The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Connections attempts to port 808, shoul I be wary?

Discussion in 'General Discussion' started by Kent Brockman, Feb 8, 2009.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    From december till now, we noticed an increasingly tendence to make login attempts to port 808. I have cpanel 11.24 + CSF and it is detecting it as an attempt from omirr service ( Online Mirror (Omirr) file mirroring services, as stated at http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/ch-ports.html ).

    The connections attempts arrive from different IP's around the world, but there is one of them coming from the website at 213.171.255.4 (ES/Spain/prossns04.pross.com) that is attempting a login over that port every 5-6 days since last November.

    May be that that web site is compromised with some kind of malware? I found association of this port with the trojan WinHole ( source: https://www.ictsc.com/IP_Port808.htm )

    Port 808 is not a commonly used port, and I have all the non-standard ports closed. Although, should I still be wary of this?
     
Loading...

Share This Page