The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attack, help me please.

Discussion in 'General Discussion' started by brave, Apr 1, 2005.

  1. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    170.224.224.* he doing attack to my server (205.209.178.160).
    i setuped apf but attack continious. What i must do, i dont know. Help me please.

    Server Load 32.04 (1 cpu)

    tcp 0 0 205.209.178.160:80 170.224.224.155:55414 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.87:48581 CLOSE_WAIT
    tcp 546 0 205.209.178.160:80 170.224.224.85:56902 CLOSE_WAIT
    tcp 574 0 205.209.178.160:80 170.224.224.152:37812 CLOSE_WAIT
    tcp 555 0 205.209.178.160:80 170.224.224.91:37576 CLOSE_WAIT
    tcp 553 0 205.209.178.160:80 170.224.224.123:59766 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.151:43493 CLOSE_WAIT
    tcp 603 0 205.209.178.160:80 170.224.224.150:50404 CLOSE_WAIT
    tcp 559 0 205.209.178.160:80 170.224.224.87:51738 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.149:56423 CLOSE_WAIT
    tcp 1 13140 205.209.178.160:80 170.224.224.119:47673 CLOSE_WAIT
    tcp 573 0 205.209.178.160:80 170.224.224.123:59765 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.152:57897 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.117:35835 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.118:45881 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.154:57258 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.149:56421 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.119:49279 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.152:57647 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.149:56418 CLOSE_WAIT
    tcp 559 0 205.209.178.160:80 170.224.224.91:37394 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.87:49694 CLOSE_WAIT
    tcp 566 0 205.209.178.160:80 170.224.224.152:38446 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.152:57966 CLOSE_WAIT
    tcp 555 0 205.209.178.160:80 170.224.224.149:34976 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.119:50429 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.86:48092 CLOSE_WAIT
    tcp 607 0 205.209.178.160:80 170.224.224.151:51554 ESTABLISHED
    tcp 567 0 205.209.178.160:80 170.224.224.149:34977 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.85:53982 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.119:49779 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.88:51036 CLOSE_WAIT
    tcp 557 0 205.209.178.160:80 170.224.224.85:56849 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.87:51475 CLOSE_WAIT
    tcp 531 0 205.209.178.160:80 170.224.224.149:34926 ESTABLISHED
    tcp 572 0 205.209.178.160:80 170.224.224.119:56819 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.87:48083 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.117:37105 CLOSE_WAIT
     
  2. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    If you have APF you could do this:

    From root session : pico /etc/apf/deny*

    put the ips you want to block at the bottom of the page

    save the file

    Restart APF : apf -r
     
  3. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    i block this ip but attack yet continious
     
  4. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    Did you Restart APF : apf -r
     
  5. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    -bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    -bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    -bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    -bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    ^[[A-bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    ^[[A
    -bash-2.05b# apf -r
    Development mode enabled!; firewall will flush every 5 minutes.
    -bash-2.05b# apf -r

    some some some server load 30
    offf i very bored
     
  6. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    Note 9 is important

    ------------------------------------------
    What is APF (Advanced Policy Firewall)?
    APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

    This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.

    Requirements:
    - Root SSH access to your server

    Lets begin!
    Login to your server through SSH and su to the root user.

    1. cd /root/downloads or another temporary folder where you store your files.

    2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

    3. tar -xvzf apf-current.tar.gz

    4. cd apf-0.9.3_3/ or whatever the latest version is.

    5. Run the install file: ./install.sh
    You will receive a message saying it has been installed

    .: APF installed
    Install path: /etc/apf
    Config path: /etc/apf/conf.apf
    Executable path: /usr/local/sbin/apf

    6. Lets configure the firewall: pico /etc/apf/conf.apf
    We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

    We like to use DShield.org's "block" list of top networks that have exhibited
    suspicious activity.
    FIND: USE_DS="0"
    CHANGE TO: USE_DS="1"

    7. Configuring Firewall Ports:

    Cpanel Servers
    We like to use the following on our Cpanel Servers

    Common ingress (inbound) ports
    # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500"
    #
    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53"

    Common egress (outbound) ports
    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,80,443,43,2089"
    #
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53"

    Save the changes: Ctrl+X then Y

    8. Starting the firewall
    /usr/local/sbin/apf -s

    9. After everything is fine, change the DEV option
    Stop the firewall from automatically clearing itself every 5 minutes from cron.
    We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.

    pico /etc/apf/conf.apf

    FIND: DEVM="1"
    CHANGE TO: DEVM="0"

    Save your changes! Ctrl+X then press Y
    Restart the firewall: /usr/local/sbin/apf -r
     
  7. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    You could also install BFD, works very well.
    --------------------------
    Install BFD (Brute Force Detection)

    To install BFD, SSH into server and login as root.

    At command prompt type: cd /root/

    At command prompt type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

    At command prompt type: tar -xvzf bfd-current.tar.gz

    At command prompt type: cd bfd-0.4

    At command prompt type: ./install.sh


    After BFD has been installed, you need to edit the configuration file.

    At command prompt type: pico /usr/local/bfd/conf.bfd


    Under Enable brute force hack attempt alerts:

    Find

    ALERT_USR="0"

    and change it to

    ALERT_USR="1"


    Find

    EMAIL_USR="root"

    and change it to

    EMAIL_USR="your@email.com"


    Save the changes then exit.


    To start BFD

    At command prompt type: /usr/local/sbin/bfd -s
    ---------------------------------------------------------------
    in the future anytime you install apf / bfd you should type

    apf -a YOURIP

    ------------------------------------------------------------------
    BFD 0.6 [bfd@r-fx.org]

    Copyright (C) 1999-2004, R-fx Networks <proj@r-fx.org>
    Copyright (C) 2004, Ryan MacDonald <ryan@r-fx.org>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA


    1) Introduction:
    BFD is a modular shell script for parsing applicable logs and checking for
    authentication failures. There is not much complexity or detail to BFD yet and
    likewise it is very straight-forward in its installation, configuration and
    usage. The reason behind BFD is very simple; the fact there is little to no
    authentication and brute force auditing programs in the linux community that
    work in conjunction with a firewall or real-time facility to place bans.
    2) Installation:
    There is an included 'install.sh' script that installs all files to
    '/usr/local/bfd/' and places a 8-minute cronjob in '/etc/cron.d/bfd'. The setup
    is really as simple as that.

    3) Configuration:
    The configuration file for BFD is located at '/usr/local/bfd/conf.bfd'; it is
    very straight forward and the comments in themself explain what each option
    is for. Of the options, you should idealy configure the ALERT_USR toggle to
    enable or disable user email alerts and likewise in conjunction configure the
    EMAIL_USR var with your email addresses you would like to receive alerts at.

    An ignore file is present at '/usr/local/bfd/ignore.hosts'; this is a line
    seperated file to place hosts into that you would like to be ignored for
    authentication failures. An internal function will attempt to fetch all
    local ip's bound on the installed system and there-in internally ignore
    events appearing to be from such addresses.

    ----------------------------------------------------------------
     
  8. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    i make this now but not work. have you msn? help me please.
     
  9. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    -bash-2.05b# ./install.sh
    Installing APF 0.9.5-1: Completed.

    Installation Details:
    Install path: /etc/apf/
    Config path: /etc/apf/conf.apf
    Executable path: /usr/local/sbin/apf
    AntiDos install path: /etc/apf/ad/
    AntiDos config path: /etc/apf/ad/conf.antidos
    DShield Client Parser: /etc/apf/extras/dshield/

    Other Details:
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory
    Imported options from 0.9.5-1 to 0.9.5-1.
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig
     
  10. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    Just follow the instructions don't worry about (Other Details:
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory)
     
  11. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
  12. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    While you are fiddling around with APF and BFD (which are great) you can block the ip like this :

    iptables -A INPUT -p tcp -s 170.224.224 -j DROP
     
  13. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    gorilla i try iptables -A INPUT -p tcp -s 170.224.224 -j DROP bu
    again to continue

    0 0 205.209.178.160:80 81.214.150.52:50639 ESTABLISHED
    tcp 896 0 205.209.178.160:80 170.224.224.153:37213 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.153:35613 CLOSE_WAIT
    tcp 891 0 205.209.178.160:80 170.224.224.156:49111 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.124:50184 CLOSE_WAIT
    tcp 858 0 205.209.178.160:80 170.224.224.92:52520 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.122:45646 CLOSE_WAIT
    tcp 916 0 205.209.178.160:80 170.224.224.156:49367 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.88:53228 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.88:53484 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45774 CLOSE_WAIT
    tcp 916 0 205.209.178.160:80 170.224.224.156:49366 ESTABLISHED
    tcp 876 0 205.209.178.160:80 170.224.224.156:48982 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.121:33420 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48406 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.89:40303 CLOSE_WAIT
    tcp 681 0 205.209.178.160:80 81.215.170.241:10181 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.121:33423 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:51690 CLOSE_WAIT
    tcp 879 0 205.209.178.160:80 170.224.224.156:49173 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.88:53166 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45772 CLOSE_WAIT
    tcp 871 0 205.209.178.160:80 170.224.224.153:36817 CLOSE_WAIT
    tcp 650 0 205.209.178.160:80 81.215.170.241:10180 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.122:45645 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 85.100.0.182:13978 TIME_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.121:33422 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:51691 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45197 CLOSE_WAIT
    tcp 879 0 205.209.178.160:80 170.224.224.156:49172 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45773 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.150:49246 FIN_WAIT1
    tcp 686 0 205.209.178.160:80 81.215.170.241:10179 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.86:49894 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:35926 CLOSE_WAIT
    tcp 684 0 205.209.178.160:80 81.215.170.241:10178 ESTABLISHED
    tcp 891 0 205.209.178.160:80 170.224.224.92:52397 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.88:53161 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45771 CLOSE_WAIT
    tcp 684 0 205.209.178.160:80 81.215.170.241:10177 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.86:50213 CLOSE_WAIT
    tcp 683 0 205.209.178.160:80 81.215.170.241:10176 ESTABLISHED
    tcp 895 0 205.209.178.160:80 170.224.224.122:46473 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.88:53163 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:51631 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.90:47593 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.87:49979 FIN_WAIT1
    tcp 0 0 205.209.178.160:80 170.224.224.122:45654 CLOSE_WAIT
    tcp 875 0 205.209.178.160:80 170.224.224.153:36874 ESTABLISHED
    tcp 878 0 205.209.178.160:80 170.224.224.153:36555 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.85:47352 FIN_WAIT1
    tcp 0 0 205.209.178.160:80 170.224.224.120:49109 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.90:47668 CLOSE_WAIT
    tcp 880 0 205.209.178.160:80 170.224.224.122:46356 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.88:53302 CLOSE_WAIT
    tcp 938 0 205.209.178.160:80 170.224.224.153:36168 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.120:49110 CLOSE_WAIT
    tcp 868 0 205.209.178.160:80 170.224.224.92:52339 CLOSE_WAIT
    tcp 872 0 205.209.178.160:80 170.224.224.153:36553 CLOSE_WAIT
    tcp 866 0 205.209.178.160:80 170.224.224.122:45909 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 81.213.97.95:1860 ESTABLISHED
    tcp 886 0 205.209.178.160:80 170.224.224.153:36873 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.156:47819 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:52212 CLOSE_WAIT
    tcp 857 0 205.209.178.160:80 170.224.224.121:33425 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48459 CLOSE_WAIT
    tcp 916 0 205.209.178.160:80 170.224.224.121:33681 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:35662 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48074 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.90:47667 CLOSE_WAIT
    tcp 917 0 205.209.178.160:80 170.224.224.153:36815 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:52213 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:51957 CLOSE_WAIT
    tcp 879 0 205.209.178.160:80 170.224.224.156:49162 CLOSE_WAIT
    tcp 885 0 205.209.178.160:80 170.224.224.122:45779 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:51830 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48073 CLOSE_WAIT
    tcp 889 0 205.209.178.160:80 170.224.224.124:50198 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:52214 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:35660 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.122:45776 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.88:53107 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.121:32786 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:52215 CLOSE_WAIT
    tcp 917 0 205.209.178.160:80 170.224.224.121:33682 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:35661 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48392 CLOSE_WAIT
    tcp 918 0 205.209.178.160:80 170.224.224.153:36877 ESTABLISHED
    tcp 0 13140 205.209.178.160:80 170.224.224.88:52860 CLOSE_WAIT
    tcp 879 0 205.209.178.160:80 170.224.224.88:53820 CLOSE_WAIT
    tcp 886 0 205.209.178.160:80 170.224.224.156:49031 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48519 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.86:50418 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.86:50227 CLOSE_WAIT
    tcp 877 0 205.209.178.160:80 170.224.224.122:45919 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.86:50611 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:35587 CLOSE_WAIT
    tcp 887 0 205.209.178.160:80 170.224.224.120:49117 CLOSE_WAIT
    tcp 868 0 205.209.178.160:80 170.224.224.86:50800 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.87:49649 LAST_ACK
    tcp 0 1 205.209.178.160:80 170.224.224.87:49968 FIN_WAIT1
    tcp 0 0 205.209.178.160:80 170.224.224.90:47549 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.92:52028 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.90:48058 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48387 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:36102 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:47810 CLOSE_WAIT
    tcp 0 13140 205.209.178.160:80 170.224.224.88:53113 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.89:40312 CLOSE_WAIT
    tcp 874 0 205.209.178.160:80 170.224.224.124:50653 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.156:48706 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.90:48059 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.117:44180 FIN_WAIT1
    tcp 887 0 205.209.178.160:80 170.224.224.88:53689 CLOSE_WAIT
    tcp 886 0 205.209.178.160:80 170.224.224.124:50333 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.153:36103 CLOSE_WAIT
    tcp 904 0 205.209.178.160:80 81.214.151.143:10195 CLOSE_WAIT
    tcp 0 1 205.209.178.160:80 170.224.224.150:49163 FIN_WAIT1
    tcp 0 0 205.209.178.160:80 170.224.224.89:40187 CLOSE_WAIT
    tcp 0 0 205.209.178.160:80 170.224.224.156:48129 CLOSE_WAIT
    tcp 865 0 205.209.178.160:80 170.224.224.124:50655 ESTABLISHED
    tcp 0 0 205.209.178.160:80 170.224.224.86:50613 CLOSE_WAIT
    tcp 873 0 205.209.178.160:80 170.224.224.120:49563 ESTABLISHED
     
  14. brave

    brave Member

    Joined:
    Jan 13, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    gorilla what is your msn?
    i will give you my root pass.
    you do please... i am very helpless.
     
  15. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    you better go and employ a good system admin , have a look around the forum , there are some great ones around !
    and follow cbwass simple step by step guidline
    and if you have the patience add the different attacking IPs in the comand line i posted before!
    Just remeber, all the forum members are happy to give you guidance and point you in the right direction , but you will have to do the work yourself or pay somebody to do this for you

    and here is another post http://forums.cpanel.net/showthread.php?t=30159&highlight=securing+server
     
    #15 gorilla, Apr 1, 2005
    Last edited: Apr 1, 2005
Loading...

Share This Page