The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help me !

Discussion in 'General Discussion' started by hkewell, Jun 25, 2002.

  1. hkewell

    hkewell Well-Known Member

    Joined:
    May 17, 2002
    Messages:
    170
    Likes Received:
    0
    Trophy Points:
    0
    what is this ?? i can do what ??

    Active System Attack Alerts
    =-=-=-=-=-=-=-=-=-=-=-=-=-=
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Connect from host: 202.99.192.118/202.99.192.118 to TCP port: 111
    Jun 24 18:54:40 earth portsentry[1402]: attackalert: Host: 202.99.192.118 is already blocked. Ignoring
     
  2. masood

    masood Well-Known Member

    Joined:
    Jun 14, 2002
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    [quote:bbc00b3520][i:bbc00b3520]Originally posted by hkewell[/i:bbc00b3520]
    Host: 202.99.192.118 is already blocked. Ignoring
    [/quote:bbc00b3520]

    Its already blocked. So do not worry :)
     
  3. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    We have lots of attacks on all of our servers each day until you see Host: 202.99.192.118 is already blocked. Ignoring
    There is no problem also use WHM -& security -& Quick Security Scan you should get failed for assurance; but if you want to know what they are seeking for read this:

    RPC information located at Port 111 is a place to find out where services are running. Numerous vulnerabilities exist, along with exploits ready and waiting for services such as rpcbind and rpcmountd. Network File Service (NFS) has a known rpc-update exploit, the Network Information Service (NIS) update daemon rpc.ypupdated contains vulnerabilities in how it passes commands to certain function calls. This could allow a remote attacker to trick the service into executing arbitrary commands on the system with root privileges. Additionally, client server environments that use remote program calls and port 111 to register and make themselves available, are unfortunately also listing their availability to the less-than nice people who are trying to crack your system. For the unprotected systems that have portmapper running on port 111, a simple &rpcinfo& request is adequate for the potential exploiter to obtain a list of all services running.
     
Loading...

Share This Page