.63.121.2 is already blocked. Ignoring
Jul 18 18:35:20 one Cp-Wrap[20467]: Pushing &32033 ADD voyeurattack b1a2t3m4 & to '/usr/local/cpanel/bin/ftpadmin' for UID: 32033
Jul 18 18:35:20 one Cp-Wrap[20481]: Pushing &32033 ADD voyeurattack& to '/usr/local/cpanel/bin/domainadmin' for UID: 32033
Jul 18 18:35:21 one Cp-Wrap[20491]: Pushing &32033 ADD voyeurattack.com voyeurattack.drakecaviar.com& to '/usr/local/cpanel/bin/parkadmin' for UID: 32033
Jul 18 18:40:24 one Cp-Wrap[20964]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
Jul 18 18:40:25 one Cp-Wrap[20970]: Pushing &32033 LIST voyeurattack.drakecaviar.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
Jul 18 18:48:21 one Cp-Wrap[21365]: Pushing &32033 LIST voyeurattack.com 0& to '/usr/local/cpanel/bin/mxadmin' for UID: 32033
 

itf

Well-Known Member
May 9, 2002
624
0
316
I wrote about the answer in this thread

http://forums.cpanel.net/read.php?TID=3523